zoukankan      html  css  js  c++  java
  • 第六周作业

    1、在 CentOS7 中使用 gpg 创建 RSA 非对称密钥对

    [root@centos7 .gnupg]#gpg --gen-key
    [root@centos7 .gnupg]#gpg --list-keys
    /root/.gnupg/pubring.gpg
    ------------------------
    pub   1024R/F43101B8 2020-09-06
    uid                  centos7
    sub   1024R/9187C94B 2020-09-06
    

    2、将 CentOS7 导出的公钥,拷贝到 CentOS8 中,在 CentOS8 中使用 CentOS7 的公钥加密一个文件

    [root@centos7 .gnupg]#gpg -a --export -o centos7.pubkey
    [root@centos7 .gnupg]#scp centos7.pubkey 10.0.0.135:/data
    [root@CentOS8-1 data]#gpg --import centos7.pubkey 
    gpg: key 8674AE99F43101B8: public key "centos7" imported
    gpg: Total number processed: 1
    gpg:               imported: 1
    [root@CentOS8-1 data]#gpg --list-keys
    /root/.gnupg/pubring.kbx
    ------------------------
    pub   rsa1024 2020-09-06 [SC]
          C75AE3C533D760307B1CCC178674AE99F43101B8
    uid           [ unknown] centos7
    sub   rsa1024 2020-09-06 [E]
    [root@CentOS8-1 data]#gpg -e -r centos7 blog.txt
    
    

    3、回到 CentOS7 服务器,远程拷贝 file.txt.gpg 文件到本地,使用 CentOS7的私钥解密文件

    [root@CentOS8-1 data]#scp blog.txt.gpg 10.0.0.132:/data 
    [root@centos7 data]#gpg -d blog.txt.gpg 
    
    You need a passphrase to unlock the secret key for
    user: "centos7"
    1024-bit RSA key, ID 9187C94B, created 2020-09-06 (main key ID F43101B8)
    
    gpg: encrypted with 1024-bit RSA key, ID 9187C94B, created 2020-09-06
          "centos7"
    123456
    

    4、在 CentOS7 中使用 openssl 软件创建 CA

    [root@centos7 ~]#cd /etc/pki/CA
    [root@centos7 CA]#ls
    certs  crl  newcerts  private
    [root@centos7 CA]#cat /etc/pki/tls/openssl.cnf
    [root@centos7 CA]#(umask 066; openssl genrsa -out private/cakey.pem 1024)
    [root@centos7 CA]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem
    [root@centos7 CA]#openssl x509 -in cacerts.pem -noout -text
    

    5、 在 CentOS7 中使用 openssl 软件创建一个证书申请请求文件,并使用上面的跟证书对其进行签署

    [root@centos7 ~]#mkdir /data/certs
    [root@centos7 ~]#cd /data/certs
    [root@centos7 certs]#(umask 066; openssl genrsa -out app.key 1024)
    [root@centos7 certs]#openssl req -new -key app.key -out app.csr
    [root@centos7 certs]#cd /etc/pki/CA
    [root@centos7 CA]#touch index.txt
    [root@centos7 CA]#echo 0F > serial
    [root@centos7 CA]#openssl ca -in /data/certs/app.csr -out /etc/pki/CA/certs/app.crt -days 200
    [root@centos7 CA]#tree
    .
    ├── cacert.pem
    ├── certs
    │   └── app.crt
    ├── crl
    ├── index.txt
    ├── index.txt.attr
    ├── index.txt.old
    ├── newcerts
    │   └── 0F.pem
    ├── private
    │   └── cakey.pem
    ├── serial
    └── serial.old
    
    4 directories, 9 files
    [root@centos7 CA]#sz certs/app.crt 
    

    6、吊销已经签署成功的证书

    [root@centos7 CA]#openssl ca -revoke /etc/pki/CA/newcerts/0F.pem 
    Using configuration from /etc/pki/tls/openssl.cnf
    Revoking Certificate 0F.
    Data Base Updated
    [root@centos7 CA]#openssl ca -status 0F
    Using configuration from /etc/pki/tls/openssl.cnf
    0F=Revoked (R)
    [root@centos7 CA]#echo 01 > /etc/pki/CA/crlnumber
    [root@centos7 CA]#openssl ca -gencrl -out /etc/pki/CA/crl.pem
    Using configuration from /etc/pki/tls/openssl.cnf
    [root@centos7 CA]#tree
    .
    ├── cacert.pem
    ├── certs
    │   └── app.crt
    ├── crl
    ├── crlnumber
    ├── crlnumber.old
    ├── crl.pem
    ├── index.txt
    ├── index.txt.attr
    ├── index.txt.attr.old
    ├── index.txt.old
    ├── newcerts
    │   └── 0F.pem
    ├── private
    │   └── cakey.pem
    ├── serial
    └── serial.old
    
    4 directories, 13 files
    [root@centos7 CA]#openssl crl -in /etc/pki/CA/crl.pem -noout -text
    
    
  • 相关阅读:
    Linux 安装中文man手册
    centos6.9使用NTFS-3G挂载ntfs文件系统
    Linux基础知识之挂载详解(mount,umount及开机自动挂载)
    技术点总结
    SQL 分组后获取其中一个字段最大值的整条记录 【转载】
    线程池之ThreadPool类与辅助线程
    Task.Run使用默认线程池
    VS生成事件
    线程池之ThreadPoolExecutor使用
    Sql笔记
  • 原文地址:https://www.cnblogs.com/LittleRabbit220/p/13621737.html
Copyright © 2011-2022 走看看