gpg 파일 암호화 하기

# gpg –gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: directory `/root/.gnupg’ created
gpg: new configuration file `/root/.gnupg/gpg.conf’ created
gpg: WARNING: options in `/root/.gnupg/gpg.conf’ are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg’ created
gpg: keyring `/root/.gnupg/pubring.gpg’ created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? (엔터-기본값 사용한다는 의미=1번)
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) (엔터-기본값 사용=2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid. (키의 유효기간 설정)
         0 = key does not expire   (무한사용)
      <n>  = key expires in n days  (오늘만사용)
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) (엔터-기본값)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”

Real name: (키값의 사용자 또는 키값의 주인 지정)
Email address: root@server2.co.kr
Comment: server2 (안써도 상관없다)
You selected this USER-ID:
    “server2 (server2) <root@server2.co.kr>”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

Enter passphrase: flsnrtm (비밀키의 암호입력)
Repeat passphrase: flsnrtm (재확인)

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++.+++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++>++++++++++……+++++

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 57 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++…+++++.++++++++++.++++++++++..++++++++++.+++++++++++++++.++++++++++……+++++++++++++++.++++++++++.+++++++++++++++++++++++++.++++++++++++++++++++….++++++++++>++++++++++>+++++………….>.+++++…<+++++………………….+++++^^^
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key AD0EEFAE marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/AD0EEFAE 2009-02-05
      Key fingerprint = A092 0537 FBEE 87A8 1900  965B BF01 23A9 AD0E EFAE
uid                  server2 (server2) <root@server2.co.kr>
sub   2048g/EE5BF6F2 2009-02-05

# cd /root/.gnupg (디렉토리 이동)
# ls
gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg

# gpg –list-keys   (퍼블릭키가 보인다)
/root/.gnupg/pubring.gpg
————————
pub   1024D/AD0EEFAE 2009-02-05
uid                  server2 (server2) <root@server2.co.kr>
sub   2048g/EE5BF6F2 2009-02-05

공개키 생성하자
# gpg –output server2.gpg –export server2   (server2.gpg : 생성할 파일이름 = 공개키)
# ls
gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  server2.gpg  trustdb.gpg

[10.10.33.2] 공개키 파일을 101번에게 전송
# scp server2.gpg 10.10.33.101:/root/.gnupg/

[10.10.33.101] 2번에서 받은 공개키 파일을 등록하자 (공유키등록)
# gpg –import server2.gpg
# gpg –list-keys (등록확인)

파일을 하나 만들어 암호화 시켜 2번에게 보내자
# vi server101.txt
hi ~ good ~
# gpg –output en_server101.txt –encrypt –recipient server2 server101.txt  
(server101.txt를 암호화 하겠다, y 입력하고 난 후 리스트를 보면
en_server101.txt 파일이 생성된다 <—암호화된 파일, 이것을 전송)

# scp 10.10.33.2:/root/.gnupg/en_server101.txt /root/.gnupg/

[10.10.33.2] 101번에게서 받은 파일을 보기 위해서는 비밀키로 복구하면 암호화가 풀린 파일이 생성된다

# gpg –output server101.txt –decrypt en_server101.txt   (자기자신이 가지고 있는 비밀키로 복구)
비밀키 물어본다. 지정한 비밀키를 입력하면 server101.txt (암호화가 풀린)파일이 생성된다

참고 : 암호화를 걸어놓은 파일(en_server101.txt)은 암호화를 풀기 이전에는 아무도 볼 수 없다.
# vi en_server101.txt (암호화되어 내용을 볼 수 없다)