加密unix中的某些文件有什么好方法? [关闭]

Modified on: Wed, 27 Mar 2019 17:40:02 +0800

我正在寻找一个实用程序来加密Linux中的某些目录。我不是在寻找任何完整的磁盘加密服务,而只是为了在云中存储文件而加密一些目录。检索它们之后,我必须先解密它们才能访问它们。希望为几个目录(大小几百GB)执行此操作。有任何想法吗?最好是基于CLI的。

作者:,Peter

最佳答案

我只使用GnuPG来完成这项任务。首先将文件夹打包到TAR-GZ存档中:

tar czf files.tar.gz /path/to/my/files

如果尚未完成,您需要先创建一个GPG私钥/公钥对:

gpg --gen-key

按照说明操作。对于第一次测试,默认值应该是足够的。会出现这样的事情:

gpg (GnuPG) 2.0.18; Copyright (C) 2011 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: File Encryption Key
Email address: admin@company.org
Comment: File Encryption Key
You selected this USER-ID:
    "File Encryption Key (File Encryption Key) "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

系统会要求您输入密钥的密码。强烈建议使用强力的。无论如何都不需要加密文件,因此不要担心以后批量使用。

如果一切都完成了,屏幕上会出现类似的内容:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key FE53C811 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   *****/******** 2013-03-19
      Key fingerprint = **** **** **** **** **** **** **** **** **** ****
uid                  File Encryption Key (File Encryption Key) 
sub   *****/******** 2013-03-19

现在你可能希望导出公钥文件,以便在其他机器上导入它:

gpg --armor --output file-enc-pubkey.txt --export 'File Encryption Key'

File Encryption Key是我在密钥生成过程中输入的名称。

现在我在新创建的档案中使用GnuPG:

gpg --encrypt --recipient 'File Encryption Key' files.tar.gz

您现在有一个加密的files.tar.gz.gpg文件。

您可以使用以下命令对其进行解密(系统会要求您输入密码):

gpg --output files.tar.gz --decrypt files.tar.gz.gpg

这就是整个魔术。

确保备份密钥!永远不要忘记你的密码!如果没有备份或忘记,你就有数十亿的数据垃圾!

使用以下命令备份您的私钥:

gpg --armor --output file-enc-privkey.asc --export-secret-keys 'File Encryption Key'

优点强>

  • 所有加密者都不需要知道有关加密的敏感信息 - 加密是使用公钥完成的。 (您可以在本地工作站上创建密钥对,只将公钥传输到服务器)
  • 脚本文件或作业中不会出现密码
  • 您可以在任何您想要的系统上使用加密器
  • 如果您将私钥和密码保密,那么一切都很好并且很难妥协
  • 您可以使用特定的PGP / GPG实施在Unix,Windows和Linux平台上使用私钥解密
  • 无需加密和解密系统的特权,无需安装,无容器,无需特殊文件系统
作者:Community,zero0

相关问答

添加新评论