OpenSSL (md5sum sha1sum cksum) 文件加密

ulovko

# display currently version

1. openssl version

复制代码

# openssl list-message-digest-commands

1. openssl dgst -sha1 file #(sha1,md5 etc.)
   
2. openssl md5 < file  <==>  md5sum file
   
3. openssl sha1 < file <==>  sha1sum file

复制代码

# openssl list-cipher-commands

1. man openssl >> to see more details about enc ==> man enc <== u can see more!

复制代码

# asn1parse(1), ca(1), config(5), crl(1), crl2pkcs7(1), dgst(1),
# dhparam(1), dsa(1), dsaparam(1), enc(1), gendsa(1), genrsa(1), nseq(1),
# openssl(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), rand(1), req(1),
# rsa(1), rsautl(1), s_client(1), s_server(1), s_time(1),
# smime(1),spkac(1), verify(1), version(1), x509(1), crypto(3),ssl(3)

# To encrypt a file named file.txt with a password, using triple DES in CBC
# mode,stored base64 encoded:

1. openssl enc -des3 -e -a -salt -in file.txt -out file.des3

复制代码

# To decrypt the resulting file.des3 file:

1. openssl enc -des3 -d -a -salt -in file.des3 -out file.txt

复制代码

#EXAMPLES:
#Just base64 encode a binary file:

1. openssl base64 -in file.bin -out file.b64

复制代码

#Decode the same file:

1. openssl base64 -d -in file.b64 -out file.bin

复制代码

#Encrypt a file using triple DES in CBC mode using a prompted password:

1. openssl des3 -salt -in file.txt -out file.des3

复制代码

#Decrypt a file using a supplied password:

1. openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword

复制代码

#Encrypt a file then base64 encode it (so it can be sent via mail for  example) using Blowfish in CBC mode:

1. openssl bf -a -salt -in file.txt -out file.bf

复制代码

#Base64 decode a file then decrypt it:

1. openssl bf -d -salt -a -in file.bf -out file.txt

复制代码

FROM: http://blog.chinaunix.net/uid-25256412-id-91486.html

fender0107401

好久以前用过gnupg来加密邮件和文件，不过后来没怎么用过。

ulovko

回复 2# fender0107401

GPG (md5sum sha1sum cksum)

# Creating a key

1. gpg --gen-key

复制代码

# Exporting keys

1. gpg -o file.gpg --armor --export [UID]

复制代码

# Importing keys ==> when u received someone's pub key,u have to add them
# to your key database in order to be able to ues them.. ~/.gnupg/

1. gpg --import [filename]

复制代码

# Revoke a key

1. gpg --gen-revoke

复制代码

# Key administration

1. gpg --list-keys
   
2. gpg --list-sigs
   
3. gpg --fingerprint
   
4. gpg --list-secret-keys
   
5. gpg --delete-key [UID]
   
6. gpg --delete-secret-key

复制代码

# '?' to listing help

1. gpg --edit-key [UID]
   
2. Command> ?
   
3. Command> revkey
   
4. Do you really want to revoke this key? y
   
5. Command> revsig
   
6. Command> check

复制代码

# Signing and checking signatures

1. gpg -o file.sig --sign file.txt
   
2. gpg -o file.sig --clearsign file.txt
   
3. gpg -o file.sig -ab file.txt
   
4. gpg --verify file.sig file.txt
   

复制代码

# use '--version' to listing supported algorithms

1. [root@ns1 ~]# gpg --version
   
2. gpg (GnuPG) 1.4.5
   
3. Copyright (C) 2006 Free Software Foundation, Inc.
   
4. This program comes with ABSOLUTELY NO WARRANTY.
   
5. This is free software, and you are welcome to redistribute it
   
6. under certain conditions. See the file COPYING for details.
   
7. 
   
8. Home: ~/.gnupg
   
9. Supported algorithms:
   
10. Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
    
11. Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
    
12. Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    
13. Compression: Uncompressed, ZIP, ZLIB, BZIP2

复制代码

# Encrypt and Decrypt

1. gpg -o file.gpg -e -r jacky file.txt # use jacky's pubkey to encrypt 'file.txt'
   
2. gpg -o file.txt -d file.gpg
   
3. 
   
4. gpg -o file.asc -e --armor -r jacky file.txt
   
5. gpg -o file.txt -d file.asc
   

复制代码

# symmetric encryption

1. gpg -o file.gpg --cipher-algo 3des -c file.txt
   
2. gpg -o file.txt -d file.gpg
   
3. 
   
4. gpg -o file.asc --cipher-algo 3des --armor -c file.txt
   
5. gpg -o file.txt -d file.asc

复制代码

# TIPS: (in E-mail transmission always select 'ASCII' file ~!Ooops..)
# ASCII file always use suffix '.asc'
# and Binary file always use '.gpg'

# Sample here:

1. [root@ns1 home]# gpg --gen-key
   
2. gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
   
3. This program comes with ABSOLUTELY NO WARRANTY.
   
4. This is free software, and you are welcome to redistribute it
   
5. under certain conditions. See the file COPYING for details.
   
6. 
   
7. Please select what kind of key you want:
   
8. (1) DSA and Elgamal (default)
   
9. (2) DSA (sign only)
   
10. (5) RSA (sign only)
    
11. #Your selection?
    
12. DSA keypair will have 1024 bits.
    
13. ELG-E keys may be between 1024 and 4096 bits long.
    
14. #What keysize do you want? (2048) 4096
    
15. Requested keysize is 4096 bits
    
16. Please specify how long the key should be valid.
    
17. 0 = key does not expire
    
18. <n>  = key expires in n days
    
19. <n>w = key expires in n weeks
    
20. <n>m = key expires in n months
    
21. <n>y = key expires in n years
    
22. #Key is valid for? (0) 1
    
23. Key expires at Sun 11 Apr 2010
    
24. 04:22:30 AM CST
    
25. #Is this correct? (y/N) y
    
26. 
    
27. You need a user ID to identify your
    
28. key; the software constructs the user ID from the Real Name, Comment and  Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
    
29. 
    
30. #Real name: jacky
    
31. #Email address: jacky@gmail.com
    
32. #Comment: AK is a famous gun..
    
33. You selected this USER-ID: "jacky (AK is a famous gun..) <jacky@gmail.com>"
    
34. 
    
35. #Change (N)ame, (C)omment,(E)mail or (O)kay/(Q)uit? O
    
36. #You need a Passphrase to protect your secret key.
    
37. 
    
38. We need to generate a lot of random bytes. It is a good idea to perform  some
    
39. other action (type on the keyboard, move the mouse, utilize the disks) during
    
40. the prime generation; this gives the random number generator a better chance to
    
41. gain enough entropy.
    
42. +++++.++++++++++.++++++++++.++++++++++++++++++++.++++++++++++
    
43. ++++++++++++++++++.+++++.+++++++++++++++.+++++..++++++++++++++
    
44. +.+++++.+++++++++++++++......................+++++
    
45. We need to generate a lot of random bytes. It is a good idea to perform  some
    
46. other action (type on the keyboard, move the mouse, utilize the disks) during
    
47. the prime generation; this gives the random number generator a better chance to
    
48. gain enough entropy.
    
49. +++++..+++++++++++++++.+++++++++++++++..++++++++++.+++++..+++++++
    
50. +++.+++++++++++++++.++++++++++++++++++++.++++++++++++++++++++
    
51. ++++++++++.+++++++++++++++++++++++++.+++++.+++++.+++++>+++++++
    
52. ++++++++.+++++++++++++++.+++++.++++++++++......+++++>.+++++>...++++
    
53. +>+++++..>.+++++...................................................>+++++............<.+++++......
    
54. ...........................................................................+++++^^^
    
55. gpg: key 58B2DE67 marked as ultimately trusted
    
56. public and secret key created and signed.
    
57. 
    
58. gpg: checking the trustdb
    
59. gpg: 3 marginal(s) needed, 1
    
60. complete(s) needed, PGP trust model
    
61. gpg: depth: 0  valid:   2
    
62. signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
    
63. gpg: next trustdb check due at 2010-04-10
    
64. #pub   1024D/58B2DE67 2010-04-09 [expires:2010-04-10]
    
65. # Key fingerprint = 59B5 0536 ACC1 94ED DA48 EE2E 9B98 D1C0 58B2 DE67
    
66. # uid jacky (AK is a famous gun) <jacky@gmail.com>
    
67. #sub   4096g/B41492A8 2010-04-09 [expires: 2010-04-10]
    

复制代码

FROM: http://blog.chinaunix.net/uid-25256412-id-91485.html

fender0107401

回复 3# ulovko

哈哈。

ulovko

小弟一直使用openssl作对称加密私密文件

obsd178

对称加密不安全的呀{:2_179:}