我正在寻找一个实用程序来加密
Linux中的某些目录.我不是在寻找任何完整的磁盘加密服务,而只是为了在云中存储文件而加密一些目录.检索它们之后,我必须先解密它们才能访问它们.希望为几个目录(大小几百GB)执行此操作.有任何想法吗?最好是基于CLI的.
解决方法
我只使用GnuPG来完成这项任务.首先将文件夹打包到TAR-GZ存档中:
tar czf files.tar.gz /path/to/my/files
如果尚未完成,则需要先创建GPG私钥/公钥对:
gpg --gen-key
按照说明操作.对于第一次测试,默认值应该是足够的.会出现这样的事情:
gpg (GnuPG) 2.0.18; Copyright (C) 2011 Free Software Foundation,Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY,to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: File Encryption Key
Email address: admin@company.org
Comment: File Encryption Key
You selected this USER-ID:
"File Encryption Key (File Encryption Key) "
Change (N)ame,(C)omment,(E)mail or (O)kay/(Q)uit? o
系统会要求您输入密钥的密码.强烈建议使用强力的.无论如何都不需要加密文件,因此不要担心以后批量使用.
如果一切都完成了,屏幕上会出现如下内容:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard,move the mouse,utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard,utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key FE53C811 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed,1 complete(s) needed,PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-,0q,0n,0m,0f,1u
pub *****/******** 2013-03-19
Key fingerprint = **** **** **** **** **** **** **** **** **** ****
uid File Encryption Key (File Encryption Key)
sub *****/******** 2013-03-19
现在您可能希望导出公钥文件以在其他计算机上导入它:
gpg --armor --output file-enc-pubkey.txt --export 'File Encryption Key'
现在我在新创建的档案中使用GnuPG:
gpg --encrypt --recipient 'File Encryption Key' files.tar.gz
您现在有一个加密的files.tar.gz.gpg文件.
您可以使用以下命令对其进行解密(系统将要求您输入密码):
gpg --output files.tar.gz --decrypt files.tar.gz.gpg
这就是整个魔术.
确保备份密钥!永远不要忘记你的密码!如果没有备份或忘记,你有数十亿的数据垃圾!
使用以下命令备份您的私钥:
gpg --armor --output file-enc-privkey.asc --export-secret-keys 'File Encryption Key'
好处
>所有加密器都不需要知道有关加密的敏感信息 – 加密是使用公钥完成的. (您可以在本地工作站上创建密钥对,只将公钥传输到服务器)>脚本文件或作业中不会出现密码>您可以在任何所需的系统上使用加密器>如果你保密你的私钥和密码,一切都很好,很难妥协>您可以使用特定的PGP / GPG实现在Unix,Windows和Linux平台上使用私钥进行解密>无需加密和解密系统的特殊权限,无需安装,无容器,无需特殊文件系统
