Question : We have confidential data that needs to be transferred to a remote location, so we need to encrypt that data.We also need to decrypt data we received from a remote location in order to understand its content.
On storage server in Stratos Datacenter we have private and public keys stored /home/*_key.asc. Use those keys to perform the following actions.
Encrypt /home/encrypt_me.txt to /home/encrypted_me.asc.
Decrypt /home/decrypt_me.asc to /home/decrypted_me.txt. (Passphrase for decryption and encryption is kodekloud).
Please Note:- Perform the below commands based on your question server, user name & other details that might differ. So please read the task carefully before executing it. All the Best 👍
1. Login on storage server & switch to root user
|
thor@jump_host
~$ ssh natasha@ststor01 The authenticity
of host 'ststor01 (172.16.238.15)' can't be established. ECDSA key
fingerprint is SHA256:lXLdAR6uarx6aXjqpW2SPO2xx63HdEjqbZTl7OTnZZQ. ECDSA key
fingerprint is MD5:f3:a6:78:c9:24:71:ae:e5:fe:10:5f:62:61:2a:30:fa. Are you sure you
want to continue connecting (yes/no)? yes Warning:
Permanently added 'ststor01,172.16.238.15' (ECDSA) to the list of known
hosts. natasha@ststor01's
password: [natasha@ststor01
~]$ sudo su - We trust you have received the usual lecture from the local System Administrator.
It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great
responsibility. [sudo] password for natasha: |
2. All files located in /home
|
[root@ststor01
~]# cd /home/ [root@ststor01
home]# ll total 24 drwx------ 1
ansible ansible 4096 Oct 15 2019
ansible -rw-r--r-- 1
root root 155 Jul 21 15:53 decrypt_me.asc -rw-r--r-- 1
root root 99 Jul 21 15:59 encrypt_me.txt drwx------ 1
natasha natasha 4096 Jan 12 2020
natasha -rw-r--r-- 1
root root 3589 Jul 21 15:59 private_key.asc -rw-r--r-- 1
root root 1722 Jul 21 15:59 public_key.asc [root@ststor01
home]# |
3. Import gpg Private & Public key
|
[root@ststor01
home]# gpg --import public_key.asc gpg: directory
`/root/.gnupg' created gpg: new
configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING:
options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring
`/root/.gnupg/secring.gpg' created gpg: keyring
`/root/.gnupg/pubring.gpg' created gpg:
/root/.gnupg/trustdb.gpg: trustdb created gpg: key
CCE3AF51: public key "kodekloud <kodekloud@kodekloud.com>"
imported gpg: Total
number processed: 1 gpg: imported: 1 (RSA: 1) [root@ststor01
home]# [root@ststor01
home]# gpg --import private_key.asc gpg: key
CCE3AF51: secret key imported gpg: key
CCE3AF51: "kodekloud <kodekloud@kodekloud.com>" not changed gpg: Total
number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 [root@ststor01
home]# |
4. Kindly verify keys are imported successfully
|
[root@ststor01
home]# gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub 2048R/CCE3AF51 2020-01-19 uid kodekloud
<kodekloud@kodekloud.com> sub 2048R/865C070D 2020-01-19 [root@ststor01 home]# [root@ststor01 home]# gpg --list-secret-keys /root/.gnupg/secring.gpg ------------------------ sec 2048R/CCE3AF51 2020-01-19 uid kodekloud
<kodekloud@kodekloud.com> ssb 2048R/865C070D 2020-01-19 [root@ststor01 home]# |
5. Will encrypt the file txt in to asc in same folder path
|
[root@ststor01
home]# gpg --encrypt -r kodekloud@kodekloud.com --armor <
encrypt_me.txt -o encrypted_me.asc gpg: 865C070D:
There is no assurance this key belongs to the named user pub 2048R/865C070D 2020-01-19 kodekloud <kodekloud@kodekloud.com> Primary key fingerprint: FEA8 5011 C456 B5E9
AE5A 516F 8F17 F26E CCE3 AF51 Subkey fingerprint: 7B4B 5CFC 5E4F B4B6
EEC0 83E5 DD6B 8506 865C 070D [root@ststor01 home]# |
6. Will decrypt the file asc in to txt using passphrase within same folder path
|
[root@ststor01
home]# gpg --decrypt decrypt_me.asc > decrypted_me.txt gpg: AES
encrypted data gpg: encrypted
with 1 passphrase [root@ststor01
home]# |
7. check the encrpyted & decrypted files in /home
|
[root@ststor01
home]# ll total 32 drwx------ 1
ansible ansible 4096 Oct 15 2019
ansible -rw-r--r-- 1
root root 80 Jul 21 17:05 decrypted_me.txt -rw-r--r-- 1
root root 155 Jul 21 16:59 decrypt_me.asc -rw-r--r-- 1
root root 669 Jul 21 17:09 encrypted_me.asc -rw-r--r-- 1
root root 99 Jul 21 17:01 encrypt_me.txt drwx------ 1
natasha natasha 4096 Jan 12 2020
natasha -rw-r--r-- 1
root root 3589 Jul 21 17:01 private_key.asc -rw-r--r-- 1
root root 1722 Jul 21 17:01 public_key.asc [root@ststor01
home]# |
8. Validate the task by cat the files output
|
[root@ststor01 home]# cat decrypted_me.txt Welcome to
xFusionCorp Industries. This is KodeKloud System Administration Lab [root@ststor01
home]# [root@ststor01
home]# cat decrypt_me.asc 'h'ҊOoD+)δ1RK*PH L1!f 21 ԎZDvpFBCV(\59.9Ӫ%Rv [root@ststor01
home]# [root@ststor01 home]# cat encrypt_me.txt My name is
"My Name" My credit card number is 1234-5678-9012-3456 The password for my phone is 42 [root@ststor01 home]# [root@ststor01 home]# cat encrypted_me.asc -----BEGIN PGP
MESSAGE----- Version: GnuPG
v2.0.22 (GNU/Linux) hQEMA91rhQaGXAcNAQf8D95rFMAt6UK4MrkIXDClkq1rOg/bnJjF0q1QyBPRe3Iz 2MF0mybkcw0ejfgKpX7ZmazQXidIh0kS+GzajYbdbNs5EGkAbHM/G3qBzVU9NYoL yOOuIYQm6TwVMCVDwsr9MlBs9awmnKSyW4uLj8J75rG/iPH0xlzzzJGC8Z86g/gh xqoAk9+iXByFurq55IWpomQ73lBwh+TuvSWqanpGJeBXNowdIxyHVmAK90snX080 KW4/e0zDIV+JYUwxuInt5w0/ZOilGZQ39yvCeMCkkJE8T0L6SDl3uAZC69cz3Mqi NGmd92owjwhrAhoskoSVRNDOCcJH5hQCE0GHLZpIitKUAd12YNfkaUP/p7XK7Nx2 SJ1nGNt6O2i+EzR/N+avVczRtGM8p5Vo0hlszT/Tj4VeZuZ325U3eNbvU/Vj7+t8 qLOMwklgCQEO5tmOaz4KQqR4qpKOUmIoMhGzCZafKTUP2S3m9eyvbWqQohBXyic7 XERW3bxG/lKDnycThf4h1EP1Y96r7PunkzxeO6hQxjLoAXPFoA== =KhSJ -----END PGP
MESSAGE----- [root@ststor01
home]# |
9. Click on Finish & Confirm to complete the task successfully
Happy Learning!!!!
0 Comments