foreword
The team's project has recently been changed to GitLab for hosting, and the authentication method has changed from the previous HTTPS+SSH to pure SSH, so SSH Key needs to be configured.
SSH encryption uses the RSA algorithm, and a simple encryption and decryption demonstration will be given at the end of the article.
1. Generate a public-private key pair
Let's first see what happens when there is no key to connect to the remote warehouse:
git fetch --all
正在获取 origin
The authenticity of host '[gitlab.xxx.com]:2208 ([123.234.123.234]:1234)' can't be established.
ED25519 key fingerprint is SHA256:oDUUd81eFr9WsLsNvx9fEHxb1bS71o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[gitlab.xxx.com]:1234' (ED25519) to the list of known hosts.
git@gitlab.xxx.com's password:
Permission denied, please try again.
git@gitlab.xxx.com's password:- First prompt the key has not been verified, whether to continue
- After selecting continue, you will be prompted to enter the git password
- We don't have a password for git
Therefore, there is no way to pull it normally.
Why is it prompted for a git account? I guess what is written in the Url is git@gitlab.xxx.com that is the user name Aite host name, so the terminal treats git as an account, so we can enter the git password.
The correct way to open is here:
Type in a Linux/Mac terminal or GitBash on Windows:
// 生成公钥私钥对
ssh-keygen -t rsa -C '邮箱'
// 示例,提示信息可以全部默认回车
ssh-keygen -t rsa -C '123.abc'
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/lyx/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/lyx/.ssh/id_rsa
Your public key has been saved in /Users/lyx/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:eYm9YeewQwsUO/Ai5zgDb+tKNJZ7dEM 123@abc.com
The key's randomart image is:
+---[RSA 3072]----+
| o. . |
|+..o . |
|+*oooEo |
|Bo= o= . + . |
|=X o.o. S O . |
|*oO . . = O |
| = + = . |
|. o . |
|.o. |
+----[SHA256]-----+ After all the operations, two files will be generated in the user directory ~/.ssh/:
Among them, the left is the private key, which is left on your computer for authentication.
The one on the right is the public key, which needs to be uploaded to GitLab.
Open the id_rsa.pub file and select all to copy:
Find the SSH Keys page on GitLab, paste it, and the title will be automatically generated:
After adding, the existing SSH Key will be displayed below:
For Github, the operation is similar:
Pull it again and it is successful:
The operation part is now complete.
2. RSA encryption demonstration
The teacher demonstrated the encryption and decryption of the key pair generated on the spot before, but the demonstration was not completed due to time reasons. This time, this article will reproduce the encryption process.
RSA is an asymmetric encryption.
The general encryption method is called symmetric encryption. The encryption key is the same as the decryption key. The disadvantage is that once the key is leaked, the ciphertext is insecure.
Symmetric encryption means that the encryption key and the decryption key are different (public key and private key), and after public key encryption, only the private key can be used to decrypt.
Next, let's demonstrate it with an online generated website. There are many similar websites, for example:
http://www.metools.info/code/c81.html
First click the button to generate a pair of public key and private key. In order to facilitate readers to follow the article, I have pasted the key and ciphertext in the article.
Copy the key pair:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuOVdG/jlSaQuzJvFlS0
EXRD4V8OnG1GaYwxnKj7gRizgmf5GBRxQgSRj+pTkj6VsEacGbGvi0T6gDcamJJJ
H2dEgJK+J3xDhjgetiA+RZjQ6sBlAE5f2NcdtYlckzl1K5K9aZXxlFHkQAqquwyI
NJtlupDEfbmVS7Zk2YUo4F2qxfLcKtHLpQJOMCZSXNPrX7Nv5cdXkbju0QKLNqr1
ymj8gLjhNyi2duAYBqAaDFuiklscPqeG/vZRKBbEezdZVZsqEynfedz440YRB3qW
N2kRfu+mtclRftbkv2FVrYCKw4SZ+coz4XVgKiCI/t33mFPDpgdroHaNdOERWwKf
jQIDAQAB
-----END PUBLIC KEY----- -----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC245V0b+OVJpC7
Mm8WVLQRdEPhXw6cbUZpjDGcqPuBGLOCZ/kYFHFCBJGP6lOSPpWwRpwZsa+LRPqA
NxqYkkkfZ0SAkr4nfEOGOB62ID5FmNDqwGUATl/Y1x21iVyTOXUrkr1plfGUUeRA
Cqq7DIg0m2W6kMR9uZVLtmTZhSjgXarF8twq0culAk4wJlJc0+tfs2/lx1eRuO7R
Aos2qvXKaPyAuOE3KLZ24BgGoBoMW6KSWxw+p4b+9lEoFsR7N1lVmyoTKd953Pjj
RhEHepY3aRF+76a1yVF+1uS/YVWtgIrDhJn5yjPhdWAqIIj+3feYU8OmB2ugdo10
4RFbAp+NAgMBAAECggEAbIhqbQrpV93nDfBEFFB3+9OvZNNwbEw8+O4Fkx6FAnuS
K9Vf8XZQMAleCLXamnMhidadVHIp5tAsiGIrGlfVpRk3gcWTqwMHX2N2dkZ0LgEe
GfHK/n+ESb5/FvhJQ+VZL16JoVsmXgqrFYY/A3nQase9exXmRWYYvzGib6OiOmLa
0InXQDhkKHmBHkyIClrMuCsCgg+4R1Jwowc4bSTyfSgZpXj3Q63drFGuQFR+dywj
cPs55jhJ7b37Utsk1YLXB4rj9gHECQlWVLuYXcOn4QPJ2Y0Su9LzhleaRmywxDJ1
lsMsy9AYsSQkFy9FIRzqRIy4yQ/cAzF7z2z78o950QKBgQDdJHibVm+PGT0hyVts
fE+0LvUGrEaCpC1xlWs0APQCGt5dtcTiV2XT8s+wKie8jmRn5NrYUydGcVVvQ98b
e2pTO964ahsGdGJ277g7oE6MQTkXDY9dB7DryMaa224u1idYofmBUvwOtloeaqo4
hegQaNza9ziKWSYgs56dOavV8wKBgQDTt4LJC0GjaLBIp3kND/gzzPvYlzHUELqy
q/B4EQCma+/kB08d1UZWlmS/eNJrXqtbc0uxaf+83e732DippzRxHRE6SK5qk+lA
vxEoMyUn+QHAYL46nSDM9124F3TvLNhGlLPo3trA7KyWKgVpgli/VumXNUtHao8s
lZmv0mGUfwKBgQC5HyTPdMYi1o/0Tql34YCfZ4e6tFC6YFGieeCqQfoCIRfw/o74
ow0dJnByGnf1QoYO6ufAm6uPLqTEZd7JFMFnOAE0A67n8lnTEs35LDNU+eyevb07
tYqHdyW60OIl1yRM8Br8Bcn3TvOV7tjcREyGICJyMu5j8kkWqwamu3Z7vQKBgDW9
P+I+DDQpL43RjKVnJ04muspYXlqAwJL3l7syPaMAhMyxmkBtUURLOllrlqWQSxiU
ZGMtD6/l+XFJneBaQ7JueV/88OC2mJ9JoFY+3TCPQQWOyNph5eCA7XX75j+Ld346
4ou6fXY43PnkwqjsYBB5RCOQcII5JwxfELqTQReLAoGABoVxBx6i/6oFTO+zi8AM
Th98KVLTTXTMAuo2q58fArLpBXG8d0ahgnhS9vbzTp74saF5LO5GvWUuqZN5+1S3
6jJdeApldmhDqfaLzt9SRDyD6S2TgOc1TWRcIMHGUOkRkphuKvWlctn2LQXWyBTM
siDMrbdzCev5n3RqcekeTgk=
-----END PRIVATE KEY-----Next, suppose that we want to complete an encryption business, so we put the private key in our hands and the public key to the customer.
If we want to send data to the client, we fill in the private key and plaintext, and the ciphertext will be generated:
Ciphertext generated by the private key:
Y1+RA9BUWG3I6UasSsofTgkNzT7hixSWboatYrOQd5lyGv5hxrFHOSe44fi1FAplv3wwoW13Sz4gQilwCPmt3yO/uhPvAnfnQ8dG6wkUK3bhG3wN7xsV+zaXizYCTLVd09s1edjhnlC7bCK2iffG5hVkQkqr5yfCJSDKxju5CZmXgGdz8q5RZy2z0nMQX8OMF5Ku3vOraF95iuE0x1BS900WN3Dpw4gEEkF9Y1EdV8GBl3F1q86o289PYlFAHAzLOPIP7MbqGizT+JOozQfMz5XRNj/7swEqvNGnsGgTUZ4Lz/3bDkrf6PtrecNBDN3bmNLbqOakweFJiovZkojE7Q==Let's paste this ciphertext into the decrypt box, but use the private key for the key, and see what happens:
The answer is that decryption failed.
What about public key decryption?
It worked.
Let's do it in reverse, encrypting data with the public key and decrypting it with the private key:
Ciphertext encrypted by public key:
Yrazx/V6qgcWX25SY9h6jL4CptJkgtwbwZAcYkAfVJUYNpP+OhR2tW2yp63LXGhn9bby3ly7FAPmzz4oTsh/IUOvcNt/PCbGIRNti1WowmsARX3Yjvctd8DnSGaTX/DMcjjZIiLqsmvW90DmKOT3xWa0cinjceO2qLbBdcsVc19N2/Mchy4vy4RvuVmve5Um9IQfE6RjFz75uI+kM1T/r6BMoLq2uIdM6jVLmbidCgBBYa0nFLGfa3y2Q4bYMu+ixK0C8AEA7jWw6vli3mFbka0DD7U9+CfNN3LFV8PHaaKiPcN2j6rvg/jLMzi2reAyzWxcy5R+LgjTsFvOsXbLnA== 
The same can be decrypted successfully.
3. Summary
- Data encrypted by public key can only be decrypted by private key
- Data encrypted by private key can only be decrypted by public key
In general RSA application scenarios, the public key is usually copied in multiple copies and distributed to different customers, while the private key is kept in their own hands, and multiple public key customers will send data to the private key owner. In this case, only public-key encrypted data is transmitted over the network.
Therefore, the public key owners do not know what data the other party has sent to each other, which ensures privacy.
In addition, once the public key is leaked, the leaked public key cannot decrypt the data transmitted on the network, and will not affect the security of the ciphertext.
References:
Online Key Generation Tool: http://www.metools.info/code/c81.html
Knowing the principle of RSA algorithm (requires advanced mathematics): https://zhuanlan.zhihu.com/p/48249182
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。