OpenSSL
优质
小牛编辑
138浏览
2023-12-01
RSA 公钥私钥
创建公钥私钥
1. 查看 openssl 版本
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
2. 创建一个 2048 bit 私钥
# openssl genrsa -out private_key.pem 2048
Generating RSA private key, 2048 bit long modulus
...........................................+++
...................................................+++
e is 65537 (0x10001)
3. 查看 private_key.pem 内容
# cat private_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAp+eyTek8adKOu4cka2LiVTXguMViNrmtVcRyp+mk5Rikh/AX
SfMj3w03ryEBmLj6oB6mWsYXxdvE7Uc+D8xt9ify+Kc8gBfb+dPz22XSur1gusgH
rL+9UpkiNsWt0sDLe8KfIB+8NSnhWpAzMzoxp2WtnLjR31WmWFjZ4VHcH7XPvVFC
jT3vmt/wknWT4u7YRJ484edUm4/sXjsFEmHTpx3nENScd+XQyW2Hp4IutmZzN0dz
J2d7IN9Zd/TGg6PPLrJ4U2KhZhzV15zNRgBUydAZzTkSjIVrpPSMo0Ak/iLel5ri
jdr734SvJoY3tLbw+TSG/JXAERR+GtBiwvfZMQIDAQABAoIBAQCdevcFlCiRqGcv
BAXooopeGXZ4VslTQruMogBX9RAvv/kxdsKhHWcboa4EmBSDRZvr6lNk+D772LDP
S+6tqrPIGJgPF+vqyHYNz/n8YXhQpabACTUJlZzgh7hLXwU1kpZHsbbFzn4b7vfq
lS0wcvh3ZSp8v+w4aIDohA13A+xN4BfXfVMsIde2Yx9z8BQfxyVlchBdqGlmnVIZ
WQ8ejtNhCresjiV3Q0V1+Mw4wTQJ0keld7fSUji8J110Fr0vfR0Tl+0T8Tz42Og+
2R7SxlGWX1f5u5S7gaZbyfivmx3kXD8N2TojU46oy0+tWnLSRetrPutuSjio7UuH
Le67rHCxAoGBANEAF2IMXtNHBnyyQDIn/0rhOFQWi/gw/5ZwaQP0BLSQVz1m6Vsm
lTfM1E7+H5k37d3Yen7GTkEO474g15eYn3VZfjNnjKWiBvEcb42UV7Qa+Lbd2qDy
Ys7KofFOXSDlJcJq+xF3OHNXQ48HIBHB1X0EWMvIY1yY4jizid+hw707AoGBAM2p
y/dJdY81IouE2iPGlV8wsKrwvJIURm7bRAAe44TPUQewyqUZgP08YHAlhcgCJr98
SjExbaz1PtpQWYAfKr9qu1rYWg2EDo8WfwEsQ8Wpyi7FX4y10ArljK2mZoQ5iBli
LpoLZk1w6CW75vSaAF16gRyFa2q8hhS9g20u2cyDAoGAEkN+x5urIa1gPL9a6sci
AQojYP3DZ4Hoo93Y33aQfrLqXLxEgimh+olUuD5uxnXjvHIxaiisJ/VEI5Y9IMs+
jAOxCo7u9H5vOtywRuACtgNxXpGOjGgCCG4erraZXsmHfjDZFdKkRTgH+FS4EbUt
kcoydERjonDdu/S8hKVfNIcCgYBTGcXpwMv4tp6jw2WlSQt4MCNinu2DFSA0kPKU
HecO9fom4l+vgHOnX2sURYUeAQiJHP6ZjABl/56K9iaD55QNTmIv3fXdOjvrw0pE
Pg+QYf/pECWApMJQdNp4HCGWUezVXN+5rNuEdRfIj3lN4qA9JU/gJ2T09wIyhTUC
vAiTYwKBgEMNj2M/Cvzv3v7tM8gYhogqZp3ksv8LhNjYk1F5mQrykXd0vyAckiZJ
5AX2H4kOYb1UIzEp7SJi39Lr2Hrz4fdjDOing+RRY/H+cCVNv21olS3nfJ6JEcm6
VFLte/lXx4FgODtd7+ewV/ek0HgqQQ8DOaljGDIEk2NNW05Vjigi
-----END RSA PRIVATE KEY-----
4. 生成共钥
# openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
writing RSA key
5. 查看 public_key.pem 内容
# cat public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+eyTek8adKOu4cka2Li
VTXguMViNrmtVcRyp+mk5Rikh/AXSfMj3w03ryEBmLj6oB6mWsYXxdvE7Uc+D8xt
9ify+Kc8gBfb+dPz22XSur1gusgHrL+9UpkiNsWt0sDLe8KfIB+8NSnhWpAzMzox
p2WtnLjR31WmWFjZ4VHcH7XPvVFCjT3vmt/wknWT4u7YRJ484edUm4/sXjsFEmHT
px3nENScd+XQyW2Hp4IutmZzN0dzJ2d7IN9Zd/TGg6PPLrJ4U2KhZhzV15zNRgBU
ydAZzTkSjIVrpPSMo0Ak/iLel5rijdr734SvJoY3tLbw+TSG/JXAERR+GtBiwvfZ
MQIDAQAB
-----END PUBLIC KEY-----
加密/解密
1. 创建一任意文本
# echo 'This is a test Encrypting and decrypting file' > secret.txt
2. 使用共钥加密
# openssl rsautl -encrypt -pubin -inkey public_key.pem -in secret.txt -out secret.enc
3. 使用私钥解密
# openssl rsautl -decrypt -inkey private_key.pem -in secret.enc
This is a test Encrypting and decrypting file
创建一个 hash digest
1. 创建一个 hash digest
# openssl dgst -sha256 -sign private_key.pem -out secret.txt.sha256 secret.txt
2. 使用公钥验证
# openssl dgst -sha256 -verify public_key.pem -signature secret.txt.sha256 secret.txt
Verified OK
创建自签名证书
1. 创建 private key
openssl genrsa -out example.com.key 2048
2. 创建 CSR
openssl req -new -key example.com.key -out example.com.csr -subj "/C=CN/ST=BJ/L=BJ/O=IT/OU=IT/CN=example.com"
3. 创建证书
openssl x509 -req -days 3650 -in example.com.csr -signkey example.com.key -out example.com.crt
4. 查看创建的文件
# ls -l
total 12
-rw-r--r--. 1 root root 1159 Dec 9 16:02 example.com.crt
-rw-r--r--. 1 root root 980 Dec 9 16:02 example.com.csr
-rw-r--r--. 1 root root 1679 Dec 9 16:01 example.com.key