openssl生成RSA私钥、公钥,签名、验证签名,加密、解密

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

openssl其它日志:

openssl生成RSA私钥、公钥,签名、验证签名,加密、解密

http://my.oschina.net/u/1382972/blog/325442

openssl生成x509根证书,查看证书信息,签发证书

http://my.oschina.net/u/1382972/blog/325778

openssl文件摘要(Message Digest)计算命令

http://my.oschina.net/u/1382972/blog/325329

====================================================



系统:ubuntu 14.04 

查看openssl版本:

openssl version 

OpenSSL 1.0.1f 6 Jan 2014

相关命令帮助:

man genpkey

man pkey 

man pkeyutl

生成1024位rsa私钥,保存为pem格式

openssl genpkey -out key.pem -algorithm rsa

查看私钥内容

openssl pkey -in key.pem -text -noout

输出:

Private-Key: (1024 bit)

modulus:

    00:bd:c0:10:ae:26:12:c3:82:2c:56:d1:bb:26:42:

    38:47:3d:ca:c5:ae:a4:c8:de:27:4f:a1:61:e5:f3:

    2e:ce:d7:48:62:20:1f:76:47:c2:cf:6b:43:d2:b4:

    b6:b4:eb:21:21:d6:f4:d8:c8:09:ab:cd:c5:ce:65:

    48:56:43:d6:d2:f4:0c:e4:66:ef:34:33:bd:9d:1d:

    d3:23:af:39:63:51:4c:b5:88:ea:b5:92:7e:4e:e0:

    6f:cd:50:7f:06:49:ea:dc:80:59:12:d4:59:86:6e:

    79:a5:b7:d9:c0:b0:c8:cd:12:4b:6c:49:7e:33:5f:

    b4:f7:6b:37:8e:18:42:3c:ed

publicExponent: 65537 (0x10001)

privateExponent:

    3f:4f:d5:80:f5:ed:2e:d4:c1:4c:9a:a0:32:4c:c8:

    10:65:3a:c2:28:da:8c:b7:2b:30:b3:ad:41:97:99:

    97:a4:57:5f:7e:4e:61:1d:e2:8f:68:bf:f1:8f:20:

    a3:4f:0c:f8:08:8c:1b:c4:eb:0d:2b:14:84:20:61:

    39:7f:5b:2e:e6:84:87:2f:0f:e1:b2:a6:ec:6a:19:

    33:c7:44:c9:86:ca:66:9d:ad:d4:a3:70:f2:a7:99:

    da:fe:1a:c2:8e:21:01:bb:4d:14:48:16:67:d0:59:

    4a:25:0a:0c:2c:73:3a:47:05:d6:de:b9:d1:a5:67:

    b8:98:03:fe:e9:ae:3d:75

prime1:

    00:ed:ca:a8:af:62:70:84:c2:53:bf:6e:61:cd:ac:

    24:7e:4c:cd:16:28:f3:f0:b8:10:bb:b5:9f:f5:49:

    fd:98:e7:28:44:d4:82:8c:9c:14:69:07:79:49:0e:

    b8:fd:8d:0c:d8:74:5a:06:f3:8c:9f:f4:39:f2:57:

    ce:31:57:50:9f

prime2:

    00:cc:47:ab:3b:77:12:e9:43:9f:cd:61:ba:05:22:

    83:89:d1:b4:f5:97:32:7c:4d:ff:63:03:d4:df:cb:

    1c:9b:4a:88:aa:a7:e9:8e:92:66:3f:2c:34:b7:b3:

    f0:ec:86:00:30:d9:01:17:34:96:7c:35:c9:c1:8b:

    87:80:35:8a:f3

exponent1:

    37:08:02:b7:ec:21:3c:28:38:f7:81:95:32:e3:16:

    e2:ff:e5:2a:ae:b9:9d:c9:0b:5e:55:af:3a:36:30:

    71:75:75:b5:50:35:12:53:80:c9:b9:c8:10:e7:4e:

    5a:a7:8d:04:7f:10:e2:b0:f4:a7:83:fe:f1:1d:ef:

    03:2e:40:e3

exponent2:

    00:8a:21:70:24:ce:98:88:08:c5:16:e0:9d:23:79:

    ba:0e:48:32:1f:da:f4:35:5f:9c:70:3c:98:06:17:

    d6:a9:1f:16:18:a7:5f:e3:9b:14:ee:64:9a:e5:19:

    14:b1:2a:cf:18:38:b4:67:17:95:26:3a:4c:c9:c5:

    ea:83:04:31:87

coefficient:

    6e:09:3a:c8:dd:44:2e:1c:e0:e3:e7:a3:44:7e:c3:

    56:fe:6c:a9:22:44:11:63:92:91:90:80:f4:86:6e:

    e5:03:c0:ea:2e:c1:83:8c:5b:74:82:8b:5d:22:6e:

    6f:2b:9c:d2:84:29:60:12:dc:06:3a:5f:65:bd:66:

    6a:aa:fb:d9

各项内容代表意义:

来源(http://stackoverflow.com/questions/22078801/creating-pem-pfx-from-private-modulus)

RSAPrivateKey ::= SEQUENCE {

      version           Version,

      modulus           INTEGER,  -- n

      publicExponent    INTEGER,  -- e

      privateExponent   INTEGER,  -- d

      prime1            INTEGER,  -- p

      prime2            INTEGER,  -- q

      exponent1         INTEGER,  -- d mod (p-1)

      exponent2         INTEGER,  -- d mod (q-1)

      coefficient       INTEGER,  -- (inverse of q) mod p

      otherPrimeInfos   OtherPrimeInfos OPTIONAL

  }

rsa算法参考:

http://www.ruanyifeng.com/blog/2013/07/rsa_algorithm_part_two.html

http://en.wikipedia.org/wiki/RSA_(cryptosystem)

生成对应的公钥

openssl pkey -in key.pem -pubout -out pubkey.pem

查看对应的公钥:

openssl pkey -pubin -in pubkey.pem -text -noout

Public-Key: (1024 bit)

Modulus:

    00:bd:c0:10:ae:26:12:c3:82:2c:56:d1:bb:26:42:

    38:47:3d:ca:c5:ae:a4:c8:de:27:4f:a1:61:e5:f3:

    2e:ce:d7:48:62:20:1f:76:47:c2:cf:6b:43:d2:b4:

    b6:b4:eb:21:21:d6:f4:d8:c8:09:ab:cd:c5:ce:65:

    48:56:43:d6:d2:f4:0c:e4:66:ef:34:33:bd:9d:1d:

    d3:23:af:39:63:51:4c:b5:88:ea:b5:92:7e:4e:e0:

    6f:cd:50:7f:06:49:ea:dc:80:59:12:d4:59:86:6e:

    79:a5:b7:d9:c0:b0:c8:cd:12:4b:6c:49:7e:33:5f:

    b4:f7:6b:37:8e:18:42:3c:ed

Exponent: 65537 (0x10001)

生成测试用文件:

echo some secret > tos.txt

用私钥给文件签名:

openssl pkeyutl -sign -in tos.txt -inkey key.pem -out tos.sig

用公钥验证签名:

openssl pkeyutl -verify -in tos.txt -sigfile tos.sig -pubin -inkey pubkey.pem 

Signature Verified Successfully

用公钥恢复签名文件的内容:

openssl pkeyutl -verifyrecover -in tos.sig -pubin -inkey pubkey.pem 

some secret

用公钥加密文件:

 openssl pkeyutl -encrypt -in tos.txt -pubin -inkey pubkey.pem -out tos.enc

用私钥解密文件:

openssl pkeyutl -decrypt -in tos.enc -inkey key.pem -out tos.dec

cat tos.dec

some secret


转载于:https://my.oschina.net/u/1382972/blog/325442

你可能感兴趣的:(openssl生成RSA私钥、公钥,签名、验证签名,加密、解密)