具体要求
使用openssl工具完成如下操作:
(1)RSA 2048位 密钥生成;
(2)导出公钥;
(3)生成数字证书请求;
(4)生成数字证书;
(5)生成pkcs12格式安全包。
(6)用ASN1编码解析器,显示以上生成数据对象的ASN1编码数据。
实现过程
- RSA 2048密钥生成与导出
genrsa -out rsa-pri.pem
openssl rsa -in rsa_pri.key -pubout -out rsa_pub.pub
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC9eDesf6o/ZAzz
x4U+xIuXLTZnGlb6m6s3r2afMmpcETeMwWp6vl2jwpYmdNO8DN7P36J9WjnX4v3y
jSwbNfcoySonw/jVeqADgQIEzJvbGzwGh7QFv51MP/9d9fLsXLnIqyY7T5L68JaB
9I6YiSUw+L/Y4BKHdYf66AjLpp2r9mwf6DP1Sv8kdfw8hw891IGcjB7OFePB9Pbz
teAwvQVPfEWizPFCkyMSB5mIsduU9PIekjSjHxwOCss3KDU0yQmNs1WKuSZ6mUkd
q/T27m8+XMF1TFnL2EywJiPsIppjPAMD6VQcdkcuOULwwT8w02OoqgfD14H8eY5t
7GVGOChjAgMBAAECggEBAKmtdpZpwkqAzESpAsACfkxFtjnBUfGe5Ue6MfoRyURo
Oso4EKaZwvw78AHCkDgRgpzA1yDRY4neA7RrDvvTaWPCO5lfHIH6DkD1EJzBrDYd
frUOZH7daf32NjisYP+hztNRyqxFCAjo2rDJFcau03q22gBcMtvSupNNp0rSDNQJ
DkEfh2FBe6VrzKYdKiikTATm6KPshsco80wwxCrIgxCZ03hgzejkhm6KEbF8aE2n
KLRkFl3rBQehN3Z/8kdDNjgxYJchSgVTWQEMEkDQu6eamTv3xrFvOkmmsJQDjpSv
wcgabYRcj+Q2aebtjkRZ+jfLq8k0mX9ts0nKIkZIeqECgYEA+2Ms5WaNTlT8TRn5
LfDkrM1lM7AjCcwjPSA03ITqRLaaqZNTdoknzQ6vvHxDZl+GWt3FupOQrNbD8b2U
GklyjKCeg+CYTdMPJeerXeUqYJ+lJAVg1nqD/lWYo0uolEG/rFNkV9jWn6Eu//oa
o+Eh++2otQNqig/CjX8WGGW3ipMCgYEAwPIzLAsbIm+8UuVS3iOZCodRQZ37CjQS
imden8dRNyfQga7/mZcEAdsOIVAnG6WljpjLjrkEG6huIbiZzXucoxy0nHKz/exv
+m0Xg7rD0K46D3zexOjxQkfcxxSURVUmatVDOUqZDc+DU/SmrhOHfE1GcU1spaAm
nYU6CZ2i/PECgYEAtPFZq3T5WNyLDeQYGx09O7RLl7y8O50X8DNyWRfCl9rn0A8f
ED8AyvQ7Qewfh1xSlKz0WatFg2LCfwn5xEIBlX83Ga1bcwjr6liqXFdK/WlrsFW+
siJVR4fM6hzXJn98u0j6/NAzC4s1DUK0UikGEROrTz86PE3Dt502BjGQvskCgYEA
vGgE1f4mSfMnxx6NU8MY/zHxg4x7hZQhgqq7uHPN93jWXrv+dQEE9bbszlTRS2ru
Bhdntf8uZr+Kgz0aWo9Y/eHa72YGIm7NTZFXQ9eMvGpU4ajCcy8v3tQDXxbWTfl+
4RVMZlZUrCq1B7c/R35kb1mZ7qt26yg+bNSaPqeCb1ECgYA1/Ws6rE5JKqZSJEX/
TW+jNgWr+viG8/1XM8Jm65l6XFQBjIzXDr80ub8v91dK65t85UBrCDo0Kds1HX5C
NHBJ7cWOTETBx5Qdv/zXSV2jU22U3cjpqCxy7yXlPptsqEXnRkcBeKju5XPsJEOv
+3eBs61IERwAbxfxXIWJx9MHMA==
-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAvXg3rH+qP2QM88eFPsSLly02ZxpW+purN69mnzJqXBE3jMFq
er5do8KWJnTTvAzez9+ifVo51+L98o0sGzX3KMkqJ8P41XqgA4ECBMyb2xs8Boe0
Bb+dTD//XfXy7Fy5yKsmO0+S+vCWgfSOmIklMPi/2OASh3WH+ugIy6adq/ZsH+gz
9Ur/JHX8PIcPPdSBnIwezhXjwfT287XgML0FT3xFoszxQpMjEgeZiLHblPTyHpI0
ox8cDgrLNyg1NMkJjbNVirkmeplJHav09u5vPlzBdUxZy9hMsCYj7CKaYzwDA+lU
HHZHLjlC8ME/MNNjqKoHw9eB/HmObexlRjgoYwIDAQABAoIBAQCprXaWacJKgMxE
qQLAAn5MRbY5wVHxnuVHujH6EclEaDrKOBCmmcL8O/ABwpA4EYKcwNcg0WOJ3gO0
aw7702ljwjuZXxyB+g5A9RCcwaw2HX61DmR+3Wn99jY4rGD/oc7TUcqsRQgI6Nqw
yRXGrtN6ttoAXDLb0rqTTadK0gzUCQ5BH4dhQXula8ymHSoopEwE5uij7IbHKPNM
MMQqyIMQmdN4YM3o5IZuihGxfGhNpyi0ZBZd6wUHoTd2f/JHQzY4MWCXIUoFU1kB
DBJA0Lunmpk798axbzpJprCUA46Ur8HIGm2EXI/kNmnm7Y5EWfo3y6vJNJl/bbNJ
yiJGSHqhAoGBAPtjLOVmjU5U/E0Z+S3w5KzNZTOwIwnMIz0gNNyE6kS2mqmTU3aJ
J80Or7x8Q2ZfhlrdxbqTkKzWw/G9lBpJcoygnoPgmE3TDyXnq13lKmCfpSQFYNZ6
g/5VmKNLqJRBv6xTZFfY1p+hLv/6GqPhIfvtqLUDaooPwo1/Fhhlt4qTAoGBAMDy
MywLGyJvvFLlUt4jmQqHUUGd+wo0EopnXp/HUTcn0IGu/5mXBAHbDiFQJxulpY6Y
y465BBuobiG4mc17nKMctJxys/3sb/ptF4O6w9CuOg983sTo8UJH3McUlEVVJmrV
QzlKmQ3Pg1P0pq4Th3xNRnFNbKWgJp2FOgmdovzxAoGBALTxWat0+Vjciw3kGBsd
PTu0S5e8vDudF/AzclkXwpfa59APHxA/AMr0O0HsH4dcUpSs9FmrRYNiwn8J+cRC
AZV/NxmtW3MI6+pYqlxXSv1pa7BVvrIiVUeHzOoc1yZ/fLtI+vzQMwuLNQ1CtFIp
BhETq08/OjxNw7edNgYxkL7JAoGBALxoBNX+JknzJ8cejVPDGP8x8YOMe4WUIYKq
u7hzzfd41l67/nUBBPW27M5U0Utq7gYXZ7X/Lma/ioM9GlqPWP3h2u9mBiJuzU2R
V0PXjLxqVOGownMvL97UA18W1k35fuEVTGZWVKwqtQe3P0d+ZG9Zme6rdusoPmzU
mj6ngm9RAoGANf1rOqxOSSqmUiRF/01vozYFq/r4hvP9VzPCZuuZelxUAYyM1w6/
NLm/L/dXSuubfOVAawg6NCnbNR1+QjRwSe3FjkxEwceUHb/810ldo1NtlN3I6ags
cu8l5T6bbKhF50ZHAXio7uVz7CRDr/t3gbOtSBEcAG8X8VyFicfTBzA=
-----END RSA PRIVATE KEY-----
- 生成证书
继续用刚才生成的密钥来生成证书请求
首先新建一个文件 ca.conf
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = shandong
localityName = Locality Name (eg, city)
localityName_default = weifang
organizationName = Organization Name (eg, company)
organizationName_default = YinChengLin
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = Ted CA Test
运行命令
openssl req -new -sha256 -out ca.csr -key rsa_pri.pem -config ca.conf
一路回车生成证书请求文件
文件
生成证书
G:\大三下学习\安全协议\work>openssl x509 -req -days 3650 -in ca.csr -signkey rsa_pri.key -out ca.crt
Signature ok
subject=C = CN, ST = shandong, L = weifang, O = linmumu, CN = Ted CA Test
Getting Private key
证书
详细信息
可以看到信息与我们设置的一致
- 生成pkcs12包
输入以下命令
G:\大三下学习\安全协议\work>openssl pkcs12 -export -inkey rsa_pri.key -in ca.crt -out plcs.pfx
Enter Export Password:
Verifying - Enter Export Password:
密码随意进行设置即可
- ASN1编码显示
G:\大三下学习\安全协议\work>openssl asn1parse -i -in ca.csr
0:d=0 hl=4 l= 671 cons: SEQUENCE
4:d=1 hl=4 l= 391 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 90 cons: SEQUENCE
13:d=3 hl=2 l= 11 cons: SET
15:d=4 hl=2 l= 9 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :countryName
22:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
26:d=3 hl=2 l= 17 cons: SET
28:d=4 hl=2 l= 15 cons: SEQUENCE
30:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
35:d=5 hl=2 l= 8 prim: UTF8STRING :shandong
45:d=3 hl=2 l= 16 cons: SET
47:d=4 hl=2 l= 14 cons: SEQUENCE
49:d=5 hl=2 l= 3 prim: OBJECT :localityName
54:d=5 hl=2 l= 7 prim: UTF8STRING :weifang
63:d=3 hl=2 l= 16 cons: SET
65:d=4 hl=2 l= 14 cons: SEQUENCE
67:d=5 hl=2 l= 3 prim: OBJECT :organizationName
72:d=5 hl=2 l= 7 prim: UTF8STRING :linmumu
81:d=3 hl=2 l= 20 cons: SET
83:d=4 hl=2 l= 18 cons: SEQUENCE
85:d=5 hl=2 l= 3 prim: OBJECT :commonName
90:d=5 hl=2 l= 11 prim: UTF8STRING :Ted CA Test
103:d=2 hl=4 l= 290 cons: SEQUENCE
107:d=3 hl=2 l= 13 cons: SEQUENCE
109:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
120:d=4 hl=2 l= 0 prim: NULL
122:d=3 hl=4 l= 271 prim: BIT STRING
397:d=2 hl=2 l= 0 cons: cont [ 0 ]
399:d=1 hl=2 l= 13 cons: SEQUENCE
401:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
412:d=2 hl=2 l= 0 prim: NULL
414:d=1 hl=4 l= 257 prim: BIT STRING