安全算法实验（二）

具体要求

使用openssl工具完成如下操作：
（1）RSA 2048位 密钥生成；
（2）导出公钥；
（3）生成数字证书请求；
（4）生成数字证书；
（5）生成pkcs12格式安全包。
（6）用ASN1编码解析器，显示以上生成数据对象的ASN1编码数据。

实现过程

• RSA 2048密钥生成与导出

genrsa -out rsa-pri.pem
openssl rsa -in rsa_pri.key -pubout -out rsa_pub.pub

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC9eDesf6o/ZAzz
x4U+xIuXLTZnGlb6m6s3r2afMmpcETeMwWp6vl2jwpYmdNO8DN7P36J9WjnX4v3y
jSwbNfcoySonw/jVeqADgQIEzJvbGzwGh7QFv51MP/9d9fLsXLnIqyY7T5L68JaB
9I6YiSUw+L/Y4BKHdYf66AjLpp2r9mwf6DP1Sv8kdfw8hw891IGcjB7OFePB9Pbz
teAwvQVPfEWizPFCkyMSB5mIsduU9PIekjSjHxwOCss3KDU0yQmNs1WKuSZ6mUkd
q/T27m8+XMF1TFnL2EywJiPsIppjPAMD6VQcdkcuOULwwT8w02OoqgfD14H8eY5t
7GVGOChjAgMBAAECggEBAKmtdpZpwkqAzESpAsACfkxFtjnBUfGe5Ue6MfoRyURo
Oso4EKaZwvw78AHCkDgRgpzA1yDRY4neA7RrDvvTaWPCO5lfHIH6DkD1EJzBrDYd
frUOZH7daf32NjisYP+hztNRyqxFCAjo2rDJFcau03q22gBcMtvSupNNp0rSDNQJ
DkEfh2FBe6VrzKYdKiikTATm6KPshsco80wwxCrIgxCZ03hgzejkhm6KEbF8aE2n
KLRkFl3rBQehN3Z/8kdDNjgxYJchSgVTWQEMEkDQu6eamTv3xrFvOkmmsJQDjpSv
wcgabYRcj+Q2aebtjkRZ+jfLq8k0mX9ts0nKIkZIeqECgYEA+2Ms5WaNTlT8TRn5
LfDkrM1lM7AjCcwjPSA03ITqRLaaqZNTdoknzQ6vvHxDZl+GWt3FupOQrNbD8b2U
GklyjKCeg+CYTdMPJeerXeUqYJ+lJAVg1nqD/lWYo0uolEG/rFNkV9jWn6Eu//oa
o+Eh++2otQNqig/CjX8WGGW3ipMCgYEAwPIzLAsbIm+8UuVS3iOZCodRQZ37CjQS
imden8dRNyfQga7/mZcEAdsOIVAnG6WljpjLjrkEG6huIbiZzXucoxy0nHKz/exv
+m0Xg7rD0K46D3zexOjxQkfcxxSURVUmatVDOUqZDc+DU/SmrhOHfE1GcU1spaAm
nYU6CZ2i/PECgYEAtPFZq3T5WNyLDeQYGx09O7RLl7y8O50X8DNyWRfCl9rn0A8f
ED8AyvQ7Qewfh1xSlKz0WatFg2LCfwn5xEIBlX83Ga1bcwjr6liqXFdK/WlrsFW+
siJVR4fM6hzXJn98u0j6/NAzC4s1DUK0UikGEROrTz86PE3Dt502BjGQvskCgYEA
vGgE1f4mSfMnxx6NU8MY/zHxg4x7hZQhgqq7uHPN93jWXrv+dQEE9bbszlTRS2ru
Bhdntf8uZr+Kgz0aWo9Y/eHa72YGIm7NTZFXQ9eMvGpU4ajCcy8v3tQDXxbWTfl+
4RVMZlZUrCq1B7c/R35kb1mZ7qt26yg+bNSaPqeCb1ECgYA1/Ws6rE5JKqZSJEX/
TW+jNgWr+viG8/1XM8Jm65l6XFQBjIzXDr80ub8v91dK65t85UBrCDo0Kds1HX5C
NHBJ7cWOTETBx5Qdv/zXSV2jU22U3cjpqCxy7yXlPptsqEXnRkcBeKju5XPsJEOv
+3eBs61IERwAbxfxXIWJx9MHMA==
-----END PRIVATE KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAvXg3rH+qP2QM88eFPsSLly02ZxpW+purN69mnzJqXBE3jMFq
er5do8KWJnTTvAzez9+ifVo51+L98o0sGzX3KMkqJ8P41XqgA4ECBMyb2xs8Boe0
Bb+dTD//XfXy7Fy5yKsmO0+S+vCWgfSOmIklMPi/2OASh3WH+ugIy6adq/ZsH+gz
9Ur/JHX8PIcPPdSBnIwezhXjwfT287XgML0FT3xFoszxQpMjEgeZiLHblPTyHpI0
ox8cDgrLNyg1NMkJjbNVirkmeplJHav09u5vPlzBdUxZy9hMsCYj7CKaYzwDA+lU
HHZHLjlC8ME/MNNjqKoHw9eB/HmObexlRjgoYwIDAQABAoIBAQCprXaWacJKgMxE
qQLAAn5MRbY5wVHxnuVHujH6EclEaDrKOBCmmcL8O/ABwpA4EYKcwNcg0WOJ3gO0
aw7702ljwjuZXxyB+g5A9RCcwaw2HX61DmR+3Wn99jY4rGD/oc7TUcqsRQgI6Nqw
yRXGrtN6ttoAXDLb0rqTTadK0gzUCQ5BH4dhQXula8ymHSoopEwE5uij7IbHKPNM
MMQqyIMQmdN4YM3o5IZuihGxfGhNpyi0ZBZd6wUHoTd2f/JHQzY4MWCXIUoFU1kB
DBJA0Lunmpk798axbzpJprCUA46Ur8HIGm2EXI/kNmnm7Y5EWfo3y6vJNJl/bbNJ
yiJGSHqhAoGBAPtjLOVmjU5U/E0Z+S3w5KzNZTOwIwnMIz0gNNyE6kS2mqmTU3aJ
J80Or7x8Q2ZfhlrdxbqTkKzWw/G9lBpJcoygnoPgmE3TDyXnq13lKmCfpSQFYNZ6
g/5VmKNLqJRBv6xTZFfY1p+hLv/6GqPhIfvtqLUDaooPwo1/Fhhlt4qTAoGBAMDy
MywLGyJvvFLlUt4jmQqHUUGd+wo0EopnXp/HUTcn0IGu/5mXBAHbDiFQJxulpY6Y
y465BBuobiG4mc17nKMctJxys/3sb/ptF4O6w9CuOg983sTo8UJH3McUlEVVJmrV
QzlKmQ3Pg1P0pq4Th3xNRnFNbKWgJp2FOgmdovzxAoGBALTxWat0+Vjciw3kGBsd
PTu0S5e8vDudF/AzclkXwpfa59APHxA/AMr0O0HsH4dcUpSs9FmrRYNiwn8J+cRC
AZV/NxmtW3MI6+pYqlxXSv1pa7BVvrIiVUeHzOoc1yZ/fLtI+vzQMwuLNQ1CtFIp
BhETq08/OjxNw7edNgYxkL7JAoGBALxoBNX+JknzJ8cejVPDGP8x8YOMe4WUIYKq
u7hzzfd41l67/nUBBPW27M5U0Utq7gYXZ7X/Lma/ioM9GlqPWP3h2u9mBiJuzU2R
V0PXjLxqVOGownMvL97UA18W1k35fuEVTGZWVKwqtQe3P0d+ZG9Zme6rdusoPmzU
mj6ngm9RAoGANf1rOqxOSSqmUiRF/01vozYFq/r4hvP9VzPCZuuZelxUAYyM1w6/
NLm/L/dXSuubfOVAawg6NCnbNR1+QjRwSe3FjkxEwceUHb/810ldo1NtlN3I6ags
cu8l5T6bbKhF50ZHAXio7uVz7CRDr/t3gbOtSBEcAG8X8VyFicfTBzA=
-----END RSA PRIVATE KEY-----

• 生成证书
  继续用刚才生成的密钥来生成证书请求
  首先新建一个文件 ca.conf

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = shandong
localityName                = Locality Name (eg, city)
localityName_default        = weifang
organizationName            = Organization Name (eg, company)
organizationName_default    = YinChengLin
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = Ted CA Test

运行命令

openssl req -new -sha256 -out ca.csr -key rsa_pri.pem -config ca.conf

一路回车生成证书请求文件

文件

生成证书

G:\大三下学习\安全协议\work>openssl x509 -req -days 3650 -in ca.csr -signkey rsa_pri.key -out ca.crt
Signature ok
subject=C = CN, ST = shandong, L = weifang, O = linmumu, CN = Ted CA Test
Getting Private key

证书

详细信息

可以看到信息与我们设置的一致

• 生成pkcs12包
  输入以下命令

G:\大三下学习\安全协议\work>openssl pkcs12 -export -inkey rsa_pri.key -in ca.crt -out plcs.pfx
Enter Export Password:
Verifying - Enter Export Password:

密码随意进行设置即可

• ASN1编码显示

G:\大三下学习\安全协议\work>openssl  asn1parse  -i  -in ca.csr
    0:d=0  hl=4 l= 671 cons: SEQUENCE
    4:d=1  hl=4 l= 391 cons:  SEQUENCE
    8:d=2  hl=2 l=   1 prim:   INTEGER           :00
   11:d=2  hl=2 l=  90 cons:   SEQUENCE
   13:d=3  hl=2 l=  11 cons:    SET
   15:d=4  hl=2 l=   9 cons:     SEQUENCE
   17:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
   22:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :CN
   26:d=3  hl=2 l=  17 cons:    SET
   28:d=4  hl=2 l=  15 cons:     SEQUENCE
   30:d=5  hl=2 l=   3 prim:      OBJECT            :stateOrProvinceName
   35:d=5  hl=2 l=   8 prim:      UTF8STRING        :shandong
   45:d=3  hl=2 l=  16 cons:    SET
   47:d=4  hl=2 l=  14 cons:     SEQUENCE
   49:d=5  hl=2 l=   3 prim:      OBJECT            :localityName
   54:d=5  hl=2 l=   7 prim:      UTF8STRING        :weifang
   63:d=3  hl=2 l=  16 cons:    SET
   65:d=4  hl=2 l=  14 cons:     SEQUENCE
   67:d=5  hl=2 l=   3 prim:      OBJECT            :organizationName
   72:d=5  hl=2 l=   7 prim:      UTF8STRING        :linmumu
   81:d=3  hl=2 l=  20 cons:    SET
   83:d=4  hl=2 l=  18 cons:     SEQUENCE
   85:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
   90:d=5  hl=2 l=  11 prim:      UTF8STRING        :Ted CA Test
  103:d=2  hl=4 l= 290 cons:   SEQUENCE
  107:d=3  hl=2 l=  13 cons:    SEQUENCE
  109:d=4  hl=2 l=   9 prim:     OBJECT            :rsaEncryption
  120:d=4  hl=2 l=   0 prim:     NULL
  122:d=3  hl=4 l= 271 prim:    BIT STRING
  397:d=2  hl=2 l=   0 cons:   cont [ 0 ]
  399:d=1  hl=2 l=  13 cons:  SEQUENCE
  401:d=2  hl=2 l=   9 prim:   OBJECT            :sha256WithRSAEncryption
  412:d=2  hl=2 l=   0 prim:   NULL
  414:d=1  hl=4 l= 257 prim:  BIT STRING