<openssl rsa> <fym0121@163.com>
介绍
openssl rsa 是RSA处理工具。可以提取公钥,加解密RSA公/私钥文件(施加密码保护),格式转换,检查RSA文件完整性,输出RSA文件的modulus和components(^_^我也不知道是啥)。
语法
openssl rsa[-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-engine id]
-pubout / -pubin 指明输出文件或输入文件是公钥文件,-pubout经常用于从公钥文件中提取私钥(这句话对不对,还请大侠指点)。
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -pubou -out rsa_pub_nopw.pem writing RSA key-inform / -outform DER|NET|PEM 格式转换。RSA有3中文件格式,默认是PEM格式。例如
The PEM private key format uses the header and footer lines:
-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
The PEM public key format uses the header and footer lines:
-----BEGIN PUBLIC KEY----- -----END PUBLIC KEY-----
E:\OpenSSL\foo>openssl genrsa -out rsa_pri_nopw.pem Loading 'screen' into random state - done Generating RSA private key, 512 bit long modulus ......++++++++++++ ....................++++++++++++ e is 65537 (0x10001) E:\OpenSSL\foo>openssl rsa -inform PEM -in rsa_pri_nopw.pem -outform DER -out rsa_pub_nopw.der writing RSA key
-passin / -passout ARG 用于输入密码,或指定保护输出文件的密码。
E:\OpenSSL\foo>openssl genrsa -out -des3 -passout pass:123 -out rsa_pri_pw.pem Loading 'screen' into random state - done Generating RSA private key, 512 bit long modulus ...............++++++++++++ ...................++++++++++++ e is 65537 (0x10001) E:\OpenSSL\foo>openssl rsa -passin pass:123 -in rsa_pri_pw.pem -out rsa_pri_nopw.pem #去除密码 writing RSA key E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -des3 -passout pass:456 -out rsa_pri_pw.pem #更改密码 writing RSA key
-check RSA密钥文件一致性检查
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBAKze+GcSj+myoR2ZkEDuYZeZijSBklCjA9cwrx4y4uuBV1ZM73s/ U6eoErpRtQ0Asp2Aky+dp5xvjQDv3n/ASU8CAwEAAQJAK5l8yvo6g7WCvyVo5Yd5 47Nc0QtQ7LeAk3h64kHxS3YEgp7OUsXSZhNIaPNdIN/CFkOLTuOryuu1TQqgy91+ mQIhANTgudcb8wFEENK4vYnbFXcaZ09s7hrNx8uepzvKTMk7AiEAz+OYkDV6fRs4 fML+3SXLKFZz5CWTlXC6jefqKWZRnv0CIQCbGG/NrWtKzNCE9lwBiEEHWZFTaMXB eZPLYnftM+Ll6QIgOu/3jMrckyNofFZ8Ew5n7mO0L3ZHxRJUkW6ygFI1ybECIQCr DNhfbvUBvENqKk6yoo4um03c3eWekLVkQ/vV1S9DWg== -----END RSA PRIVATE KEY-----
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -check -noout RSA key ok
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -modulus -noout Modulus=ACDEF867128FE9B2A11D999040EE6197998A34819250A303D730AF1E32E2EB8157564CEF 7B3F53A7A812BA51B50D00B29D80932F9DA79C6F8D00EFDE7FC0494F
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -text -noout Private-Key: (512 bit) modulus: 00:ac:de:f8:67:12:8f:e9:b2:a1:1d:99:90:40:ee: 61:97:99:8a:34:81:92:50:a3:03:d7:30:af:1e:32: e2:eb:81:57:56:4c:ef:7b:3f:53:a7:a8:12:ba:51: b5:0d:00:b2:9d:80:93:2f:9d:a7:9c:6f:8d:00:ef: de:7f:c0:49:4f publicExponent: 65537 (0x10001) privateExponent: 2b:99:7c:ca:fa:3a:83:b5:82:bf:25:68:e5:87:79: e3:b3:5c:d1:0b:50:ec:b7:80:93:78:7a:e2:41:f1: 4b:76:04:82:9e:ce:52:c5:d2:66:13:48:68:f3:5d: 20:df:c2:16:43:8b:4e:e3:ab:ca:eb:b5:4d:0a:a0: cb:dd:7e:99 prime1: 00:d4:e0:b9:d7:1b:f3:01:44:10:d2:b8:bd:89:db: 15:77:1a:67:4f:6c:ee:1a:cd:c7:cb:9e:a7:3b:ca: 4c:c9:3b prime2: 00:cf:e3:98:90:35:7a:7d:1b:38:7c:c2:fe:dd:25: cb:28:56:73:e4:25:93:95:70:ba:8d:e7:ea:29:66: 51:9e:fd exponent1: 00:9b:18:6f:cd:ad:6b:4a:cc:d0:84:f6:5c:01:88: 41:07:59:91:53:68:c5:c1:79:93:cb:62:77:ed:33: e2:e5:e9 exponent2: 3a:ef:f7:8c:ca:dc:93:23:68:7c:56:7c:13:0e:67: ee:63:b4:2f:76:47:c5:12:54:91:6e:b2:80:52:35: c9:b1 coefficient: 00:ab:0c:d8:5f:6e:f5:01:bc:43:6a:2a:4e:b2:a2: 8e:2e:9b:4d:dc:dd:e5:9e:90:b5:64:43:fb:d5:d5: 2f:43:5a