openssl rsa RSA处理工具

<openssl rsa> <[email protected]>

介绍

openssl rsa 是RSA处理工具。可以提取公钥，加解密RSA公/私钥文件（施加密码保护），格式转换，检查RSA文件完整性，输出RSA文件的modulus和components（^_^我也不知道是啥）。

语法

openssl rsa[-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-engine id]

-pubout / -pubin    指明输出文件或输入文件是公钥文件，-pubout经常用于从公钥文件中提取私钥(这句话对不对，还请大侠指点)。

E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -pubou -out rsa_pub_nopw.pem
writing RSA key

-inform / -outform DER|NET|PEM  格式转换。RSA有3中文件格式，默认是PEM格式。例如

The PEM private key format uses the header and footer lines:

 -----BEGIN RSA PRIVATE KEY-----
 -----END RSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----
 -----END PUBLIC KEY-----

E:\OpenSSL\foo>openssl genrsa -out rsa_pri_nopw.pem
Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
......++++++++++++
....................++++++++++++
e is 65537 (0x10001)

E:\OpenSSL\foo>openssl rsa -inform PEM -in rsa_pri_nopw.pem -outform DER -out rsa_pub_nopw.der
writing RSA key

-passin / -passout  ARG      用于输入密码，或指定保护输出文件的密码。

E:\OpenSSL\foo>openssl genrsa -out -des3 -passout pass:123 -out rsa_pri_pw.pem
Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
...............++++++++++++
...................++++++++++++
e is 65537 (0x10001)

E:\OpenSSL\foo>openssl rsa -passin pass:123 -in rsa_pri_pw.pem -out rsa_pri_nopw.pem    #去除密码
writing RSA key
E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -des3 -passout pass:456 -out rsa_pri_pw.pem  #更改密码
writing RSA key

-check      RSA密钥文件一致性检查

E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAKze+GcSj+myoR2ZkEDuYZeZijSBklCjA9cwrx4y4uuBV1ZM73s/
U6eoErpRtQ0Asp2Aky+dp5xvjQDv3n/ASU8CAwEAAQJAK5l8yvo6g7WCvyVo5Yd5
47Nc0QtQ7LeAk3h64kHxS3YEgp7OUsXSZhNIaPNdIN/CFkOLTuOryuu1TQqgy91+
mQIhANTgudcb8wFEENK4vYnbFXcaZ09s7hrNx8uepzvKTMk7AiEAz+OYkDV6fRs4
fML+3SXLKFZz5CWTlXC6jefqKWZRnv0CIQCbGG/NrWtKzNCE9lwBiEEHWZFTaMXB
eZPLYnftM+Ll6QIgOu/3jMrckyNofFZ8Ew5n7mO0L3ZHxRJUkW6ygFI1ybECIQCr
DNhfbvUBvENqKk6yoo4um03c3eWekLVkQ/vV1S9DWg==
-----END RSA PRIVATE KEY-----

-noout    不再输出密钥文件内容，请将输出结果与上面的比较。

E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -check -noout
RSA key ok

-modulus / -text      输出密钥文件的modulus或components

E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -modulus -noout
Modulus=ACDEF867128FE9B2A11D999040EE6197998A34819250A303D730AF1E32E2EB8157564CEF
7B3F53A7A812BA51B50D00B29D80932F9DA79C6F8D00EFDE7FC0494F

E:\OpenSSL\foo>openssl rsa -in rsa_pri_nopw.pem -text -noout
Private-Key: (512 bit)
modulus:
    00:ac:de:f8:67:12:8f:e9:b2:a1:1d:99:90:40:ee:
    61:97:99:8a:34:81:92:50:a3:03:d7:30:af:1e:32:
    e2:eb:81:57:56:4c:ef:7b:3f:53:a7:a8:12:ba:51:
    b5:0d:00:b2:9d:80:93:2f:9d:a7:9c:6f:8d:00:ef:
    de:7f:c0:49:4f
publicExponent: 65537 (0x10001)
privateExponent:
    2b:99:7c:ca:fa:3a:83:b5:82:bf:25:68:e5:87:79:
    e3:b3:5c:d1:0b:50:ec:b7:80:93:78:7a:e2:41:f1:
    4b:76:04:82:9e:ce:52:c5:d2:66:13:48:68:f3:5d:
    20:df:c2:16:43:8b:4e:e3:ab:ca:eb:b5:4d:0a:a0:
    cb:dd:7e:99
prime1:
    00:d4:e0:b9:d7:1b:f3:01:44:10:d2:b8:bd:89:db:
    15:77:1a:67:4f:6c:ee:1a:cd:c7:cb:9e:a7:3b:ca:
    4c:c9:3b
prime2:
    00:cf:e3:98:90:35:7a:7d:1b:38:7c:c2:fe:dd:25:
    cb:28:56:73:e4:25:93:95:70:ba:8d:e7:ea:29:66:
    51:9e:fd
exponent1:
    00:9b:18:6f:cd:ad:6b:4a:cc:d0:84:f6:5c:01:88:
    41:07:59:91:53:68:c5:c1:79:93:cb:62:77:ed:33:
    e2:e5:e9
exponent2:
    3a:ef:f7:8c:ca:dc:93:23:68:7c:56:7c:13:0e:67:
    ee:63:b4:2f:76:47:c5:12:54:91:6e:b2:80:52:35:
    c9:b1
coefficient:
    00:ab:0c:d8:5f:6e:f5:01:bc:43:6a:2a:4e:b2:a2:
    8e:2e:9b:4d:dc:dd:e5:9e:90:b5:64:43:fb:d5:d5:
    2f:43:5a