几个概念

对称加密、非对称加密

对称加密

加密的密码和解密的密码是相同的。

可以用 openssl enc
常用参数

  • -e 加密
  • -a 把加密结果用 base64 编码
  • -salt 加盐
  • -d 解密
  • -in 输入文件
  • -out 输出文件
  • -ciphers 显示支持的算法
  • - 替换成支持的算法名称,比如-des3
# 显示所有支持的算法
openssl enc -ciphers
# 加密字符串
echo admin | openssl enc -e -des3 -out a.enc
# 输两遍密码,把加密后的结果存到a.enc 里面。
cat e.enc
# 显示的 是一堆乱码,加一个 -a 参数,可以把加密结果用base64编码
# 解密
openssl enc -d -des3  -in a.enc
# 加密文件
openssl enc -e -des3 -in a.txt -out a.enc
# 解密文件
openssl enc -d -des3 -in a.enc -out a2.txt

非对称加密

加密和解密用的不是一个密码或者叫密钥。一般是一个保密的私钥,一个或者多个公开的公钥。
一般来说,私钥是用来签名的,签名后的数据可以公钥解开。公钥可以用来加密,然后可以用私钥解开查看。

私钥

这个需要保密,可以用工具生成 :

# shell
openssl genrsa -out private.key -des3 2048

格式是这样的:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4D40479FEEEA2AF1

EJ07tbzrUGJ1RA4SkWI/axDjZuEJkE8X7cSbFdanjLJtznukt9un53YjcyDna16y
7ypVjryqA7l7bT5aAezLkTl6QrEaYCJUCnRUW/y/FJi+/htUyQAW/4oYA7DM0i04
vCUOgEYZkqobdS6sAXG9zs12t5afTIMjElzHM1teCnN2wll8IpFHooHdEAVYNyRJ
UoMxsfxGDf/R1e8armZKB8RrAk299N33EB3xqGbftjh5o4pApLFjMrSBZbrFwMLa
PUlJuXQNzbwxQhTk5eHhszlzcuhKXoAXL7zcp93UZq+vPa69tqhoT/g6E+f+TkSL
XWA+VUxEkkp6xRxGg4euFoU6F/R1iez9yTCaSloX8+4IvO1gkem0zRWsrsyfLRLH
ythnkwFE6uGnuUHFmjmhvUyUZDPLT6Fnav2YUaDwxemUdAHxIXaf4/8zYvmPOU3X
Ijmullj8H5GFu6Kcg6+2Ps28HfTUwBxfpNM4e9SV6IhkECHBrcsTlNGOl2vmP8w9
Ftp/ppGpJ0Iwk/8nLEFAhhiwewGpl7FY12/51iJVm2GEhuBUerrK3QPeizDrtPMD
+Uf78B4EDqRgjQ91IOhzQBo4YNe9Np8CBYrHF0OnRVlx02uY7MriH94MsCnyr2fA
t2540AK1QzTENFfeKrEC6UhFMDWd8MDP4QKV35flZcDm/B8Zo23hdfAgR24SXbcY
FpPyWo0PmqEsDWtr94WxCO3i/XTTtEZtACGfNaMfu1sE0SRio7d4/z5vCiH2Pv7I
0+3L41/RUjEYZ2QXWVOt4om0Hj70fmLPdmBiteHOSWPY4t3zKl1BMrU8Zwzmj0o3
5fthsiuYQlGkMilKd9hYa2X2GDQRBYb91C7sTC6cDNAosNPfOOa/WNHf/86/4tW7
yq9LLsr9GLdU2h5PgrkQH7UL4aW6KWvNt47JCwDCTILo9YeNnKJQD7blxDZjO5vH
a0+WvO9BVlMb/bfJvzNIHqXzfPMxjvEbUR6OvhLE4t3NfmimCYCl70Yl8GGAF8X9
Hs3NurOL4EJ/keA2MCXdcVQLz0qhNS4w4rEyI5sTngm42lbtg1QJUH7enYi1AOvh
EbpfbDO7pNqKgcX6dpxi25+UwTYoNHcYDIp/vYNxiZwtjUzJJywh3OsMTnx4F9hU
2ffdYDQIH84B6d+R/78XSVnZ6XdiPMz9fwb6iPySUzFRz0MlQw0TMOINOkH8QQE7
6yx5mEbQCJotJ+4JTeC6RlLkO66VoOUZVPeLoYuPOic8c873EuFB4Kl95aHi7rzX
ATOLyGdU2r6BVDQ06YGHywH0j8jxysDj+YkWpEnYJhy2v9mjmgMFBiRO0nmePBhq
yPNc/73u0KaGj1HxPmgCehMq3SMcfC8zkL94li+6S7vMMYy2K9E864xZ/bke41X5
5l8Ql+ZwTuedN6dbizMGAL+daymyQpMOhHyXdLQLMHXR11FLecrQLddWYkBwjMvD
J9ZEDv6hkBHsjB5t5MAU/vAvtNpy5na19j4k9wYDltDIkDvFuKIhGuKEARFJvVWZ
NZ7xCHI40cy5oBFMkzQzhWxGOvb8evgqhEXBOZk5HggiryLV5M4t3A==
-----END RSA PRIVATE KEY-----

这个生成的是带密码保护的私钥,后期要用的时候要输当时设置的密码。

# 转成不带密码的
openssl -in private.key -out private_nopass.key 
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAswgbaduwF1nxmqJGqcOxV2RNfr1ZhL0geulE0ZqwNl8VR6s1
ScdcQOJrqt+F7Nl+FPt9dDkQE+0QWcyiYZuHJhXN/BX0MVvKzEV/t/dMBFc9ENuj
G9w6kUmBg643JOEbMxu2guJbmJxXyJM88MsLWAw62ypY7nFw+iIUdCL12W03uC7P
XN1GHehehfbHvQEHF1902z5m7mB0Uj2fDLDlOnz7QOekd4jpq9Gzm0m4j/PEW1FJ
f7xVVxhsGvtG5FERC4fUFJ4gBXKbz+WJMwCdfM+otuveQs8yEYVQ8nBoSsD6HtLb
7J41NLV2bQgNbo4WAatUK13qTzk0VkZY7PhX3wIDAQABAoIBAEMm+VFdi9FWdV8x
Gxw2QOCsyLyPPXKilfpEYQHV6d6bD5pQR66izqGvy/7N1KggdEBejJH5jWRL+WQV
c5r1AV5xs0+o1G1nJsw0DVHtul+ucUNPfwDGPFmenqvLvvdgUBl9fZneWckGa47a
W3NeVaTzAWiPm8fkWSIZgl6Fdn3U7pfeFgQu1bGPW7HiH8d+BOFUOs9BldJEHhlm
iOqprxKB+1rsI8jztWGAnpJ0LcyTPMkHLdUz2GAtZtI4sdIC97XJhTS1taKo1V2L
JbVxUjpg0YoDiKFlny+UMDcb9xpD4Oym5KdPs/ZJvDcDyeh3wanKENTjkNfSy2xt
b0aXrRECgYEA5kcZLy5smjcNLt+zQ+AuE2z5RKV9iqgdFPxQ1Fs2SdcTXQuoNDX9
9RyKZvl6uhtgsJz1VJ1UIXrhwuOR3egM7E2YaJMgo4Qbnx8mKGYcv65jq97ZQJJU
gcOA+Ur8pw/nUAWUnpxUKKNOA3HmZapZze2aNHIgBA8e4LEEs+qqo4sCgYEAxwea
aDE45QzmAPXfBbW7RCcbby3a98Tw84NIRCFcrfcS6VN5kBH58hGJ0vE4BzdZeQyn
KI4o/kTWDJeKBtXZxsx15ck75QR9ijbloGdXd3Wevzm0Ud1nNU0rZcMcNiLt4FRw
XAh9lfOCH/j8ckwyAomf1SYGCnTNVSHnkMN/F30CgYEAiOeONnnAQXMnWE3QszLt
0cjA7aoB2FSYbaiQmZ/cx8uhjHjouJm88WPVeOErsMekFXxLctHSedEntYk8aJSU
UkzTpqCKEAzzqweG1Q/YWbFhOoZT3UriCP/lhtCpIt2WpQGcWSwR8NMeB3hJBPph
R8fSHQoYtLEUp3s2k4yZhH8CgYAFTjOUgXNlz7E151f5m/2Q9IXrsco7fpl5tE8x
2b3RuVtcsufzqjcCd+s3n0yCDLyq2GaAU0HOfWFDVqrMQdkbTon6BSI+mZ8LFymJ
3BddzNndeRlQcVl190en38qZutaiez2/hk5qt+IJHicEmPlgTfDfyrKwhqqOkWfN
2RhDNQKBgBo/P1GQxlPk24QCVXbcQbwDEPAwQObSXcWrsQfXNikLOyVs7hQ0Tu8j
GXsGdnB66BypOqH0rOSOBZDtGFQS3LXiZAHPpaOPIUr02LZ4V33vWwVR7jl57IwN
QLoOjqlOacLeOJONuBfqp2juBOZFc8rFHz4cDy147U9WpWEoErhz
-----END RSA PRIVATE KEY-----
# 查看密钥信息
openssl rsa -in private.key -text
RSA Private-Key: (2048 bit, 2 primes)
modulus:
    00:b3:08:1b:69:db:b0:17:59:f1:9a:a2:46:a9:c3:
    b1:57:64:4d:7e:bd:59:84:bd:20:7a:e9:44:d1:9a:
    b0:36:5f:15:47:ab:35:49:c7:5c:40:e2:6b:aa:df:
    85:ec:d9:7e:14:fb:7d:74:39:10:13:ed:10:59:cc:
    a2:61:9b:87:26:15:cd:fc:15:f4:31:5b:ca:cc:45:
    7f:b7:f7:4c:04:57:3d:10:db:a3:1b:dc:3a:91:49:
    81:83:ae:37:24:e1:1b:33:1b:b6:82:e2:5b:98:9c:
    57:c8:93:3c:f0:cb:0b:58:0c:3a:db:2a:58:ee:71:
    70:fa:22:14:74:22:f5:d9:6d:37:b8:2e:cf:5c:dd:
    46:1d:e8:5e:85:f6:c7:bd:01:07:17:5f:74:db:3e:
    66:ee:60:74:52:3d:9f:0c:b0:e5:3a:7c:fb:40:e7:
    a4:77:88:e9:ab:d1:b3:9b:49:b8:8f:f3:c4:5b:51:
    49:7f:bc:55:57:18:6c:1a:fb:46:e4:51:11:0b:87:
    d4:14:9e:20:05:72:9b:cf:e5:89:33:00:9d:7c:cf:
    a8:b6:eb:de:42:cf:32:11:85:50:f2:70:68:4a:c0:
    fa:1e:d2:db:ec:9e:35:34:b5:76:6d:08:0d:6e:8e:
    16:01:ab:54:2b:5d:ea:4f:39:34:56:46:58:ec:f8:
    57:df
publicExponent: 65537 (0x10001)
privateExponent:
    43:26:f9:51:5d:8b:d1:56:75:5f:31:1b:1c:36:40:
    e0:ac:c8:bc:8f:3d:72:a2:95:fa:44:61:01:d5:e9:
    de:9b:0f:9a:50:47:ae:a2:ce:a1:af:cb:fe:cd:d4:
    a8:20:74:40:5e:8c:91:f9:8d:64:4b:f9:64:15:73:
    9a:f5:01:5e:71:b3:4f:a8:d4:6d:67:26:cc:34:0d:
    51:ed:ba:5f:ae:71:43:4f:7f:00:c6:3c:59:9e:9e:
    ab:cb:be:f7:60:50:19:7d:7d:99:de:59:c9:06:6b:
    8e:da:5b:73:5e:55:a4:f3:01:68:8f:9b:c7:e4:59:
    22:19:82:5e:85:76:7d:d4:ee:97:de:16:04:2e:d5:
    b1:8f:5b:b1:e2:1f:c7:7e:04:e1:54:3a:cf:41:95:
    d2:44:1e:19:66:88:ea:a9:af:12:81:fb:5a:ec:23:
    c8:f3:b5:61:80:9e:92:74:2d:cc:93:3c:c9:07:2d:
    d5:33:d8:60:2d:66:d2:38:b1:d2:02:f7:b5:c9:85:
    34:b5:b5:a2:a8:d5:5d:8b:25:b5:71:52:3a:60:d1:
    8a:03:88:a1:65:9f:2f:94:30:37:1b:f7:1a:43:e0:
    ec:a6:e4:a7:4f:b3:f6:49:bc:37:03:c9:e8:77:c1:
    a9:ca:10:d4:e3:90:d7:d2:cb:6c:6d:6f:46:97:ad:
    11
prime1:
    00:e6:47:19:2f:2e:6c:9a:37:0d:2e:df:b3:43:e0:
    2e:13:6c:f9:44:a5:7d:8a:a8:1d:14:fc:50:d4:5b:
    36:49:d7:13:5d:0b:a8:34:35:fd:f5:1c:8a:66:f9:
    7a:ba:1b:60:b0:9c:f5:54:9d:54:21:7a:e1:c2:e3:
    91:dd:e8:0c:ec:4d:98:68:93:20:a3:84:1b:9f:1f:
    26:28:66:1c:bf:ae:63:ab:de:d9:40:92:54:81:c3:
    80:f9:4a:fc:a7:0f:e7:50:05:94:9e:9c:54:28:a3:
    4e:03:71:e6:65:aa:59:cd:ed:9a:34:72:20:04:0f:
    1e:e0:b1:04:b3:ea:aa:a3:8b
prime2:
    00:c7:07:9a:68:31:38:e5:0c:e6:00:f5:df:05:b5:
    bb:44:27:1b:6f:2d:da:f7:c4:f0:f3:83:48:44:21:
    5c:ad:f7:12:e9:53:79:90:11:f9:f2:11:89:d2:f1:
    38:07:37:59:79:0c:a7:28:8e:28:fe:44:d6:0c:97:
    8a:06:d5:d9:c6:cc:75:e5:c9:3b:e5:04:7d:8a:36:
    e5:a0:67:57:77:75:9e:bf:39:b4:51:dd:67:35:4d:
    2b:65:c3:1c:36:22:ed:e0:54:70:5c:08:7d:95:f3:
    82:1f:f8:fc:72:4c:32:02:89:9f:d5:26:06:0a:74:
    cd:55:21:e7:90:c3:7f:17:7d
exponent1:
    00:88:e7:8e:36:79:c0:41:73:27:58:4d:d0:b3:32:
    ed:d1:c8:c0:ed:aa:01:d8:54:98:6d:a8:90:99:9f:
    dc:c7:cb:a1:8c:78:e8:b8:99:bc:f1:63:d5:78:e1:
    2b:b0:c7:a4:15:7c:4b:72:d1:d2:79:d1:27:b5:89:
    3c:68:94:94:52:4c:d3:a6:a0:8a:10:0c:f3:ab:07:
    86:d5:0f:d8:59:b1:61:3a:86:53:dd:4a:e2:08:ff:
    e5:86:d0:a9:22:dd:96:a5:01:9c:59:2c:11:f0:d3:
    1e:07:78:49:04:fa:61:47:c7:d2:1d:0a:18:b4:b1:
    14:a7:7b:36:93:8c:99:84:7f
exponent2:
    05:4e:33:94:81:73:65:cf:b1:35:e7:57:f9:9b:fd:
    90:f4:85:eb:b1:ca:3b:7e:99:79:b4:4f:31:d9:bd:
    d1:b9:5b:5c:b2:e7:f3:aa:37:02:77:eb:37:9f:4c:
    82:0c:bc:aa:d8:66:80:53:41:ce:7d:61:43:56:aa:
    cc:41:d9:1b:4e:89:fa:05:22:3e:99:9f:0b:17:29:
    89:dc:17:5d:cc:d9:dd:79:19:50:71:59:75:f7:47:
    a7:df:ca:99:ba:d6:a2:7b:3d:bf:86:4e:6a:b7:e2:
    09:1e:27:04:98:f9:60:4d:f0:df:ca:b2:b0:86:aa:
    8e:91:67:cd:d9:18:43:35
coefficient:
    1a:3f:3f:51:90:c6:53:e4:db:84:02:55:76:dc:41:
    bc:03:10:f0:30:40:e6:d2:5d:c5:ab:b1:07:d7:36:
    29:0b:3b:25:6c:ee:14:34:4e:ef:23:19:7b:06:76:
    70:7a:e8:1c:a9:3a:a1:f4:ac:e4:8e:05:90:ed:18:
    54:12:dc:b5:e2:64:01:cf:a5:a3:8f:21:4a:f4:d8:
    b6:78:57:7d:ef:5b:05:51:ee:39:79:ec:8c:0d:40:
    ba:0e:8e:a9:4e:69:c2:de:38:93:8d:b8:17:ea:a7:
    68:ee:04:e6:45:73:ca:c5:1f:3e:1c:0f:2d:78:ed:
    4f:56:a5:61:28:12:b8:73
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAswgbaduwF1nxmqJGqcOxV2RNfr1ZhL0geulE0ZqwNl8VR6s1
ScdcQOJrqt+F7Nl+FPt9dDkQE+0QWcyiYZuHJhXN/BX0MVvKzEV/t/dMBFc9ENuj
G9w6kUmBg643JOEbMxu2guJbmJxXyJM88MsLWAw62ypY7nFw+iIUdCL12W03uC7P
XN1GHehehfbHvQEHF1902z5m7mB0Uj2fDLDlOnz7QOekd4jpq9Gzm0m4j/PEW1FJ
f7xVVxhsGvtG5FERC4fUFJ4gBXKbz+WJMwCdfM+otuveQs8yEYVQ8nBoSsD6HtLb
7J41NLV2bQgNbo4WAatUK13qTzk0VkZY7PhX3wIDAQABAoIBAEMm+VFdi9FWdV8x
Gxw2QOCsyLyPPXKilfpEYQHV6d6bD5pQR66izqGvy/7N1KggdEBejJH5jWRL+WQV
c5r1AV5xs0+o1G1nJsw0DVHtul+ucUNPfwDGPFmenqvLvvdgUBl9fZneWckGa47a
W3NeVaTzAWiPm8fkWSIZgl6Fdn3U7pfeFgQu1bGPW7HiH8d+BOFUOs9BldJEHhlm
iOqprxKB+1rsI8jztWGAnpJ0LcyTPMkHLdUz2GAtZtI4sdIC97XJhTS1taKo1V2L
JbVxUjpg0YoDiKFlny+UMDcb9xpD4Oym5KdPs/ZJvDcDyeh3wanKENTjkNfSy2xt
b0aXrRECgYEA5kcZLy5smjcNLt+zQ+AuE2z5RKV9iqgdFPxQ1Fs2SdcTXQuoNDX9
9RyKZvl6uhtgsJz1VJ1UIXrhwuOR3egM7E2YaJMgo4Qbnx8mKGYcv65jq97ZQJJU
gcOA+Ur8pw/nUAWUnpxUKKNOA3HmZapZze2aNHIgBA8e4LEEs+qqo4sCgYEAxwea
aDE45QzmAPXfBbW7RCcbby3a98Tw84NIRCFcrfcS6VN5kBH58hGJ0vE4BzdZeQyn
KI4o/kTWDJeKBtXZxsx15ck75QR9ijbloGdXd3Wevzm0Ud1nNU0rZcMcNiLt4FRw
XAh9lfOCH/j8ckwyAomf1SYGCnTNVSHnkMN/F30CgYEAiOeONnnAQXMnWE3QszLt
0cjA7aoB2FSYbaiQmZ/cx8uhjHjouJm88WPVeOErsMekFXxLctHSedEntYk8aJSU
UkzTpqCKEAzzqweG1Q/YWbFhOoZT3UriCP/lhtCpIt2WpQGcWSwR8NMeB3hJBPph
R8fSHQoYtLEUp3s2k4yZhH8CgYAFTjOUgXNlz7E151f5m/2Q9IXrsco7fpl5tE8x
2b3RuVtcsufzqjcCd+s3n0yCDLyq2GaAU0HOfWFDVqrMQdkbTon6BSI+mZ8LFymJ
3BddzNndeRlQcVl190en38qZutaiez2/hk5qt+IJHicEmPlgTfDfyrKwhqqOkWfN
2RhDNQKBgBo/P1GQxlPk24QCVXbcQbwDEPAwQObSXcWrsQfXNikLOyVs7hQ0Tu8j
GXsGdnB66BypOqH0rOSOBZDtGFQS3LXiZAHPpaOPIUr02LZ4V33vWwVR7jl57IwN
QLoOjqlOacLeOJONuBfqp2juBOZFc8rFHz4cDy147U9WpWEoErhz
-----END RSA PRIVATE KEY-----
# 检查私钥是否被篡改
 openssl rsa -in private.key -check

公钥

公钥是发给别人用的,不需要保密,要用私钥生成对应的,所以有密匙对的说法。

# 生成公钥
openssl rsa -in private.key -pubout -out public1.key

格式是这样的:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswgbaduwF1nxmqJGqcOx
V2RNfr1ZhL0geulE0ZqwNl8VR6s1ScdcQOJrqt+F7Nl+FPt9dDkQE+0QWcyiYZuH
JhXN/BX0MVvKzEV/t/dMBFc9ENujG9w6kUmBg643JOEbMxu2guJbmJxXyJM88MsL
WAw62ypY7nFw+iIUdCL12W03uC7PXN1GHehehfbHvQEHF1902z5m7mB0Uj2fDLDl
Onz7QOekd4jpq9Gzm0m4j/PEW1FJf7xVVxhsGvtG5FERC4fUFJ4gBXKbz+WJMwCd
fM+otuveQs8yEYVQ8nBoSsD6HtLb7J41NLV2bQgNbo4WAatUK13qTzk0VkZY7PhX
3wIDAQAB
-----END PUBLIC KEY-----
# 查看公钥信息
openssl rsa -pubin -in public1.key  -text
RSA Public-Key: (2048 bit)
Modulus:
    00:b3:08:1b:69:db:b0:17:59:f1:9a:a2:46:a9:c3:
    b1:57:64:4d:7e:bd:59:84:bd:20:7a:e9:44:d1:9a:
    b0:36:5f:15:47:ab:35:49:c7:5c:40:e2:6b:aa:df:
    85:ec:d9:7e:14:fb:7d:74:39:10:13:ed:10:59:cc:
    a2:61:9b:87:26:15:cd:fc:15:f4:31:5b:ca:cc:45:
    7f:b7:f7:4c:04:57:3d:10:db:a3:1b:dc:3a:91:49:
    81:83:ae:37:24:e1:1b:33:1b:b6:82:e2:5b:98:9c:
    57:c8:93:3c:f0:cb:0b:58:0c:3a:db:2a:58:ee:71:
    70:fa:22:14:74:22:f5:d9:6d:37:b8:2e:cf:5c:dd:
    46:1d:e8:5e:85:f6:c7:bd:01:07:17:5f:74:db:3e:
    66:ee:60:74:52:3d:9f:0c:b0:e5:3a:7c:fb:40:e7:
    a4:77:88:e9:ab:d1:b3:9b:49:b8:8f:f3:c4:5b:51:
    49:7f:bc:55:57:18:6c:1a:fb:46:e4:51:11:0b:87:
    d4:14:9e:20:05:72:9b:cf:e5:89:33:00:9d:7c:cf:
    a8:b6:eb:de:42:cf:32:11:85:50:f2:70:68:4a:c0:
    fa:1e:d2:db:ec:9e:35:34:b5:76:6d:08:0d:6e:8e:
    16:01:ab:54:2b:5d:ea:4f:39:34:56:46:58:ec:f8:
    57:df
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswgbaduwF1nxmqJGqcOx
V2RNfr1ZhL0geulE0ZqwNl8VR6s1ScdcQOJrqt+F7Nl+FPt9dDkQE+0QWcyiYZuH
JhXN/BX0MVvKzEV/t/dMBFc9ENujG9w6kUmBg643JOEbMxu2guJbmJxXyJM88MsL
WAw62ypY7nFw+iIUdCL12W03uC7PXN1GHehehfbHvQEHF1902z5m7mB0Uj2fDLDl
Onz7QOekd4jpq9Gzm0m4j/PEW1FJf7xVVxhsGvtG5FERC4fUFJ4gBXKbz+WJMwCd
fM+otuveQs8yEYVQ8nBoSsD6HtLb7J41NLV2bQgNbo4WAatUK13qTzk0VkZY7PhX
3wIDAQAB
-----END PUBLIC KEY-----
公钥私钥是一对的话他们有相同的 Modulus。
openssl pkcs12 -export -clcerts -in ssl.pem -inkey ssl.key -out ssl.p12
能合成也是一对

私钥签名

签名的时候明文长度有限制,具体还没搞清楚

# 签名结果输出到文件 a.dat
openssl rsautl -sign -inkey private.key -in a.txt -out a.dat

openssl_sign.png

# 按十六进制编码显示结果
openssl rsautl -sign -inkey private.key -in a.txt -hexdump

openssl_sign_hex.png

验证签名并打印结果

## 私钥验证
openssl rsautl -verify -inkey private.key -in a.dat
## 公钥验证
openssl rsautl -verify -inkey public1.key -pubin -in a.dat 
# -verify 加不加都行
要把结果输出到一个文件的话直接后面加一个 -out filename

加密解密

公钥加密私钥解(公钥自己解不了)

openssl rsautl -encrypt -pubin -inkey public1.key -in a.txt -out a.pub.enc
openssl rsautl -decrypt -inkey private.key -in a.pub.enc

私钥加密私钥解

echo 1234567878899999> b.txt
openssl rsautl -encrypt -inkey private.key -in b.txt -out b.pri.enc
openssl rsautl -decrypt -inkey private.key -in b.pri.enc
openssl rsautl -decrypt -inkey private_nopass.key -in b.pri.enc

openssl_enc_pri.png

这个过程没搞懂,加密的时候文档说的-inkey 要传公钥,但是传私钥也能加密,但是直接私钥解开,公钥解不开,并且由这个私钥生成的无密码保护的私钥也能解开。

大文件加解密

直接用 rsautl 对大文件加密会报错:

openssl_big_file_error.png

可以先把文件切成块,然后把每一片加密,最后合并起来。也可以用smime,这个本来是用来加密邮件的。这个工具传的不是公钥,是一个证书。

-----BEGIN CERTIFICATE-----
MIID9TCCAt2gAwIBAgIUKi5YH/7DMjqcA1GskS08cJiOlwEwDQYJKoZIhvcNAQEL
BQAwgYkxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhpMQ4wDAYDVQQHDAVY
aWBhbjETMBEGA1UECgwKWWludXggU29mdDENMAsGA1UECwwEU2FsZTEWMBQGA1UE
AwwNWWFuZyBYaWFvdGlhbjEcMBoGCSqGSIb3DQEJARYNeXh0NjAzQHFxLmNvbTAe
Fw0yMDA4MTcxMDAwMDlaFw0yMDExMjUxMDAwMDlaMIGJMQswCQYDVQQGEwJDTjEQ
MA4GA1UECAwHU2hhbm54aTEOMAwGA1UEBwwFWGlgYW4xEzARBgNVBAoMCllpbnV4
IFNvZnQxDTALBgNVBAsMBFNhbGUxFjAUBgNVBAMMDVlhbmcgWGlhb3RpYW4xHDAa
BgkqhkiG9w0BCQEWDXl4dDYwM0BxcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVStV63+d6+Pc9mjsTaiEJeyZsrweZWQ+1H/ymnMhaO3PyV9AD
N0OZTtYkzmSic1EBC4Hg5gBIxhv8n7IuF9SGcQziUVgSpYE4QjBTUujgaSJcUCjK
s1C2pFrxaobziN5dDvNCedvXaI51CokikG9w2oMaD5nTv0p/dPPHoV6gaJjHWIUq
CH6weBOkEzfBvkmMdoAduVcD+F7KZWHGvPEylK5XAN4x0dZ4M/B5qoqL2ZTPC3tr
/HrXzm3KiMvclO9raXhCnyawGwfXM/o1z5cZ6WrLIl9L4QrPaOZmwp28Y8K7s0Qs
KcIVZ9vuMciRQEFuuFKMM8/OuabwGblmYpsTAgMBAAGjUzBRMB0GA1UdDgQWBBSs
SJucKgnm95oYclDy5BEkGun8yzAfBgNVHSMEGDAWgBSsSJucKgnm95oYclDy5BEk
Gun8yzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQABGJr9iVRy
6rIiAmWRK3rTiyJlEBnp+8EO/m4BT3ah0PsULsiSaCpZQwj9ItYBGLVeAQtwqEQh
ELYzCoFQhLHIpOFTOZo45aG1xpamVmPWmoqDOgcuDWd6+6yI3GNVgBHw2zP0xjQk
oSKO6O+uJp+DCfAvHCvwTG4S7PJ6Gn3GAtbAeNgeIWtpyAmIYLXH79UJauoyBgys
9d+264v5PH2RhcUbi16jdYzn8f0hS4WpGZla1+zNIwjCX2G0Er88d+svRK/1zAIf
6piY5JK18rpsD+YYlwPzomxcGqivE7UIUhtE33TRuOIjGkV7N0CvNAso5RvwIDJc
C/92GIf2Vto7
-----END CERTIFICATE-----

签发证书

openssl req -new -x509  -key private.key -out cert.crt -days 100

加密

# 先算一下md5
md5sum xampp.exe
# 9e207187849c2483caf6eae951c12459  xampp.exe
openssl smime -encrypt -binary -in xampp.exe -out xampp.exe.enc cert.crt

解密

openssl smime -decrypt -binary -in xampp.exe.enc -out xampp2.exe -inkey private.key
# 计算解密后数据的md5
md5sum xampp2.exe
# 9e207187849c2483caf6eae951c12459  xampp2.exe

md5 一致,解密成功。


本文由 yang 创作,采用 知识共享署名 3.0,可自由转载、引用,但需署名作者且注明文章出处。

楼主残忍的关闭了评论