openssl使用

1.创建私钥

创建不带密码的私钥：

1	openssl genrsa -out test_rsa_private.pem 1024

1024表示私钥的长度，长度越长安全性越高。如果对安全要求比较高可以指定私钥长度为2048。

查看私钥：

1	cat my_test_private.key

打印：

上述打印是base64过的。可以使用-text，以明文形式输出各个参数值

1	openssl rsa -in test_rsa_private.pem -text -noout

打印：

RSA Private-Key: (1024 bit)
modulus:
    00:a3:e6:f4:36:ad:0b:1a:bd:8c:6d:27:23:61:fe:
    7b:a0:1e:a3:af:13:69:26:63:8f:76:87:c9:78:94:
    f4:ab:ff:33:13:d4:8d:59:0f:fc:93:92:1d:ec:0d:
    26:47:35:38:56:93:95:09:ba:45:d9:3c:6b:0a:7f:
    9c:65:01:a8:fa:59:98:9a:3d:20:70:e5:65:bf:7f:
    b3:e6:f0:cd:7e:90:d0:4a:64:67:8a:b1:20:13:b9:
    57:f2:3e:ce:bd:6d:30:65:d4:c9:fd:61:c0:70:1d:
    79:2e:bb:b8:a3:a9:2c:5e:13:c6:95:94:ab:14:48:
    04:77:24:32:25:16:20:a7:d1
publicExponent: 65537 (0x10001)
privateExponent:
    7d:1b:a8:a4:27:98:47:54:12:61:ab:33:55:f4:b3:
    96:f8:6c:47:12:50:fc:0d:99:0f:87:fc:a0:7f:4a:
    f8:12:f7:81:16:88:c2:47:f2:ab:0e:28:aa:eb:2a:
    a1:c6:1c:f7:f0:f5:1d:94:c3:06:5c:18:f4:cd:8d:
    aa:88:06:db:c1:49:48:ca:76:c9:52:07:83:ca:46:
    db:d1:67:1a:2e:53:18:90:4d:57:89:31:e2:b9:a4:
    a6:e9:6b:fc:4e:d3:2f:5a:11:56:2a:0f:d8:8e:99:
    5b:15:e4:e7:1b:a2:36:fc:33:9b:ad:33:87:24:71:
    b8:31:e7:e4:31:e8:6f:55
prime1:
    00:d1:33:36:93:a5:ac:31:e6:a1:e3:a7:fc:96:2e:
    68:05:c8:25:41:d3:bb:a9:15:71:7d:8c:63:89:1e:
    66:5e:be:0c:60:c2:87:ba:49:28:7d:87:30:84:98:
    92:d8:e6:46:28:e5:e0:d6:ff:be:8d:89:f7:7e:b2:
    8f:40:09:20:fb
prime2:
    00:c8:91:8d:6b:f0:7b:19:12:cf:a1:8c:b2:03:c6:
    14:79:34:d3:75:6b:43:99:4e:e5:4b:80:f6:79:c7:
    8b:3e:bc:c9:6d:3a:ca:9c:a4:7a:9e:28:e5:01:6a:
    f2:fd:d2:8f:14:81:4e:ab:5c:f6:f1:7d:e0:c3:17:
    93:f1:a1:78:a3
exponent1:
    24:8b:d6:d7:fa:54:57:af:5b:ce:c2:95:0c:c3:74:
    a6:b5:ed:54:4f:a1:f4:0a:eb:f5:ab:e5:e3:99:6c:
    f6:d6:2a:a1:68:ba:7f:5f:b2:74:23:7e:e5:5b:26:
    24:40:2e:37:8c:d9:37:96:1b:fa:ec:04:51:9c:ee:
    0b:98:cc:ab
exponent2:
    03:a5:e2:14:9c:83:20:a9:9e:ed:29:49:f3:97:9e:
    b7:b5:a6:42:f4:78:7e:49:59:12:4e:7e:2d:28:db:
    f7:80:27:89:bd:10:02:59:5b:81:94:ec:d5:61:c4:
    99:a9:42:c0:f4:b9:21:94:c7:49:0d:29:11:63:54:
    65:88:b2:51
coefficient:
    00:8a:f4:04:e0:77:9b:21:4f:31:51:81:07:81:2f:
    41:e8:27:4d:de:34:25:25:3b:84:a5:da:2b:76:41:
    6e:b1:3f:68:7a:31:76:5c:fc:24:9b:2e:ba:e7:da:
    68:ae:11:be:47:72:ef:c4:13:b8:db:b4:be:dc:bd:
    8e:89:d0:41:e3

创建带密码的私钥：

1
2
3

openssl genrsa -des3 -passout pass:"123456" -out test_encrypt_rsa_private.pem 2048
//或者让终端提示你输入密码
openssl genrsa -des3 -out test_encrypt_rsa_private.pem 2048

-des3表示使用des3对称加密算法加密私钥。

这个时候如果你还想以明文形式查看私钥的各个参数就需要密码了。这样即使私钥文件泄露，如果对方没有密码也是没用的。

1	openssl rsa -in test_encrypt_rsa_private.pem -text -noout

如果我们后期想添加、去除或者更改密码也是可以的。

2.根据私钥提取公钥

openssl rsa -in test_rsa_private.pem -pubout -out test_rsa_public.pem
openssl rsa -in test_encrypt_rsa_private.pem -passin pass:123456 -pubout -out test_encrypt_rsa_public.pem
//或者让终端提示你输入密码
openssl rsa -in test_encrypt_rsa_private.pem -pubout -out test_encrypt_rsa_public.pem

查看公钥：

1	cat test_rsa_public.pem

打印：

或者

1	openssl rsa -in test_rsa_public.pem -pubin -text -noout

打印：

RSA Public-Key: (1024 bit)
Modulus:
    00:a3:e6:f4:36:ad:0b:1a:bd:8c:6d:27:23:61:fe:
    7b:a0:1e:a3:af:13:69:26:63:8f:76:87:c9:78:94:
    f4:ab:ff:33:13:d4:8d:59:0f:fc:93:92:1d:ec:0d:
    26:47:35:38:56:93:95:09:ba:45:d9:3c:6b:0a:7f:
    9c:65:01:a8:fa:59:98:9a:3d:20:70:e5:65:bf:7f:
    b3:e6:f0:cd:7e:90:d0:4a:64:67:8a:b1:20:13:b9:
    57:f2:3e:ce:bd:6d:30:65:d4:c9:fd:61:c0:70:1d:
    79:2e:bb:b8:a3:a9:2c:5e:13:c6:95:94:ab:14:48:
    04:77:24:32:25:16:20:a7:d1
Exponent: 65537 (0x10001)

ok,到现在为止rsa的公私钥已经创建完毕，我们可以试一下加解密文件了。

3.公钥加密私钥解密

注意：无论是使用公钥加密还是私钥加密，RSA每次能够加密的数据长度不能超过RSA密钥长度，并且根据具体的补齐方式不同输入的加密数据最大长度也不一样，而输出长度则总是跟RSA密钥长度相等。

准备一个plain.txt文件，输入hello world!

公钥加密：

1
2

openssl rsautl -encrypt -in plain.txt -out encrypt_plain.txt -pubin -inkey test_rsa_public.pem
openssl rsautl -encrypt -in plain.txt -out encrypt_plain1.txt -pubin -inkey test_encrypt_rsa_public.pem

私钥解密：

openssl rsautl -decrypt -in encrypt_plain.txt -inkey test_rsa_private.pem -out decrypt_plain.txt
openssl rsautl -decrypt -in encrypt_plain1.txt -inkey test_encrypt_rsa_private.pem -passin pass:123456 -out decrypt_plain1.txt
//或者
openssl rsautl -decrypt -in encrypt_plain1.txt -inkey test_encrypt_rsa_private.pem -out decrypt_plain1.txt

打开plain.txt、decrypt_plain.txt、decrypt_plain1.txt里面的内容应该是一致的。这表明公钥加密私钥解密成功。

ps:密码也可以不输入在命令中，如果需要密码，终端会提示你输入的。

4.私钥加密公钥解密

私钥加密：

1 2	openssl rsautl -sign -in plain.txt -inkey test_rsa_private.pem -out sign.txt openssl rsautl -sign -in plain.txt -inkey test_encrypt_rsa_private.pem -passin pass:123456 -out sign1.txt

公钥解密：

1 2	openssl rsautl -verify -in sign.txt -inkey test_rsa_public.pem -pubin -out verify_sign.txt openssl rsautl -verify -in sign1.txt -inkey test_encrypt_rsa_public.pem -pubin -out verify_sign1.txt

打开plain.txt、verify_sign.txt、verify_sign1.txt里面的内容应该是一致的。这表明私钥加密公钥解密成功。

5.base64

加密后的内容是二进制打开后是一堆乱码无法直观查看，可以将其base64转换为可打印的字符串。

base64加密:

1	openssl enc -base64 -in encrypt_plain.txt -out base64_encrypt_plain.txt

查看：

1	cat base64_encrypt_plain.txt

打印：

1
2
3

hPuoNd2lLrszO6nmIHLwNVgCAXfrS4bWTFTTUS0s/3jFrLX6nIfdgr4R9ycUSIin
dBLRf91TIi1q8qoa7Ct/NseM+EHjDXgxPSl0iwcdk2oJDNe9Rdl+KByy+CnCsPp3
z47+W6mC+dNYlpL7FtFApcWfFUs2+a0Su4ix64PnFYQ=

base64解密:

1	openssl enc -base64 -d -in base64_encrypt_plain.txt -out de_base64_encrypt_plain.txt

再用私钥解密de_base64_encrypt_plain.txt看看能不能解密:

1	openssl rsautl -decrypt -in de_base64_encrypt_plain.txt -inkey test_rsa_private.pem -out de_de_base64_encrypt_plain.txt

打开de_de_base64_encrypt_plain.txt，里面的内容还是hello world!

6.md5

准备一个文件abc.txt，输入内容“abc”

1	openssl dgst -md5 abc.txt

打印：

1	MD5(abc.txt)= 900150983cd24fb0d6963f7d28e17f72

参考

openssl genrsa 命令详解

openssl加密解密