openssl命令雜記
阿新 • • 發佈:2018-03-27
openssl 生成密鑰 雜記 基礎openssl命令行
openssl基礎
顯示openssl版本號
[root@aa ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@aa ~]#
enc
[root@aa ~]# whatis enc
enc (1ssl) - symmetric cipher routines
給文件加密
[root@aa tmp]# openssl enc -e -des3 -a -salt -in fstab -out fstab.ciphertext -e:加密格式;-a:基於文本編碼;-salt:自動加入雜誌;-in:加密哪個文件;-out:輸出到哪個路徑 enter des-ede3-cbc encryption password: Verifying - enter des-ede3-cbc encryption password: [root@aa tmp]# rm fstab rm: remove regular file ‘fstab’? y [root@aa tmp]# cat fstab.ciphertext U2FsdGVkX19TOyfPaUaIYrL3f6FYQiOtsVxUOZBUsAbz+9uYXkjM4Wd9xvbz4Fpu YwRWE8XyiQOnofveK3EoNOuma628gxfyQwQUNYm2j+Jo2OY7eMsdZ8Tqq6bY22pb n3CRCurVKR/uZ6sNe8GxkPo4NeEyPB9qdpgpV9xo52zY4HUxqkeiJ98XizNe1Yqn IoKqWxM24dG6O6nBnZL77qPVXfvNLmvjSXBloMXv3ZqWwO1KND/z2UCCeKnEn4Qv 9a3XLybBcTvi2oMMFOd/ouptPMsDdJgpF2dM/P5SXihVH5cbqDoVIxdxd2s98Nl6 h0E1zXzRumph12Ko3KgEd/GU/sq9rTKyB9OiSsQgh1+SaeatDrbJwZTNuTz9vztS J3UnPzOgl0GIVSx1UDdb6lbfBhR/36YtRZHEqtCS6TjQKizJKSy/7jzqHFjMmxcJ XlHyun4bgR4dMZ+TMqjoDgu9qGgw4yGeRgMR+fKUGiXZPbWdFD12DwESqL1NfQ5f wQpqr/YEMtEgeXHPL4fHps1rgYFRXlvFcR+hiO2wPwTxrllY0psaM2cifC0F0vH3
文件解密
[root@aa tmp]# [root@aa tmp]# openssl enc -d -des3 -a -salt -in fstab.ciphertext -out fstab enter des-ede3-cbc decryption password: [root@aa tmp]# ls fstab fstab.ciphertext [root@aa tmp]# cat fstab # # /etc/fstab # Created by anaconda on Thu Jun 16 09:45:02 2016 # # Accessible filesystems, by reference, are maintained under ‘/dev/disk‘ # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=61a8ab18-e2f0-4857-bf8e-a8e534b08c9c / xfs defaults 0 0 UUID=4c401c24-2f32-49af-96e5-bc2ea947387a /boot xfs defaults 0 0
dgst
[root@aa tmp]# whatis dgst
dgst (1ssl) - message digests
不同工具,使用同種算法,得出的結果一樣
[root@aa tmp]# md5sum fstab c68a89b85a3b2177fee40201320acd35 fstab [root@aa tmp]# openssl dgst -md5 fstab MD5(fstab)= c68a89b85a3b2177fee40201320acd35 [root@aa tmp]# [root@aa tmp]# openssl dgst -md5 -hex fstab #默認十六進制編碼 MD5(fstab)= c68a89b85a3b2177fee40201320acd35
passwd
[root@aa tmp]# whatis passwd
passwd (1) - update user‘s authentication tokens
sslpasswd (1ssl) - compute password hashes ***
passwd (5) - password file
MD5加密
-1:MD5;-salt 123:加入雜質;
[root@aa tmp]# openssl passwd -1 -salt 123
Password:
$1$123$nE5gIYTYiF1PIXVOFjQaW/
[root@aa tmp]#
rand生成隨機數
生成64位和16進制隨機數
[root@aa tmp]# openssl rand -base64 4
rLMepA==
[root@aa tmp]# openssl rand -hex 4
3d386d6e #4個字節,8位16進制
rsautl
[root@aa tmp]# whatis rsautl
rsautl (1ssl) - RSA utility
genrsa
[root@aa tmp]# whatis genrsa
genrsa (1ssl) - generate an RSA private key
生成隨機數設備
[root@aa tmp]# ls /dev | egrep "random|uinput"
random
uinput
random和urandom
[root@aa tmp]# whatis random
random (3) - random number generator
[root@aa tmp]# whatis urandom
urandom (4) - kernel random number source devices
[root@aa tmp]#
生成私鑰
[root@aa tmp]# openssl genrsa -out rsakey.private 2048
Generating RSA private key, 2048 bit long modulus
......+++
............+++
e is 65537 (0x10001)
[root@aa tmp]# cat rsakey.private
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA6vl3ePFVYl3DirG1dqgb/PRmjrAuSwmGp/9MligRjDA1Uo7y
dkDHEmiAGb6Ubt5w4T5B525bQMqD0TsG1lRwH6Gc9awd5ct1tR29m+lSobFqFvrJ
W558k25G3C7OEXie1+vc8AiA2cKiLgE9MckPWiBARK9C0UqUUiHOd6Z6kjDflr0p
uSuKuvnoOUWyLe3WVj5vpA4jYxyFGiqW8E3Crh8aVExnsH8rdE3V4EuWASzGOmGG
XjN+F7Hm6hKgOFBazN5o2RAQ3/PknduQrSBYvkOQKHoaDpi+hFWSu7V6PCZd9nl7
uKt5D3i4W+4IrrTuiWN+/3pLJhzijB3sT2pZIQIDAQABAoIBAQDGQqGE4ZQawGSa
ZOFo8eVTpN/X613UIICGxYnYdIyBzbdgJo78KiIOLTBRCJXziiqSUtaGsH28iGN6
qiRVub81YUavn39GgkqZ/DMdF1yKY8jRBN/bNzmDqBuP8soawby9ER1FRtd5ZZkz
2gXJOQ2EDQxNJ9foAdZuCmpMWKK5L3erw1pqSmroiR8vOUFdyNi044STOtOlf4C2
3D/5AvyMgfVzo2KsR6QDnMeQyAbJwYMHyP/5/0/Xv3rNmag0HK0vCiOfWJxCtIFH
2Pvbw8q1EbIGlAWnw75BQk/DwlNf3j2cgxkPC9HhClMso/n6FlYr5sCM0/dMWsll
+TuW7B4xAoGBAPq5pY+JsWh7yNUjwYdWv2c8gkRosC03FTzho8ScZUhg3z/diieF
RRMP5GQfcJRHQ201LRyMlx24x/t6HbcFLMhJp5xVoo26/7CN9WC/Qkj8VMI/U58k
o3hsqjYl24BaZksdDTh9MwVyWbq97Wu5i3UzvEVmnchRUjSal1bMlPY1AoGBAO/q
/W9tugsyURkxheMFsFY2m8Tn/d8PTllq+sdSdsFGaMPN3B1PVy+c5K/JYo/UxU/1
fL8Zg/9868TZhaeTt2pdz3pt5jmR9Sloa2PPHD+AsP/cvi9EopqZpVkHj9xv4Q6S
n+XfSZ1mkyZOcpSWT3eqtlRAWMDr0/QehaCzMMS9AoGAD/fu8XtljzADFIAYfVQr
EJor+ctpHRgbBCui0IzdboSs81ZazDWStqoWc8IE24zGYJg4bU8O+Neh9QRMDDIK
Lh9yy2Qw3DICwu3nqOfFgvx/MXfzDXm555uUI6q5li0rwrDw/J4Mt9YWnOwnyOqi
VS6cWRc2CWIUiEEoTmDtQ9kCgYEAthpXY0yV+gmnJMhCJ58ZyVaJxVuRhs3HWnep
AcHGAc2/l1+Zw2WFd85Ohl8FQMbvPVHH7gUf+7yF+FRi7l9gyIuMABGKvgfbXiKz
4H5Doq+7qXmToa0m/tHAf2MN/vOsj7MbSw/AgIhrCJhiwAWXK+2XlzuAIm7d4l2I
cAGS8sECgYEAuqa7Yv+WbeovFutgnExdmvvO0Z0oHb1tkwUI+RG/uwJOQdzpMsNE
Osk1HWfao3nu7P+4v5WFFDbqA0kyCO0mTIT/gBy8je+d4iWfdsl1HtINim6lp6cL
560wSJSWgiJXo0fX5YlLvW9DS7ZIhTOkip32bGcpyyBSGO/6Kqt85CA=
-----END RSA PRIVATE KEY-----
通過私鑰文件輸出公鑰信息
[root@aa tmp]# openssl rsa -in rsakey.private -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vl3ePFVYl3DirG1dqgb
/PRmjrAuSwmGp/9MligRjDA1Uo7ydkDHEmiAGb6Ubt5w4T5B525bQMqD0TsG1lRw
H6Gc9awd5ct1tR29m+lSobFqFvrJW558k25G3C7OEXie1+vc8AiA2cKiLgE9MckP
WiBARK9C0UqUUiHOd6Z6kjDflr0puSuKuvnoOUWyLe3WVj5vpA4jYxyFGiqW8E3C
rh8aVExnsH8rdE3V4EuWASzGOmGGXjN+F7Hm6hKgOFBazN5o2RAQ3/PknduQrSBY
vkOQKHoaDpi+hFWSu7V6PCZd9nl7uKt5D3i4W+4IrrTuiWN+/3pLJhzijB3sT2pZ
IQIDAQAB
-----END PUBLIC KEY-----
優化密鑰文件
[root@aa tmp]# chmod og= rsakey.private
[root@aa tmp]# ll rsakey.private
-rw-------. 1 root root 1679 Aug 5 20:59 rsakey.private
[root@aa tmp]#
兩步一起做,小括號代表在子shell設置,不影響自身shell,只在子shell生效
[root@aa tmp]# (umask 077; openssl genrsa -out key.pri 2048)
Generating RSA private key, 2048 bit long modulus
...+++
..............+++
e is 65537 (0x10001)
[root@aa tmp]# ll key.pri
-rw-------. 1 root root 1679 Aug 5 21:06 key.pri
openssl命令雜記