openssl命令

目录

1. 生成证书
2. 证书签名
3. 证书吊销
4. 验证证书
5. 生成RSA密钥对
6. RSA加密算法

生成证书

请参考使用openssl生成证书

证书签名

请参考使用openssl生成证书

证书吊销

1. 吊销证书
   openssl ca －revoke newcerts/username.pem -config openssl.cnf
2. 重新生成证书吊销列表
   openssl ca -config openssl.cnf -gencrl -out crl/ca.crl
3. 生成hash码链接文件
   ln -s ca.crl `openssl crl -hash -noout -in ca.crl`.r0
4. 把ca.crl及hash码文件拷贝到应用证书吊销列表文件夹

验证证书

openssl verify -CAfile cacert.pem servercert.pem

生成RSA密钥对

1. 生成私钥
   openssl genrsa -out rsa_private_key.pem 1024
2. 生成公钥
   openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
3. 查看私钥信息
   openssl rsa -in rsa_private_key.pem -text -noout

示例如下，其中生成的moduls前两位需要去掉：

$ openssl rsa -in rsa_private_key.pem -text -noout
Private-Key: (512 bit)
modulus:
    00:cb:23:6d:74:e6:bf:cb:89:a1:66:52:ca:5f:c2:
    76:23:30:60:52:bc:bd:20:a6:25:cc:8e:61:73:46:
    01:f4:60:09:45:2a:db:fa:34:33:06:8b:61:85:8e:
    c7:1c:1c:77:1d:cd:f2:ab:e2:af:f2:e8:c9:03:ec:
    18:2a:72:d9:af
publicExponent: 65537 (0x10001)
privateExponent:
    62:c7:2b:66:78:fe:32:7f:0e:58:af:51:71:17:22:
    53:22:26:f4:94:8a:72:e1:d7:e7:8c:24:9e:e5:1f:
    f6:30:0e:e3:e5:bc:d2:4f:79:c5:21:72:dd:3f:9b:
    b5:71:52:1c:0e:d7:0e:d6:46:bd:dc:af:d2:23:95:
    cd:08:18:a1
prime1:
    00:ec:9a:67:ec:ae:cd:9e:48:f9:fd:27:f1:01:fa:
    14:38:5b:f2:55:a1:1e:16:42:c0:31:a5:af:b9:22:
    f9:37:dd
prime2:
    00:db:ca:b2:38:54:d8:64:d3:74:db:bf:a2:00:fc:
    c8:45:d8:f4:1b:05:32:c5:29:8f:56:70:0a:c2:50:
    56:24:fb
exponent1:
    31:ab:60:71:c1:68:8c:f8:08:f2:ea:35:a0:12:9d:
    b8:0f:25:5a:70:8e:5e:61:f8:f2:f3:33:66:8c:3f:
    01:49
exponent2:
    3f:6a:4b:63:9f:6f:54:20:02:be:88:9b:18:87:d6:
    cc:f8:5c:ee:12:e0:e4:2c:2a:94:38:fd:91:b5:16:
    35:d3
coefficient:
    7f:68:40:1f:63:8e:60:f3:0e:e6:e0:9c:84:ce:3e:
    89:1b:e3:62:01:23:44:70:94:ff:ea:c1:b5:d4:a4:
    ac:50

RSA加密算法

1. 生成密钥对，即RAS结构
2. 公钥持有端使用RSA_public_encrypt和RSA_public_decrypt进行加解密（openssl中的函数）
3. 私钥持有端使用RSA_private_encrypt和RSA_private_decrypt进行加解密