SSL/TLS深度解析--OpenSSL的基本使用
摘要算法
[root@localhost ~]# openssl dgst -help #默認sha256 Usage: dgst [options] [file...] file... files to digest (default is stdin) -help Display this summary -c Print the digest with separating colons -r Print the digest in coreutils format -out outfile Output to filename rather than stdout -passin val Input file pass phrase source -sign val Sign digest using private key #簽名,使用RSA DSA ECDSA私鑰簽名 -verify val Verify a signature using public key #使用公鑰驗證簽名 -prverify val Verify a signature using private key -signature infile File with signature to verify #簽名文件(與verify合用) -keyform format Key file format (PEM or ENGINE) -hex Print as hex dump #十六進制輸出,默認就是-hex -binary Print in binary form -d Print debug info -debug Print debug info -fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint -hmac val Create hashed MAC with key -mac val Create MAC (not necessarily HMAC) -sigopt val Signature parameter in n:v form -macopt val MAC algorithm parameters in n:v form or key -* Any supported digest -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -engine val Use engine e, possibly a hardware device [root@localhost ~]# echo 'redhat' | openssl dgst -md5 (stdin)= bdb52aae3b5566607f3e6023ef2e74e5 [root@localhost ~]# echo 'redhat' | openssl dgst -sha256 (stdin)= 75fa176aecdc7a1b6b53778b38eac87c7152d5c916a755cb56071a93c01e040d [root@localhost ~]# echo 'redhat' | openssl dgst -sha512 (stdin)= 20641bd9d93708c844f59bf5f5d5bfb16fd5c3cece84127f56072579f778e6aca04ca7985eb4a7f555bd9532115205884d11fc5323534618da7596c300b4666d [root@localhost ~]# echo 'Redhat' | openssl dgst -md5 (stdin)= a2025805f5419fba99ba023354149090 [root@localhost ~]# echo 'Redhat' | openssl dgst -sha256 (stdin)= e06c5bb14a7e3b1bd58a4ff61a4cbe2c4fc61c172bdff7899be50adf2b4d3563 [root@localhost ~]# echo 'Redhat' | openssl dgst -sha512 (stdin)= 3005c755cba891b42c96ad7ab382f0fac402055b11cdedba7bcbdb33a7b47f55e1774ae25ec14874559c6b01691988b6f587f48c3be3fc7339a084ef51735df9
對稱加密
[root@localhost ~]# openssl enc -help Usage: enc [options] Valid options are: -help Display this summary -ciphers List ciphers -in infile Input file -out outfile Output file -pass val Passphrase source -e Encrypt -d Decrypt -p Print the iv/key -P Print the iv/key and exit -v Verbose output -nopad Disable standard block padding -salt Use salt in the KDF (default) -nosalt Do not use salt in the KDF -debug Print debug info -a Base64 encode/decode, depending on encryption flag -base64 Same as option -a -A Used with -[base64|a] to specify base64 buffer as a single line -bufsize val Buffer size -k val Passphrase -kfile infile Read passphrase from file -K val Raw key, in hex -S val Salt, in hex -iv val IV in hex -md val Use specified digest to create a key from the passphrase -iter +int Specify the iteration count and force use of PBKDF2 -pbkdf2 Use password-based key derivation function 2 -none Don't encrypt -* Any supported cipher -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -z Use zlib as the 'encryption' -engine val Use engine, possibly a hardware device [root@localhost ~]# openssl enc -ciphers Supported ciphers: -aes-128-cbc -aes-128-cfb -aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr -aes-128-ecb -aes-128-ofb -aes-192-cbc -aes-192-cfb -aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr -aes-192-ecb -aes-192-ofb -aes-256-cbc -aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr -aes-256-ecb -aes-256-ofb -aes128 -aes128-wrap -aes192 -aes192-wrap -aes256 -aes256-wrap -aria-128-cbc -aria-128-cfb -aria-128-cfb1 -aria-128-cfb8 -aria-128-ctr -aria-128-ecb -aria-128-ofb -aria-192-cbc -aria-192-cfb -aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr -aria-192-ecb -aria-192-ofb -aria-256-cbc -aria-256-cfb -aria-256-cfb1 -aria-256-cfb8 -aria-256-ctr -aria-256-ecb -aria-256-ofb -aria128 -aria192 -aria256 -bf -bf-cbc -bf-cfb -bf-ecb -bf-ofb -blowfish -camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb -camellia-128-ofb -camellia-192-cbc -camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr -camellia-192-ecb -camellia-192-ofb -camellia-256-cbc -camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ctr -camellia-256-ecb -camellia-256-ofb -camellia128 -camellia192 -camellia256 -cast -cast-cbc -cast5-cbc -cast5-cfb -cast5-ecb -cast5-ofb -chacha20 -des -des-cbc -des-cfb -des-cfb1 -des-cfb8 -des-ecb -des-ede -des-ede-cbc -des-ede-cfb -des-ede-ecb -des-ede-ofb -des-ede3 -des-ede3-cbc -des-ede3-cfb -des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb -des-ede3-ofb -des-ofb -des3 -des3-wrap -desx -desx-cbc -id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap -id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad -id-smime-alg-CMS3DESwrap -idea -idea-cbc -idea-cfb -idea-ecb -idea-ofb -rc2 -rc2-128 -rc2-40 -rc2-40-cbc -rc2-64 -rc2-64-cbc -rc2-cbc -rc2-cfb -rc2-ecb -rc2-ofb -rc4 -rc4-40 -seed -seed-cbc -seed-cfb -seed-ecb -seed-ofb -sm4 -sm4-cbc -sm4-cfb -sm4-ctr -sm4-ecb -sm4-ofb
[root@localhost ~]# cat test 0123456789 alnkldljkdldjslflslsls ldljfdsnjldsjlffsdlfj fldfjdsfflsdfjsdljflsdfjl jlfjldsfjjodsfjwej2o99ojkl [root@localhost ~]# openssl enc -e -aes128 -a -k 123456789 -in test -out test_enc -pbkdf2 [root@localhost ~]# cat test_enc U2FsdGVkX1/Y3xaAkBV42ZQXSrMuasKjq9jYRonHmE3YXv5qcv7rzxOpNxX09DrR JmBbjzGF6dMmLBfaPIfm6x0ajzHzBojlfRM4Ulq+KUximcCe8X7+sm00ldtvVe21 KnTP85W/vFtmIR0cgARVhrWf94sboXm+ubIV+Qo1jK0= [root@localhost ~]# openssl enc -d -aes128 -a -k 123456789 -in test_enc -out test_des #解密 [root@localhost ~]# openssl enc -e -aes128 -a -pass pass:123456789 -in test -out test_enc1 -pbkdf2 [root@localhost ~]# openssl enc -d -aes128 -a -pass pass:123456789 -in test_enc1 -out test_des1 [root@localhost ~]# openssl enc -e -aes128 -a -pass pass:123456789 -in test -out test_enc1 -p salt=3834AB80CB0D45C9 key=25E62D924ACE8BD4F8CC4429CCD54875 iv =072829CEACAD01641D63EAEF58723C01 # -pass pass:123456 對應-k # -pass file:passwd.txt 對應-kfile # -pass env:passwd:使用環境變量;env表示環境變量 # -pass stdin 使用標準輸入,默認是使用標準輸入 # -pass fd:1 使用文件描述符,fd表示文件描述符
RSA非對稱加密
- 生成私鑰
使用 genrsa 來生成私鑰
-aes256 是使用aes256加密這個私鑰
-passout 是加密的密鑰
-out 指明輸出文件
2048是私鑰的長度,這個2048 是放在最後的。老版本默認是1024位
還有DER格式,生成的私鑰是Base64編碼的,perm格式使用的是base64編碼。web
[root@localhost ~]# mkdir rsa [root@localhost ~]# cd rsa [root@localhost rsa]# openssl genrsa -aes256 -passout pass:test123 -out test_rsa_aes_prikey 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ................................................+++++ ......................+++++ e is 65537 (0x010001) #公鑰指數, e值表示公用指數,默認狀況下會被設置爲65537。這是所謂的短公用指數(short public exponent),它能夠顯著提升RSA的驗證性能。
[root@localhost rsa]# cat test_rsa_aes_prikey -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,EE88B4C778CCBFE0ADCA542815FAD479 lWXpOQOSHHmjHi7bRJTfuocwVw3r485E+zqnxOoMe3b5UW07L/3He5MKn6LwS7qc jiHqoDKwXp00E5vOvegnR6LPK/pO3GPB5P+B0FiAn/wWv2pZ+OvIiq7xF3IQ+l5u qazf2qLnR4nPlVn9slLNFNhun6gDDWLMkW+4GoD5CelAGlqEVX3XmhAfHv5SnCqV tL3cT2lH8Y39jztgak7BEmDrLMBlGV0kK537otQW+8LgAtGqQbnmG6HXe15zm64o WmF0abQ2iopOjGIoq0G+LpdezHiCvo/HWA6Rrle/Le0wN7ri7btOR5MBr8dT94rd q+OiHixti124+GIJoPPCDCuCjJhNObXMYPRnRHZxP29eM4RKaRzy9bJ53ygnf37P ozOK+qoIl0qWALuqPOq5DG+8MzMyUO6mOaWtyxWnQkYwz9SrqGVsdFZnMJtW1Ys/ /LAxiZ61M/U5Bf4YhPriz0U3eltZt0m/CGGXy61bEXS+ezZ/bQckbXgsKsk7LhiI v0Qhufhw5lCzGpYu+RAmMq/+DeGqYtmf3G4tC3xo6k+iqZ52pX2OUPzYgsaQl1k0 YUMWn3NrWfWYwdI6xcZ/UXESbcVfaMQgu5NFxaXOqmO0Fw7qkMVR18GtbIjpkST4 GG+N2x+jxziPau6/3aFX7jgLl/ctyLr5xIzX7B5QEVLQkiwzunInqZpStYQj2h1H Tc+vS/51QBFL6pTv2QbTfROJG471183sqt77wq+EPKyuAUSMo/6FmUOS5tdhShmT +ucH7uqDKLPM5etXsA/1uUFQJALJtuy1AIDljyuXOswtjU7bCmrfEDjVIzOpgpQ+ CTPsWT42Cp1ylH7vPFqIdvSTM887XDDbX/c5UEeejlreTBF9J5pZJ+v9WQ4risqp 3rhhvtm3o4ud7DOXVFeDNURJ+QFjxb+Bw2mf0WDldP/c6EBDotqxL0Uo5q4FiUvF jIh3AU7uVkiOPS/33jwUXOaobmEcS5ibj74ubrE8Ka5cVoQCleaMWnxYZV+O3Ovy YFBaDV8o6luiMpCYy4Ba+veHLT6Neye0D1NlHdC/NcAr1frWLFpgyro+rJ7gEFII 1CtR3Nvw/PPK9Jd6pXCIY6d4MMZDrYIafhDGRnASW4e2rv5N20mHjg8qu7laLNl/ UlbuLfBWZUpX5KaBLPFMm7POnktZHaKiDpNUHvfS84ZnF22HAdhz3Bbru1CrKhyI U4APHrLR+dKuHP+xg4fSPvcgy61ouhnP0X7Q2ibPP2my1M2rPjGxY74bQlwf5HnA luWzGd5MvYn71/ovMZqi6XY7c2VjEBPYH4dss6EmEiAHXRRYpkSBXq7R2xNRtjHx AQYg97KxqJzJqk2iKERktZSVkOppMl9aQfezZvIK5toYB1a6gKkqjyOD8TbMWfp/ uPJnJE6JtcOh1ba++nFlUvUKZ6MdskdDahOdl3rixuxUBx/Q8RRF7VMLIk1dXb8k l3fS1sqzfwEMJjLay2eU1BPCkvkxKGBtwZlo0LByjzKZseyH13G222XUOJv4p+uk tgXPdC74B3DBkRR/X7JfIfa/yrg6FJvIXzasH3QHlz9ECoxe90xDFMOt+0wD9a4X -----END RSA PRIVATE KEY----- [root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey Enter pass phrase for test_rsa_aes_prikey: writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAm4J/cx6HD/AUTkRum6fOwsyuP6GO8iIhFemCZVXIPAMLq+I6 RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKpheR62CnUn5VQuxk56sCPgBV0HfBg NnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoIfpcKgFsTvcx18GvXmorpwZjmjuf+ dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHauUxAvSKPWvvZYocxKh2FALLKoop2+ G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1iOqYU496RFLHygCjUQ+zEblCbrwo d4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6dNwIDAQABAoIBAGvQvQYWSzOskpd0 8G6wmDQMbl6lZxLOwLuNap9RKwMYZXYk4Zr694cLzuoP+9R1l2285PrXJtW1PAie ePXmAGxY7SaDUevWPOOK6NGt8Y+u0BOVvU7kRazVxPzNPKVpFYD6y1bXSUZgGZih b6cm5W7GzzwQaQ50++vVCOUXnFtgzwI99dSviilsomxsekdgVTdaU5VOErcUg/kc 6+QUUBJRJKnp0O+3gGDiY1QcyeTDIZ7CjaHjow1q+s5bxRRo9n4tHUWoaf3izvDm 5SWYwCkuFWb8Pc7o0X2c2wC2zWq4JaraswXsXfQ8Y3m9zFafeyyKHJNJnBt4vnGc dg9OmZkCgYEAyXzuUrJKMYINpgzGG+jnKOuYT1Ieogin9q4iBgIfzaqM581j8LOD TK3EeGI6v0iTavI49bG6udu0+15Wi1a/aiIZFNqZGzEnc4NxVw+hyZT+cUczFHC0 Rd+WzO4VkALhshG8SiWknVO3hFQptOb7g5VEo1Epm/TY3jFaLFrPub0CgYEAxZUc Yfd+Ljuvo/HXBIkfdpaNCl4lon3oLh1upxkH5CdNlez9V8uzrnDP2vzqhaM6O24r KmPHFMlHGvIAMTIx68t9llf9RdbnzdNT7z3ALmZcyaUBBhzH8dBHuYUAwxI8fJk8 7qwdOX+sBTtuXmgM/v5s0uegcJ2OEevQwn58MAMCgYB/mb7UYFTcRaCfKDfONREv uQQcN8VumEzGzEB/zZiWhwv1QP2p0gW06dci5hKOUUgK0pt//a5jReC30Ga+l5Fh hXac3lNYBSkW3odIu32aS+FXm9+dckK4fYDjB2Rgb3K/crvruSsm932hMCu5hQ6D pmRxiVTwj39IN7kDnf8vgQKBgCWcI6H2VXuBewaPE2nWnDmboM9XanyK0PZuPdDq 79ibLqaaTQM4UESlTruVpyK3Fm+XofnYsl2fjrxvUmAK+Pu0aXyD1T9FECzazEBf FcT/USxFD3PVaK38Apsq2SFIyGDDXpjkBFAcoGcCkBjCX67uSVLAKoclRpTcuYk8 QHF3AoGBAIla5lKv5mpAx8WZBJGnifEwXDiizzbrFiCyzgUTL3zn1Idr+V8OAfGZ aYBa89DO4bP176L3ptKt/PK09o/2NTQSuYGCMeBQuC9SRdvviMyPyrGdPVuCFTU7 Y5zWioAOGECglWjwvQyw07+Tg27vyt+hLemXCArwosBElqqFYBv9 -----END RSA PRIVATE KEY----- [root@localhost rsa]# openssl rsa -pubout -in test_rsa_aes_prikey Enter pass phrase for test_rsa_aes_prikey: writing RSA key -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4J/cx6HD/AUTkRum6fO wsyuP6GO8iIhFemCZVXIPAMLq+I6RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKp heR62CnUn5VQuxk56sCPgBV0HfBgNnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoI fpcKgFsTvcx18GvXmorpwZjmjuf+dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHau UxAvSKPWvvZYocxKh2FALLKoop2+G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1 iOqYU496RFLHygCjUQ+zEblCbrwod4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6d NwIDAQAB -----END PUBLIC KEY-----
[root@localhost rsa]# openssl rsa --help Usage: rsa [options] Valid options are: -help Display this summary -inform format Input format, one of DER NET PEM -outform format Output format, one of DER NET PEM PVK -in val Input file #指定輸入文件;默認in後面指定的是一個私鑰信息 -out outfile Output file #指定輸出的文件 -pubin Expect a public key in input file #讀取公鑰信息 ;若是-in指定的是一個公鑰;默認in指定的是一個私鑰信息 -pubout Output a public key #輸出公鑰信息;根據私鑰的信息得出公鑰 -passout val Output file pass phrase source #私鑰密碼;用於將非加密的私鑰轉換成加密的私鑰 -passin val Input file pass phrase source #私鑰生成時的私鑰密碼 ; 用於將加密的私鑰解密 -RSAPublicKey_in Input is an RSAPublicKey -RSAPublicKey_out Output is an RSAPublicKey -noout Don't print key out #不輸出私鑰(或公鑰)自己 -text Print the key in text #以文本形式顯示 -modulus Print the RSA key modulus -check Verify key consistency -* Any supported cipher -pvk-strong Enable 'Strong' PVK encoding level (default) -pvk-weak Enable 'Weak' PVK encoding level -pvk-none Don't enforce PVK encoding -engine val Use engine, possibly a hardware device [root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -passout pass:test123 -out enc_rsa_2048_prikey Enter pass phrase for test_rsa_aes_prikey: writing RSA key [root@localhost rsa]# openssl rsa -pubout -in enc_rsa_2048_prikey writing RSA key -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4J/cx6HD/AUTkRum6fO wsyuP6GO8iIhFemCZVXIPAMLq+I6RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKp heR62CnUn5VQuxk56sCPgBV0HfBgNnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoI fpcKgFsTvcx18GvXmorpwZjmjuf+dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHau UxAvSKPWvvZYocxKh2FALLKoop2+G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1 iOqYU496RFLHygCjUQ+zEblCbrwod4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6d NwIDAQAB -----END PUBLIC KEY----- [root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -ase128 -passout pass:test123 -out enc_rsa_2048_prikey #私鑰是否加密是能夠生成以後再改變的
- 格式轉換
#默認是pem 格式 轉換成der格式 [root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -outform der -out 2048prikey.der Enter pass phrase for test_rsa_aes_prikey: writing RSA key #將der格式轉換爲pem格式 [root@localhost rsa]# openssl rsa -in 2048prikey.der -inform der -outform pem -out 2048prikey.pem writing RSA key #pkcs8 格式轉換 默認 pem 格式 [root@localhost rsa]# openssl pkcs8 -topk8 -inform pem -in test_rsa_aes_prikey -outform pem -nocrypt Enter pass phrase for test_rsa_aes_prikey:
3.使用公鑰和私鑰進行解密解密算法
[root@localhost rsa]# openssl rsautl -help Usage: rsautl [options] Valid options are: -help Display this summary -in infile Input file #輸入文件(待加密或待解密的文件) -out outfile Output file #輸出文件,加密解密後的文件 -inkey val Input key #密鑰輸入 -keyform PEM|DER|ENGINE Private key format - default PEM #私鑰格式 -pubin Input is an RSA public #代表輸入的是公鑰(默認是私鑰) -certin Input is a cert carrying an RSA public key #指定證書(從證書讀取公鑰) -ssl Use SSL v2 padding -raw Use no padding #無填充,加密的文件要是117或 245字節(正好117或245個字節) -pkcs Use PKCS#1 v1.5 padding (default) -oaep Use PKCS#1 OAEP -sign Sign with private key #代表使用私鑰簽名 -verify Verify with public key #代表使用公鑰驗證簽名 -asn1parse Run output through asn1parse; useful with -verify -hexdump Hex dump output #以十六進制形式輸出 -x931 Use ANSI X9.31 padding -rev Reverse the order of the input buffer -encrypt Encrypt with public key #使用公鑰加密 -decrypt Decrypt with private key #使用私鑰解密 -passin val Input file pass phrase source #輸入文件的自身的密碼 -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -engine val Use engine, possibly a hardware device
使用公鑰加密一個文件 能加密的文件的大小和公鑰的大小有關,2048位的公鑰能夠加密 (2048) / 8-11 = 245 字節的明文 ,而 1024位的密鑰能夠加密 (1024)/ 8 -11 = 117 字節的明文。11 字節是填充信息的元數據。加密後的文件和密鑰的長度一致。若是待加密的文件很小,那麼會使用填充,已達到2048或1024位。安全
4.ECDSAbash
生成 ecdsa 私鑰,ecdsa 沒法設定密鑰位數,要選擇一個橢圓曲線(-name)
選擇了曲線也就選擇了位數,secp256k1(prime256v1) 就是生成 256位的ECDSA密鑰,openssl有不少條可供選擇的曲線,使用-list_curves選項能夠查看全部的橢圓曲線,可是大多數web服務器只支持prime256v1和secp384r1 。256位的密鑰在安全和效率上都很好了,是個平衡的選擇。服務器
- 生成ecdsa私鑰
[root@localhost rsa]# openssl ecparam -genkey -name secp256k1 -out ecprikey.pem
[root@localhost rsa]# ll ecprikey.pem
-rw-------. 1 root root 294 10月 24 10:55 ecprikey.pem
[root@localhost rsa]# openssl ecparam -in ecprikey.pem -text
ASN1 OID: secp256k1
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
#查看ECDSA私鑰和公鑰
[root@localhost rsa]# openssl ec -in ecprikey.pem -text
read EC key
Private-Key: (256 bit)
priv:
82:40:8c:42:88:34:7e:11:f1:da:0c:e5:db:3b:c2:
5c:6b:54:75:04:56:de:be:13:9f:44:42:d4:4f:bd:
78:60
pub:
04:ee:fa:a7:ab:dd:96:e6:9a:cc:af:32:54:92:65:
2a:57:f1:d5:7e:30:7a:f0:b8:ce:de:84:e5:1a:d9:
b8:5f:40:93:4c:55:98:3a:ea:9b:3b:b7:48:ac:26:
e3:23:5a:68:89:c4:dc:df:f8:40:d0:a1:10:09:a0:
58:35:22:33:f5
ASN1 OID: secp256k1
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIIJAjEKINH4R8doM5ds7wlxrVHUEVt6+E59EQtRPvXhgoAcGBSuBBAAK
oUQDQgAE7vqnq92W5prMrzJUkmUqV/HVfjB68LjO3oTlGtm4X0CTTFWYOuqbO7dI
rCbjI1poicTc3/hA0KEQCaBYNSIz9Q==
-----END EC PRIVATE KEY-----
#提取公鑰
[root@localhost rsa]# openssl ec -in ecprikey.pem -pubout -out ecpubkey.pem
read EC key
writing EC key
[root@localhost rsa]# cat ecpubkey.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE7vqnq92W5prMrzJUkmUqV/HVfjB68LjO
3oTlGtm4X0CTTFWYOuqbO7dIrCbjI1poicTc3/hA0KEQCaBYNSIz9Q==
-----END PUBLIC KEY-----
5.數字簽名dom
[root@localhost rsa]# cat test dflslsdfjljlasjlsaf jdsljlsadfljlsdfjljlsdjlsadfl kldkjfjjflsadjljlsdfjl 12jlk2309933l990kjldsjs jdljldsljfdljdslfjlsdjlf lsldjjlsdfjljlsdjdsjkkldjfjkldsjllfdsjlsadjljlkds [root@localhost rsa]# openssl dgst -sign 2048prikey.pem -sha256 -out sha256_rsa_sign.test test
6.其餘一些命令ide
[root@localhost rsa]# openssl speed sha1 Doing sha1 for 3s on 16 size blocks: 18537221 sha1's in 2.99s Doing sha1 for 3s on 64 size blocks: 13406053 sha1's in 3.00s Doing sha1 for 3s on 256 size blocks: 6720935 sha1's in 2.99s Doing sha1 for 3s on 1024 size blocks: 2231335 sha1's in 3.00s Doing sha1 for 3s on 8192 size blocks: 310411 sha1's in 2.99s Doing sha1 for 3s on 16384 size blocks: 159209 sha1's in 3.00s OpenSSL 1.1.1 11 Sep 2018 built on: Sat Oct 20 07:24:19 2018 UTC options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha1 99195.83k 285995.80k 575437.91k 761629.01k 850463.85k 869493.42k [root@localhost rsa]# openssl speed sha256 Doing sha256 for 3s on 16 size blocks: 13126781 sha256's in 2.99s Doing sha256 for 3s on 64 size blocks: 7492471 sha256's in 3.00s Doing sha256 for 3s on 256 size blocks: 3480299 sha256's in 2.99s Doing sha256 for 3s on 1024 size blocks: 1063047 sha256's in 3.00s Doing sha256 for 3s on 8192 size blocks: 146308 sha256's in 2.99s Doing sha256 for 3s on 16384 size blocks: 73537 sha256's in 3.00s OpenSSL 1.1.1 11 Sep 2018 built on: Sat Oct 20 07:24:19 2018 UTC options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha256 70243.64k 159839.38k 297978.78k 362853.38k 400854.56k 401610.07k [root@localhost rsa]# openssl rand -hex 16 882b85d660d91c5e85cb5b6ea05ca67c [root@localhost rsa]# openssl rand -base64 16 lGtlf+yGA0EDF85sAl8XEA== [root@localhost rsa]# openssl rand -hex -out rand.txt 32 [root@localhost rsa]# cat rand.txt 6ae37cf3b7850b9532e153888ab38bd3ca985360ccc4b977d4c07fbeb5d7f49d
相關文章
- 1. SSL/TLS深度解析--OpenSSL 升級到最新版本
- 2. OpenSSL原理及基本使用
- 3. NullSafe基於Runtime的深度解析
- 4. 基於synchronized鎖的深度解析
- 5. JavaJSON的基本使用(JSON解析)
- 6. SSL/TLS深度解析--OpenSSL 生成自簽證書
- 7. SSL/TLS深度解析--OpenSSL s_client測試子命令
- 8. 深度學習基本模型淺析
- 9. 深刻理解EventBus - 基本使用
- 10. OpenSSL的使用
- 更多相關文章...
- • Redis基本安裝和使用 - Redis教程
- • XML DOM 解析器 - XML DOM 教程
- • 算法總結-深度優先算法
- • Kotlin學習(二)基本類型
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
