疑今者察之古,不知来者视之往。
介绍
对称加密
公钥加密
信息摘要
数字证书
杂项
密码学标准和互联网协议一样,是一种大家都遵守的约定和标准,比如PKCS#1中规定了 RSA 秘钥是怎么生成的、公私钥的格式 等内容,x509标准规定了证书的格式等。
OpenSSL 本质就是一个工具集,按照主流的密码学标准实现了常用的加密算法,证书的生成、签名、验签等功能。
对称密钥算法在加密和解密时使用相同的密钥进行处理,这类算法众多可通过 openssl list -cipher-commands 具体查看。
$ openssl enc --help Usage: enc [options] General options: -help Display this summary -list List ciphers -ciphers Alias for -list -e Encrypt -d Decrypt -p Print the iv/key -P Print the iv/key and exit -engine val Use engine, possibly a hardware device Input options: -in infile Input file -k val Passphrase -kfile infile Read passphrase from file Output options: -out outfile Output file -pass val Passphrase source -v Verbose output -a Base64 encode/decode, depending on encryption flag -base64 Same as option -a -A Used with -[base64|a] to specify base64 buffer as a single line Encryption options: -nopad Disable standard block padding -salt Use salt in the KDF (default) -nosalt Do not use salt in the KDF -debug Print debug info -bufsize val Buffer size -K val Raw key, in hex -S val Salt, in hex -iv val IV in hex -md val Use specified digest to create a key from the passphrase -iter +int Specify the iteration count and force use of PBKDF2 -pbkdf2 Use password-based key derivation function 2 -none Don't encrypt -* Any supported cipher Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms
示例一:使用一种加密算法加密文件
// 通过aes-128-cbc对称密钥算法对文件test.txt进行加密,共享密钥是pass,输出文件是test-aes-enc.txt。 openssl enc -e -aes-128-cbc -in test.txt -k pass -out test-aes-enc.txt -v // 通过aes-128-cbc对称密钥算法对文件test-aes-enc.txt进行解密,共享密钥是pass,输出文件是test-aes-dec.txt。 openssl enc -d -aes-128-cbc -in test-aes-enc.txt -k 123 -out test-aes-dec.txt -v
公钥密钥算法在加密和解密时分别使用不同的密钥进行处理(一般 公钥加密,私钥解密;而签名则相反:私钥加密,公钥解密),这类算法目前只支持DH算法、RSA算法、DSA算法和椭圆曲线算法(EC)。DH算法一般用于密钥交换。RSA算法可用于密钥交换、数字签名及数据加密。DSA算法一般只用于数字签名。此处只重点介绍RSA相关指令genrsa、rsa、rsautl的使用。
$ openssl genrsa --help Usage: genrsa [options] numbits General options: -help Display this summary -engine val Use engine, possibly a hardware device Input options: -3 (deprecated) Use 3 for the E value -F4 Use the Fermat number F4 (0x10001) for the E value -f4 Use the Fermat number F4 (0x10001) for the E value Output options: -out outfile Output the key to specified file -passout val Output file pass phrase source -primes +int Specify number of primes -verbose Verbose output -traditional Use traditional format for private keys -* Encrypt the output with any supported cipher Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms Parameters: numbits Size of key in bits
示例一:生成无密码且1024字节长度的私钥
openssl genrsa -out private.pem 1024 -verbose
示例二:生成带密码的私钥(genrsa生成的私钥格式都是PEM格式)--PEM、DER格式区别
// 使用aes-128-cbc对称加密算法对私钥进行加密处理,命令执行之后会提示输入密码 openssl genrsa -aes-128-cbc -out pri.pem -verbose
$ openssl rsa --help Usage: rsa [options] General options: -help Display this summary -check Verify key consistency -* Any supported cipher -engine val Use engine, possibly a hardware device Input options: -in val Input file -inform format Input format (DER/PEM/P12/ENGINE -pubin Expect a public key in input file -RSAPublicKey_in Input is an RSAPublicKey -passin val Input file pass phrase source Output options: -out outfile Output file -outform format Output format, one of DER PEM PVK -pubout Output a public key -RSAPublicKey_out Output is an RSAPublicKey -passout val Output file pass phrase source -noout Don't print key out -text Print the key in text -modulus Print the RSA key modulus -traditional Use traditional format for private keys PVK options: -pvk-strong Enable 'Strong' PVK encoding level (default) -pvk-weak Enable 'Weak' PVK encoding level -pvk-none Don't enforce PVK encoding Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms
示例一:私钥文件内容查看
openssl rsa -in priv.pem -text
示例二:给秘钥添加/去除/修改对称加密的密码(注意:此处涉及密码输入的格式均为pass:pass_value)
// 为RSA密钥增加口令保护 openssl rsa -in RSA.pem -des3 -passout pass:123456 -out E_RSA.pem // 为RSA密钥去除口令保护 openssl rsa -in E_RSA.pem -passin pass:123456 -out P_RSA.pem // 修改加密算法为aes128,口令是123456 openssl rsa -in RSA.pem -passin pass:123456 -aes128 -passout pass:123456 -out E_RSA.pem
示例三:密钥格式转换
// 把pem格式转化成der格式,使用outform指定der格式 openssl rsa -in RSA.pem -passin pass:123456 -des -passout pass:123456 -outform der -out rsa.der 注意:DER用二进制编码的证书,PEM用ASCLL(BASE64)编码的证书,一般默认都是PEM格式。
示例四:公钥提取
openssl rsa -in private.pem -pubout -out public.pem
$ openssl rsautl --help The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead. Usage: rsautl [options] General options: -help Display this summary -sign Sign with private key -verify Verify with public key -encrypt Encrypt with public key -decrypt Decrypt with private key -engine val Use engine, possibly a hardware device Input options: -in infile Input file -inkey val Input key -keyform PEM|DER|ENGINE Private key format (ENGINE, other values ignored) -pubin Input is an RSA public -certin Input is a cert carrying an RSA public key -rev Reverse the order of the input buffer -passin val Input file pass phrase source Output options: -out outfile Output file -raw Use no padding -pkcs Use PKCS#1 v1.5 padding (default) -x931 Use ANSI X9.31 padding -oaep Use PKCS#1 OAEP -asn1parse Run output through asn1parse; useful with -verify -hexdump Hex dump output Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms
示例一:使用公私钥加解密文件
// 用公钥加密文件 openssl rsautl -encrypt -in plain.text -inkey public.pem -out encrypt.text // 用私钥解密文件 openssl rsautl -decrypt -in encrypt.text -inkey private.pem -out replain.text
示例二:使用公私钥签名/验签文件(此处的签名过程是针对文件的,故不涉及hash计算步骤)
// 用私钥签名 openssl rsautl -sign -in plain.text -inkey private.pem -out signed.text // 用公钥验签 openssl rsautl -verify -in signed.text -pubin -inkey public.pem -out verify.text
信息摘要算法是将任意长度的数据转换成固定长度的字符串的过程,它通常用于验证数据的完整性和一致性,这类算法可通过命令 openssl list -digest-commands 具体查看。
$ openssl dgst --help Usage: dgst [options] [file...] General options: -help Display this summary -list List digests -engine val Use engine e, possibly a hardware device -engine_impl Also use engine given by -engine for digest operations -passin val Input file pass phrase source Output options: -c Print the digest with separating colons -r Print the digest in coreutils format -out outfile Output to filename rather than stdout -keyform format Key file format (ENGINE, other values ignored) -hex Print as hex dump -binary Print in binary form -xoflen +int Output length for XOF algorithms -d Print debug info -debug Print debug info Signing options: -sign val Sign digest using private key -verify val Verify a signature using public key -prverify val Verify a signature using private key -sigopt val Signature parameter in n:v form -signature infile File with signature to verify -hmac val Create hashed MAC with key -mac val Create MAC (not necessarily HMAC) -macopt val MAC algorithm parameters in n:v form or key -* Any supported digest -fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms Parameters: file Files to digest (optional; default is stdin)
示例一:计算文件摘要
// 计算文件的md5值 openssl dgst -md5 test.txt
示例二:文件签名及验签(此处的签名是针对文件的hash值进行的,故一定会经历hash计算步骤)
// 使用private.pem私钥对文件plain.txt的哈希值进行签名并输出到test.text文件 openssl dgst -sign private.pem -out test.text plain.text // 使用public.pem公钥对签名文件进行验签 openssl dgst -verify public.pem -signature test.text plain.text
数字证书就是用一个权威的私钥(一般是CA根的私钥)对另一个第三方公司的公钥证书(即证书请求,包含公司信息、网址、自生成的公钥)进行签名来提升第三方公钥证书的可信度。
$ openssl req --help Usage: req [options] General options: -help Display this summary -engine val Use engine, possibly a hardware device -keygen_engine val Specify engine to be used for key generation operations -in infile X.509 request input file (default stdin) -inform PEM|DER Input format - DER or PEM -verify Verify self-signature on the request Certificate options: -new New request -config infile Request template file -section val Config section to use (default "req") -utf8 Input characters are UTF8 (default ASCII) -nameopt val Certificate subject/issuer name printing options -reqopt val Various request text options -text Text form of request -x509 Output an X.509 certificate structure instead of a cert request -CA infile Issuer cert to use for signing a cert, implies -x509 -CAkey val Issuer private key to use with -CA; default is -CA arg (Required by some CA's) -subj val Set or modify subject of request or cert -subject Print the subject of the output request or cert -multivalue-rdn Deprecated; multi-valued RDNs support is always on. -days +int Number of days cert is valid for -set_serial val Serial number to use -copy_extensions val copy extensions from request when using -x509 -addext val Additional cert extension key=value pair (may be given more than once) -extensions val Cert extension section (override value in config file) -reqexts val Request extension section (override value in config file) -precert Add a poison extension to the generated cert (implies -new) Keys and Signing options: -key val Key for signing, and to include unless -in given -keyform format Key file format (ENGINE, other values ignored) -pubkey Output public key -keyout outfile File to write private key to -passin val Private key and certificate password source -passout val Output file pass phrase source -newkey val Generate new key with [<alg>:]<nbits> or <alg>[:<file>] or param:<file> -pkeyopt val Public key options as opt:value -sigopt val Signature parameter in n:v form -vfyopt val Verification parameter in n:v form -* Any supported digest Output options: -out outfile Output file -outform PEM|DER Output format - DER or PEM -batch Do not ask anything during request generation -verbose Verbose output -noenc Don't encrypt private keys -nodes Don't encrypt private keys; deprecated -noout Do not output REQ -newhdr Output "NEW" in the header lines -modulus RSA modulus Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms
示例一:生成一个证书请求
// 使用已有的private.pem私钥去生成一个证书请求。(有个人信息问答环节) openssl req -new -key private.pem -out request.csr // 使用自动生成的RSA私钥去生成一个证书请求文件。(有个人信息问答环节) openssl req -new -out request.csr // 自动生成1024位且不加密并输出为RSA.pem的私钥,以及生成免问答的证书请求client.csr。 openssl req -new -newkey rsa:1024 -nodes -out client.csr -keyout RSA.pem -subj /C=AU/ST=Some-State/O=Internet // 快速生成证书请求,跳过了私钥加密请求及个人信息问答环节。 openssl req -new -nodes -out request.csr -batch 注意:生成证书请求文件虽然一定需要RSA私钥的参与,但请求文件的内容中并未嵌入私钥的信息,只有从私钥中提取出来的公钥。
示例二:查看证书请求文件的内容信息
openssl req -in request.csr -text
示例三:从证书请求文件中提取公钥
openssl req -in client.csr -pubkey -noout >pub.pem
示例四:生成自签名证书(即根CA,可以拿来给其他证书请求文件做证书签名,即证书颁发)
// 首先生成一个私钥ca.key,然后根据私钥直接生成一个自签根证书ca.crt openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt // 自动生成一个自签证书mycert.cer和它的私钥prvi.pem(会询问个人信息) openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout prvi.pem -out mycert.cer // 快捷验证生成的证书是否有效,网址 https://localhost:4433。(-cert所需的文件是一个私钥与证书的结合体,即 cat prvi.pem mycert.cer > mycert.pem) openssl s_server -cert mycert.pem -www -accept 4433
$ openssl x509 --help Usage: x509 [options] General options: -help Display this summary -in infile Certificate input, or CSR input file with -req (default stdin) -passin val Private key and cert file pass-phrase source -new Generate a certificate from scratch -x509toreq Output a certification request (rather than a certificate) -req Input is a CSR file (rather than a certificate) -copy_extensions val copy extensions when converting from CSR to x509 or vice versa -inform format CSR input file format (DER or PEM) - default PEM -vfyopt val CSR verification parameter in n:v form -key val Key for signing, and to include unless using -force_pubkey -signkey val Same as -key -keyform PEM|DER|ENGINE Key input format (ENGINE, other values ignored) -out outfile Output file - default stdout -outform format Output format (DER or PEM) - default PEM -nocert No cert output (except for requested printing) -noout No output (except for requested printing) Certificate printing options: -text Print the certificate in text form -dateopt val Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822. -certopt val Various certificate text printing options -fingerprint Print the certificate fingerprint -alias Print certificate alias -serial Print serial number value -startdate Print the notBefore field -enddate Print the notAfter field -dates Print both notBefore and notAfter fields -subject Print subject DN -issuer Print issuer DN -nameopt val Certificate subject/issuer name printing options -email Print email address(es) -hash Synonym for -subject_hash (for backward compat) -subject_hash Print subject hash value -subject_hash_old Print old-style (MD5) subject hash value -issuer_hash Print issuer hash value -issuer_hash_old Print old-style (MD5) issuer hash value -ext val Restrict which X.509 extensions to print and/or copy -ocspid Print OCSP hash values for the subject name and public key -ocsp_uri Print OCSP Responder URL(s) -purpose Print out certificate purposes -pubkey Print the public key in PEM format -modulus Print the RSA key modulus Certificate checking options: -checkend intmax Check whether cert expires in the next arg seconds Exit 1 (failure) if so, 0 if not -checkhost val Check certificate matches host -checkemail val Check certificate matches email -checkip val Check certificate matches ipaddr Certificate output options: -set_serial val Serial number to use, overrides -CAserial -next_serial Increment current certificate serial number -days int Number of days until newly generated certificate expires - default 30 -preserve_dates Preserve existing validity dates -subj val Set or override certificate subject (and issuer) -force_pubkey infile Place the given key in new certificate -clrext Do not take over any extensions from the source certificate or request -extfile infile Config file with X509V3 extensions to add -extensions val Section of extfile to use - default: unnamed section -sigopt val Signature parameter, in n:v form -badsig Corrupt last byte of certificate signature (for test) -* Any supported digest, used for signing and printing Micro-CA options: -CA infile Use the given CA certificate, conflicts with -key -CAform PEM|DER CA cert format (PEM/DER/P12); has no effect -CAkey val The corresponding CA key; default is -CA arg -CAkeyform PEM|DER|ENGINE CA key format (ENGINE, other values ignored) -CAserial val File that keeps track of CA-generated serial number -CAcreateserial Create CA serial number file if it does not exist Certificate trust output options: -trustout Mark certificate PEM output as trusted -setalias val Set certificate alias (nickname) -clrtrust Clear all trusted purposes -addtrust val Trust certificate for a given purpose -clrreject Clears all the prohibited or rejected uses of the certificate -addreject val Reject certificate for a given purpose Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file -engine val Use engine, possibly a hardware device Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms
示例一:使用自签根证书为证书请求文件签名
// 生成请求文件server.csr,然后使用自签名证书为其签名 openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out server.csr openssl x509 -sha256 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
$ openssl rand --help Usage: rand [options] num General options: -help Display this summary -engine val Use engine, possibly a hardware device Output options: -out outfile Output file -base64 Base64 encode output -hex Hex encode output Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms Parameters: num Number of bytes to generate
示例一:生成随机值
// 生成3个字节的随机数 openssl rand -hex 3 注意:由于生成是随机的字节,因此如果不通过-base64或-hex编码的话输出会显示乱码。
$ openssl passwd --help Usage: passwd [options] [password] General options: -help Display this summary Input options: -in infile Read passwords from file -noverify Never verify when reading password from terminal -stdin Read passwords from stdin Output options: -quiet No warnings -table Format output as table -reverse Switch table columns Cryptographic options: -salt val Use provided salt -6 SHA512-based password algorithm -5 SHA256-based password algorithm -apr1 MD5-based password algorithm, Apache variant -1 MD5-based password algorithm -aixmd5 AIX MD5-based password algorithm Random state options: -rand val Load the given file(s) into the random number generator -writerand outfile Write random data to the specified file Provider options: -provider-path val Provider load path (must be before 'provider' argument if required) -provider val Provider to load (can be specified multiple times) -propquery val Property query used when fetching algorithms Parameters: password Password text to digest (optional)
示例一:对明文密码进行加密处理
// 基本用法 openssl passwd 12345 // 使用盐值进行密码加密(默认盐值不固定,导致同一条命令每次执行都会产生不同的结果) openssl passwd -salt 'z' 12345
密码学基础
使用OpenSSL证书操作详解
OpenSSL 中文手册
《图解密码技术》读后总结