1、PKCS1私钥生成
|
1 2 3 4 5 6 |
# <strong>openssl genrsa -out private.pem 2048</strong> Generating RSA private key, 2048 bit long modulus (2 primes) .................................................+++++ ..........+++++ e is 65537 (0x010001) |
private.pem 的内容如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
<strong># cat private.pem</strong> -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEApr+dbhDYMKV9JbsezuZ2j+CJtl5Ww34K253FX6BRuQNxnaQd UnXvDIEdyd96f58/xwTcSi9U9lzJgQ7ROCXLm7fcZ1DNGPNYcQfFBjNFy34mDdEF GRbn6+bOahb/NCpI9lC8dkwoCTfiq58r+VzFlR+X/Jq0g5J4Uyi24EO9KL1dfwrk mgdaCau6/gATom+2UYyIMmzgdZ2rrJoALWjv/cIducsBTfgS+oTV30bmoMMg1EWh fQzbPG1Axqej1K0LJroxFF5VFsfx57ggxwyhbWxbXiYmbckD5QayRd5WDsO8T9ZU Ab2Z/Tn6Mn3OnsLwgWBq4nij2W8OA6n3TkctYwIDAQABAoIBADMxMIvR8A0/QSSM RfEPH+cb8Ctk2w45a+vwi9/HwE8kl4TmFXpzamhUW2jWiy0THulivJ6p2VOpONO+ UM0EDXZJBAlT7SNz0fshf4NfylWm7NfhC8egGKN7wHMhjEffk3bLYpCO4NuzpIs7 2qw7pw0ZHfgXJsQd+4LMRRikszYGLgF/CDRQ8H0n+RPceSrw4P0GYtOaNDaMwXEN ov48L+QaYXEB9411YPmnpQsB+DZKI22J4LLRUMLP1gxLROsl3nMjSDT94Lx/TCp8 KFtgmnkdIEvKVzHIfv9c2HtNqpiQoe/88N9kN9+gV0ZN+t253TCJv7VU+S4KJoj7 EciAKkECgYEA00QhG08Ot4DQyJjQX72WcSppfnp9QrrRREFGpsUuYvOG9gwLHYSx GAX9+889UduHQNxNODAhFJt4vh6jmrfVRLJnc9qP4qXDjU2VzeqX0vwPDU8xGK4M NC71wDQjJEIBofhDB0XiKuIijQ9SbyfG51djEeLJZKwcEDdxUHYufsUCgYEAyg5e Agx1Q/8g5gesVKBrl9UaSTWu+3fPDPTax35t4GbUlSktNE8RQWfYmutn5hjF4Rep PeDln304MHW3EUakjgziHiAuDlo3R3e5pe1XUJwE7xPPQH1F6V0nv5Rzw+PSw7Ym 4hr3IUo3mw/DOkO5bbOFO7H1tDJE/PGOuvP2PgcCgYB6GC6V7LuRm5WNyJrsKdIu 9pbfLIUFspfMPXlKWjxznVALFGy8E3qRaq0dAOjsTNW+y1KpPU9w7GT8YxKkEMfl GsGk99Qd5TS9jfAcgA5cNaWxSGoUXEnbQqRt/vOsOaVd6O873cxWgjf7k7ZNXQyb mCo+JPXFA554VMJdAN/gDQKBgHIVWJjZheBljaKzlGaXyQgKR3Qsfmb3h40uNtTK mqlIBiFOBXryZbDDPHaEEb7GH/vuix0n/R5m6jHaVQnJFCIsPgN6ceaio3GTtNtt vY4C+XoveiZUVQPlGAtAe3iQCrF8CEpDpWNDb0/6v2UHVgwNf11sJmmetHsIvGjs VA1DAoGAdTXolXfHeoF6Wuaqo+u0INgtq3qxx+L2cVqcNZL3Uyv00N+0f1ZNd555 FprUA3PaivGsuO3eAHT4EXT0Iz7606az49tkGrbKQNBNdfs2dinGBEmbU0W1xroX PzUQbnXskicn6N3GAJJgOtccSFcjwSRPBbOlyVCZzc9pYDH36yk= -----END RSA PRIVATE KEY----- |
2、PKCS1私钥转换为PKCS8
|
1 2 |
# <strong>openssl pkcs8 -topk8 -inform PEM -in private.pem -outform pem -nocrypt -out pkcs8.pem</strong> |
pkcs8.pem文件内容
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# <strong>cat pkcs8.pem</strong> -----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCmv51uENgwpX0l ux7O5naP4Im2XlbDfgrbncVfoFG5A3GdpB1Sde8MgR3J33p/nz/HBNxKL1T2XMmB DtE4Jcubt9xnUM0Y81hxB8UGM0XLfiYN0QUZFufr5s5qFv80Kkj2ULx2TCgJN+Kr nyv5XMWVH5f8mrSDknhTKLbgQ70ovV1/CuSaB1oJq7r+ABOib7ZRjIgybOB1naus mgAtaO/9wh25ywFN+BL6hNXfRuagwyDURaF9DNs8bUDGp6PUrQsmujEUXlUWx/Hn uCDHDKFtbFteJiZtyQPlBrJF3lYOw7xP1lQBvZn9Ofoyfc6ewvCBYGrieKPZbw4D qfdORy1jAgMBAAECggEAMzEwi9HwDT9BJIxF8Q8f5xvwK2TbDjlr6/CL38fATySX hOYVenNqaFRbaNaLLRMe6WK8nqnZU6k4075QzQQNdkkECVPtI3PR+yF/g1/KVabs 1+ELx6AYo3vAcyGMR9+TdstikI7g27OkizvarDunDRkd+BcmxB37gsxFGKSzNgYu AX8INFDwfSf5E9x5KvDg/QZi05o0NozBcQ2i/jwv5BphcQH3jXVg+aelCwH4Nkoj bYngstFQws/WDEtE6yXecyNINP3gvH9MKnwoW2CaeR0gS8pXMch+/1zYe02qmJCh 7/zw32Q336BXRk363bndMIm/tVT5LgomiPsRyIAqQQKBgQDTRCEbTw63gNDImNBf vZZxKml+en1CutFEQUamxS5i84b2DAsdhLEYBf37zz1R24dA3E04MCEUm3i+HqOa t9VEsmdz2o/ipcONTZXN6pfS/A8NTzEYrgw0LvXANCMkQgGh+EMHReIq4iKND1Jv J8bnV2MR4slkrBwQN3FQdi5+xQKBgQDKDl4CDHVD/yDmB6xUoGuX1RpJNa77d88M 9NrHfm3gZtSVKS00TxFBZ9ia62fmGMXhF6k94OWffTgwdbcRRqSODOIeIC4OWjdH d7ml7VdQnATvE89AfUXpXSe/lHPD49LDtibiGvchSjebD8M6Q7lts4U7sfW0MkT8 8Y668/Y+BwKBgHoYLpXsu5GblY3Imuwp0i72lt8shQWyl8w9eUpaPHOdUAsUbLwT epFqrR0A6OxM1b7LUqk9T3DsZPxjEqQQx+UawaT31B3lNL2N8ByADlw1pbFIahRc SdtCpG3+86w5pV3o7zvdzFaCN/uTtk1dDJuYKj4k9cUDnnhUwl0A3+ANAoGAchVY mNmF4GWNorOUZpfJCApHdCx+ZveHjS421MqaqUgGIU4FevJlsMM8doQRvsYf++6L HSf9HmbqMdpVCckUIiw+A3px5qKjcZO02229jgL5ei96JlRVA+UYC0B7eJAKsXwI SkOlY0NvT/q/ZQdWDA1/XWwmaZ60ewi8aOxUDUMCgYB1NeiVd8d6gXpa5qqj67Qg 2C2rerHH4vZxWpw1kvdTK/TQ37R/Vk13nnkWmtQDc9qK8ay47d4AdPgRdPQjPvrT prPj22QatspA0E11+zZ2KcYESZtTRbXGuhc/NRBudeySJyfo3cYAkmA61xxIVyPB JE8Fs6XJUJnNz2lgMffrKQ== -----END PRIVATE KEY----- |
3、PKCS8格式私钥转换为PKCS1(传统私钥格式)
|
1 2 3 |
<strong># openssl rsa -in pkcs8.pem -out pkcs1.pem</strong> writing RSA key |
pkcs1.pem文件内容如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
<strong>cat pkcs1.pem</strong> -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEApr+dbhDYMKV9JbsezuZ2j+CJtl5Ww34K253FX6BRuQNxnaQd UnXvDIEdyd96f58/xwTcSi9U9lzJgQ7ROCXLm7fcZ1DNGPNYcQfFBjNFy34mDdEF GRbn6+bOahb/NCpI9lC8dkwoCTfiq58r+VzFlR+X/Jq0g5J4Uyi24EO9KL1dfwrk mgdaCau6/gATom+2UYyIMmzgdZ2rrJoALWjv/cIducsBTfgS+oTV30bmoMMg1EWh fQzbPG1Axqej1K0LJroxFF5VFsfx57ggxwyhbWxbXiYmbckD5QayRd5WDsO8T9ZU Ab2Z/Tn6Mn3OnsLwgWBq4nij2W8OA6n3TkctYwIDAQABAoIBADMxMIvR8A0/QSSM RfEPH+cb8Ctk2w45a+vwi9/HwE8kl4TmFXpzamhUW2jWiy0THulivJ6p2VOpONO+ UM0EDXZJBAlT7SNz0fshf4NfylWm7NfhC8egGKN7wHMhjEffk3bLYpCO4NuzpIs7 2qw7pw0ZHfgXJsQd+4LMRRikszYGLgF/CDRQ8H0n+RPceSrw4P0GYtOaNDaMwXEN ov48L+QaYXEB9411YPmnpQsB+DZKI22J4LLRUMLP1gxLROsl3nMjSDT94Lx/TCp8 KFtgmnkdIEvKVzHIfv9c2HtNqpiQoe/88N9kN9+gV0ZN+t253TCJv7VU+S4KJoj7 EciAKkECgYEA00QhG08Ot4DQyJjQX72WcSppfnp9QrrRREFGpsUuYvOG9gwLHYSx GAX9+889UduHQNxNODAhFJt4vh6jmrfVRLJnc9qP4qXDjU2VzeqX0vwPDU8xGK4M NC71wDQjJEIBofhDB0XiKuIijQ9SbyfG51djEeLJZKwcEDdxUHYufsUCgYEAyg5e Agx1Q/8g5gesVKBrl9UaSTWu+3fPDPTax35t4GbUlSktNE8RQWfYmutn5hjF4Rep PeDln304MHW3EUakjgziHiAuDlo3R3e5pe1XUJwE7xPPQH1F6V0nv5Rzw+PSw7Ym 4hr3IUo3mw/DOkO5bbOFO7H1tDJE/PGOuvP2PgcCgYB6GC6V7LuRm5WNyJrsKdIu 9pbfLIUFspfMPXlKWjxznVALFGy8E3qRaq0dAOjsTNW+y1KpPU9w7GT8YxKkEMfl GsGk99Qd5TS9jfAcgA5cNaWxSGoUXEnbQqRt/vOsOaVd6O873cxWgjf7k7ZNXQyb mCo+JPXFA554VMJdAN/gDQKBgHIVWJjZheBljaKzlGaXyQgKR3Qsfmb3h40uNtTK mqlIBiFOBXryZbDDPHaEEb7GH/vuix0n/R5m6jHaVQnJFCIsPgN6ceaio3GTtNtt vY4C+XoveiZUVQPlGAtAe3iQCrF8CEpDpWNDb0/6v2UHVgwNf11sJmmetHsIvGjs VA1DAoGAdTXolXfHeoF6Wuaqo+u0INgtq3qxx+L2cVqcNZL3Uyv00N+0f1ZNd555 FprUA3PaivGsuO3eAHT4EXT0Iz7606az49tkGrbKQNBNdfs2dinGBEmbU0W1xroX PzUQbnXskicn6N3GAJJgOtccSFcjwSRPBbOlyVCZzc9pYDH36yk= -----END RSA PRIVATE KEY----- |
4、生成自签名证书
|
1 |
# <strong>openssl req -x509 -newkey rsa:2048 -keyout privatekey.pem -out publickey.pem -days 99999 -nodes</strong> |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Generating a RSA private key ............................+++++ ...............+++++ writing new private key to 'privatekey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:<strong>CN</strong> State or Province Name (full name) []:<strong>Beijing</strong> Locality Name (eg, city) [Default City]:<strong>Beijing</strong> Organization Name (eg, company) [Default Company Ltd]:<strong>aqwu.net</strong> Organizational Unit Name (eg, section) []:<strong>aqwu.net</strong> Common Name (eg, your name or your server's hostname) []:<strong>aqwu.net</strong> Email Address []:<strong>support@aqwu.net</strong> |
|
1 |
显示 privatekey.pem 内容 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<strong># cat privatekey.pem</strong> -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUzggyx69cTG2n 3itcnWMYY1JSGd+kQ4eNrQKyHu5nIXfsca4qAOqfucX+qTzMsXGgiYcXpgAHTwIl HHAkFnBZSTPhv9761OfILvdyvjkhE3D0AUbI/6mU/LYFxA6NxG4/ljev3MxY8wcV TRLLPIjbLaPxKnoZZ3YPI/Z4IXNsoEScEUJeEzpIjkuNU1Bf6r/1WzAAdHKnaaks Kk3WwJcZJyIPwX5NgM5unMUkIqx4ri0v8g+ONI3VSjne3E/NCqpp7dNqvMDqakF6 YOrMZZ1PJmBz+Y7qKLq8sWjQATeKqdqxPcveItTXaXaJiKamVRAq5pyzWCIpr+bN +yRM124LAgMBAAECggEBAMosf992lOS0e81rJnkT0cyet9vmVvGhcowoHZKKDmcO hfetvRCM1FsxTKj3shqqTlB9uEnAXPCUoG4PiX7PjqdVA6Rq/HYDhb1K2a46iN4i sUIwYEaflkZEnM33iPgo8bEZjwhWVhH/ufADzGInvcG1p7Z8a4ntIF2cBhH1fcpo 8MaoTRUL0NCzVCIjVFPlcJj+3rx6i5FSIYuHWgk3CdOBqrVY6UbqT34irbJYoPnE Ypz5Vqxj41By1b81PlK6PY47n0VjaK3NWUL8Xc1zsKBNIs5h56nm13+ft5VAtb26 S3biarwfSs07wPCt5dieRoz9dOoTPMAGeKpB6Fwh8NECgYEA+IkQKmTRHMrHzaP4 ILHTb9du9NIZj1jHKYxqn35ZEs6z2VneJHBYJpBXIDDacOIBK2LJWUNNMku/ggLp RxJBo4Rj4VQuKXSM6RCiGaw21wEEyQcTmSeIXSN5NW4M9XvUNZZ9LXxkkSmSsGrH 1QaLEGpCbtjEx4UdkMZYr5inm4MCgYEA2zI+a0oeAwsecptbfy9ZHe/uxfMwJdIo Vu/miZCX0txwRgFIrbqOruWxWSDcptNR/tK44u/3IoyauUxNf89FYHH1CcdwYBKC BtNMt41ntR92Jml8ohgjIQdcJcLUio9Yptr1G9ts91hfhlO3G/WpytCOqNElqFSO Fw2/BUq6NNkCgYEA2lVmaye4AIgvsHq8TtSJP3ZNViuAIsrF470kKcsQKxKFMord OLus5OvmbjQcohAZIOkeoxkZpvaeXXN7RWFHYoO6Tsfp6acm5tQi41TDtGuDrapW 0DPHerLgF0z/e2R2D0GN5DikDFYuNGcJ+B1Qa3I9vC0X6YMKbxWf8Vq020sCgYB8 PTw336inHPRDDV+M9S9T0pzJwg82QKnwrMVEj5oeQCe65htlrOoWo8YjuIaYYAqH nrSAnHa9NGi2QlNi7/5ore6vfkVpjtP4PmerWhDADncPSpcD4R54KA3IsWd6qckb udtX0MUwZPyvzF9rD5EPjapucS0g/dwToQz2WOa18QKBgEknuoKPeykoIQuuP8+p d/yedt6lW7aNvdwdjhxfm1/pe3udXXcrABBhjA3S7NBW09k29YJ+eCFhx9TRG/A6 cyTb2JAqEJ++JQSfkzPJkOk4PUUFgT89eQgVE15hNvpBJb2S+VQXEX8vnbWPtTTB wyjzzaxVGobHeZ+MpwAO03c5 -----END PRIVATE KEY----- |
|
1 2 |
显示 publickey.pem 内容 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# <strong>cat publickey.pem</strong> -----BEGIN CERTIFICATE----- MIID+zCCAuOgAwIBAgIUCq+AqxgwC97wRDgqNnrvbOANswQwDQYJKoZIhvcNAQEL BQAwgYsxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdC ZWlqaW5nMREwDwYDVQQKDAhhcXd1Lm5ldDERMA8GA1UECwwIYXF3dS5uZXQxETAP BgNVBAMMCGFxd3UubmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QGFxd3UubmV0 MCAXDTIyMTEyMTEwMjczN1oYDzIyOTYwOTA0MTAyNzM3WjCBizELMAkGA1UEBhMC Q04xEDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0JlaWppbmcxETAPBgNVBAoM CGFxd3UubmV0MREwDwYDVQQLDAhhcXd1Lm5ldDERMA8GA1UEAwwIYXF3dS5uZXQx HzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAYXF3dS5uZXQwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDUzggyx69cTG2n3itcnWMYY1JSGd+kQ4eNrQKyHu5n IXfsca4qAOqfucX+qTzMsXGgiYcXpgAHTwIlHHAkFnBZSTPhv9761OfILvdyvjkh E3D0AUbI/6mU/LYFxA6NxG4/ljev3MxY8wcVTRLLPIjbLaPxKnoZZ3YPI/Z4IXNs oEScEUJeEzpIjkuNU1Bf6r/1WzAAdHKnaaksKk3WwJcZJyIPwX5NgM5unMUkIqx4 ri0v8g+ONI3VSjne3E/NCqpp7dNqvMDqakF6YOrMZZ1PJmBz+Y7qKLq8sWjQATeK qdqxPcveItTXaXaJiKamVRAq5pyzWCIpr+bN+yRM124LAgMBAAGjUzBRMB0GA1Ud DgQWBBQuOdzBzuHeuIoNllhqyqIQPyjQODAfBgNVHSMEGDAWgBQuOdzBzuHeuIoN llhqyqIQPyjQODAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB2 ohECjyzZZNWYxBO1qFFmc6jDgSDRirZJnbwEO1UOXZ223NTdvFhjIkx6n8RAb14H cbRzJzgkHJvBiTkwSnMzcIkJGs16h2H5ZmXyUK3tnvribi3kIKa8tVL119J1MxkO 8l9/mk6Hc3dTYoxwjb5nlFZxj5E1X/5he9XrZ8ms8lIXChFmFLtk1W23+MPE7iVE 6HOsUZzCyJwADanRl0tbBmen5rBhbTVDkFB70IYnnQmTTXAd+HE5PTI2vQYE8mZN DY8XMg6XC+S2L6ytj1l/DrxKAOEJgi7/0DhvFRhhH3rXgUL7gcibZ8pfN4r23QId g8DZOZJqKcizWkziVzeN -----END CERTIFICATE----- |
5、计算文件md5值
|
1 2 3 |
<strong># openssl md5 pkcs1.pem</strong> MD5(pkcs1.pem)= e935f6f3d17569bea7eafc979ef7deae |
6、计算文件sha1值
|
1 2 3 |
<strong># openssl sha1 pkcs1.pem</strong> SHA1(pkcs1.pem)= bed2d51c2de51b8ee6ae8524fe9bb53dd0bee2e6 |
7、计算文件sha256值
|
1 2 3 |
<strong># openssl sha256 pkcs1.pem</strong> SHA256(pkcs1.pem)= 77bda6152892c2df3e9774fe84462aad6dff2a4161fa4acb9bd64a3aa5bf4f3a |
8、计算文件sha512值
|
1 2 |
<strong># openssl sha512 pkcs1.pem</strong> SHA512(pkcs1.pem)= fbbce7cae85eae9983c15854bc16ea2b765961ae1f5841307942b1111c9cfc238eb773efac6b7f09cad69eff722b134f5ac048ca38317192a1ee4404e846868e |
9、openssl 帮助
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
<strong># openssl help</strong> Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp storeutl ts verify version x509 Message Digest commands (see the `dgst' command for more details) blake2b512 blake2s256 gost md2 md4 md5 rmd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1 aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8 aria-256-ctr aria-256-ecb aria-256-ofb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed seed-cbc seed-cfb seed-ecb seed-ofb zlib |