Article directory
- 1. RSA
- 2. AES
- 3. Client encryption process
- 3. PSS mode of RSA signature
- 4. Practical operation of RSA encryption, decryption, signature and verification
- 5. openssl tool
- Six, SSL certificate format
- Seven, RSA key operation
- 8. Conversion command
- 9. Generate CA self-signed certificate
- 10. Generate CA signature request and CA signature
- 11. Certificate viewing and conversion
- 12. View certificate information
1. RSA
Asymmetric encryption algorithm
- Although asymmetric encryption is very secure, it is very slow compared with symmetric encryption, so we still need to use symmetric encryption to transmit messages, but we can send the key used in symmetric encryption through asymmetric encryption.
The private key can only be kept safely by one party and cannot be leaked, while the public key can be distributed to anyone who requests it.
- Asymmetric encryption uses one of this pair of keys to encrypt, and decryption requires the other key.
- For example, if you request a public key from the bank, the bank sends you the public key, and you use the public key to encrypt the message, then only the holder of the private key: the bank can decrypt your message.
- Unlike symmetric encryption, the bank does not need to send the private key over the network, so the security is greatly improved.
An asymmetric encryption algorithm requires two keys: a public key (publickey) and a private key (privatekey).
Common asymmetric encryption algorithms:
- RSA: RSA is currently the most widely used digital encryption and signature technology . For example, domestic Alipay uses the RSA algorithm for signature verification. Its security depends on the length of the key. Currently, the mainstream optional key lengths are 1024 bits, 2048 bits, 4096 bits, etc. In theory, the longer the key, the more difficult it is to crack. However, at present, a 2048-bit key is safe enough, and Alipay’s official document recommends 2048-bit keys as well.
- DSA: Digital Signature Algorithm, digital signature algorithm, and RSA is different, DSA can only be used for digital signature, can not be used for data encryption and decryption , its security is equivalent to RSA, but its performance is faster than RSA.
- ECDSA: Compared with the RSA algorithm, ECC can use a smaller key, higher efficiency, and provide higher security. It is said that the security of a 256-bit ECC key is equivalent to a 3072-bit RSA key, and Compared with ordinary DSA, ECDSA uses elliptic curve algorithm for some factors in the process of calculating the secret key.
Public key and private key are a pair
- If data is encrypted with a public key, it can only be decrypted with the corresponding private key
- If data is encrypted with a private key, it can only be decrypted with the corresponding public key.
- Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
2. AES
Symmetric encryption algorithm
- The fastest and simplest encryption method, encryption (encryption) and decryption (decryption) use the same key (secret key), this method is called a symmetric encryption algorithm in cryptography.
- There are many algorithms for symmetric encryption, and because of its high efficiency, it is widely used in the core of many encryption protocols.
advantage:
- Symmetric encryption usually uses a relatively small key, generally less than 256 bits. Because the larger the key, the stronger the encryption, but the slower the encryption and decryption process. If you only use 1 bit as the key, hackers can try to use 0 to decrypt it first, and then use 1 to solve it; but if your key is 1 MB, hackers may never be able to crack it. But the process of encryption and decryption takes a long time.
- The size of the key should take care of both security and efficiency, which is a trade-off.
shortcoming:
- A major disadvantage of symmetric encryption is the management and distribution of the key, in other words, how to send the key to the hands of those who need to decrypt your message is a problem.
- In the process of sending the key, there is a great risk that the key will be intercepted by hackers. The usual practice in reality is to asymmetrically encrypt the symmetric encryption key and then transmit it to those who need it.
3. Client encryption process
step:
1. Client: Randomly generate AES key
2. Client: AES encryption for ID card information (important information)
3. Client: Public key encryption for AES key by using RSA
4. Server: Encryption The final AES key is decrypted with the RSA private key to get the original key text;
5. Server: AES decrypts the encrypted important information to get the original content.
eg:
- The client transmits important information to the server, and the information returned by the server does not need to be encrypted
The client transmits important information to the server, and the information returned by the server does not need to be encrypted. For example, when binding a bank card, it is necessary to transmit important information such as the user's bank card number and mobile phone number, and the client needs to encrypt these important information. Encryption, using the RSA public key to encrypt, the server uses RSA to decrypt, and then returns some common information, such as status code code, prompt message msg, prompting whether the operation was successful or failed. In this scenario, it is possible to use only RSA encryption.
2. The client transmits important information to the server, and the information returned by the server needs to be encrypted
The client transmits important information to the server, and the information returned by the server needs to be encrypted. For example, when the client logs in, the user name and password and other materials need to be encrypted. After the server verifies the login information, the returned token token needs to be encrypted. The client decrypts and saves it. At this time, the two algorithms need to be combined.
3. PSS mode of RSA signature
A padding mode of the PSS (Probabilistic Signature Scheme) private key signature process.
- Currently mainstream RSA signatures include RSA-PSS and RSA-PKCS#1 v1.5. Corresponding to PKCS (Public Key Cryptography Standards) is a self-signature, and PSS cannot restore the original signature from the signature.
- After openssl-1.1.x, the more secure PSS RSA signature mode is used by default.
RSA algorithm is relatively slow, generally private key is used for signature and public key is used for verification
The reason why RSA encryption algorithm introduces padding mechanism:
- Because the RSA algorithm does not add random numbers, when repeated original data appears, the attacker will guess the original text through the same encrypted ciphertext, so the padding mechanism is introduced to enhance security.
- If the key material in the TLS process is directly encrypted without padding, then obviously the same key will get the same ciphertext. This is semantically unsafe.
4. Practical operation of RSA encryption, decryption, signature and verification
Description: Test RSA encryption and decryption (encrypt, decrypt) and signature verification (sign, verify)
document:
- rsa_private.key: private key
- rsa_public.key: public key
- data: plaintext
- endata: ciphertext
- sign: signature
- de_sign: Designer
By default, the output format of openssl is PKCS#1-PEM (the two algorithms for RSA encryption are RSAES-PKCS-v1_5 and RSAES-OAEP.)
1. Generate RSA private key (no encryption)
openssl genrsa -out rsa_private.key 2048
Generate RSA public key
openssl rsa -in rsa_private.key -pubout -out rsa_public.key
2. Raw data
echo "wangji is a goog boy" > ./data
3. Encryption and decryption Encryption
with public key:
openssl rsautl -pubin -inkey ./rsa_public.key -in ./data -encrypt -out ./endata
User private key to decrypt:
wangji@script-wang:/tmp/test$ openssl rsautl -inkey ./rsa_private.key -in ./endata -decrypt
wangji is a goog boy
Openssl encrypts and decrypts large files, see: How to use openssl to encrypt and decrypt large files
4. Signature and verification (sign, verify)
The signature process includes hash and encryption. The hash function generally uses sha1. Enter the plaintext in this way and directly generate the sign signature.
If it is a private key signature, what is done is to hash first and then encrypt , choose a hash algorithm to calculate the original message into ASN1 format, and then encrypt the data with the private key and send it out. The data itself is not encrypted. This method is mainly It is used to verify whether the source of the data is trustworthy , and the original data and signature are sent together when sending.
Private key signature, the output format is ASN1 format
openssl sha1 -sign ./rsa_private.key ./data > ./sign
Public key signature verification, use ASN1 to unlock the signature filede_sign
wangji@script-wang:/tmp/test$ openssl rsautl -pubin -inkey ./rsa_public.key -in sign -verify -out ./de_sign
wangji@script-wang:/tmp/test$ openssl asn1parse -inform der -in ./de_sign
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:2E40F194522192093EE96F72A1A4EFB6DEC80C7C
Use the public key to unlock the signature file sign
, use ASN1 to unlock the signature
wangji@script-wang:/tmp/test$ openssl rsautl -pubin -inkey ./rsa_public.key -in ./sign -verify -asn1parse
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING
0000 - 2e 40 f1 94 52 21 92 09-3e e9 6f 72 a1 a4 ef b6 .@..R!..>.or....
0010 - de c8 0c 7c ...|
Use the public key to unlock the signature file sign
and keep the padding:
wangji@script-wang:/tmp/test$ openssl rsautl -pubin -inkey ./rsa_public.key -in ./sign -raw -hexdump
...
01d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 .............0!0
01e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 2e 40 f1 94 ...+.........@..
01f0 - 52 21 92 09 3e e9 6f 72-a1 a4 ef b6 de c8 0c 7c R!..>.or.......|
Compare with local sha1
wangji@script-wang:/tmp/test$ openssl sha1 ./data
SHA1(./data)= 2e40f194522192093ee96f72a1a4efb6dec80c7c
If the hash results of the two are the same, then it is correct to confirm that the signature is sent.
5. openssl tool
1. Padding modes supported by openssl rsautl tool
openssl rsautl --help, you can see that the supported padding modes are
-ssl Use SSL v2 padding
-raw Use no padding
-pkcs Use PKCS#1 v1.5 padding (default)
-oaep Use PKCS#1 OAEP
2. Features of PSS filling mode
PSS is one of the padding modes of RSA.
The complete RSA padding pattern includes:
RSA_SSLV23_PADDING(SSLv23填充)
RSA_NO_PADDING(不填充)
RSA_PKCS1_OAEP_PADDING (RSAES-OAEP填充,强制使用SHA1,加密使用)
RSA_X931_PADDING(X9.31填充,签名使用)
RSA_PKCS1_PSS_PADDING(RSASSA-PSS填充,签名使用)
RSA_PKCS1_PADDING(RSAES-PKCS1-v1_5/RSASSA-PKCS1-v1_5填充,签名可使用)
Among them, the mainstream filling modes are PKCS1 and PSS mode.
The advantages and disadvantages of PSS are as follows:
- PKCS#1 v1.5 is relatively easy to implement, but lacks security proof.
- PSS is more secure, so the new version of openssl-1.1.x gives priority to using PSS for private key signature (specifically in the server key exchange phase of the ssl handshake)
3. openssl command reference
1. openssl list-standard-commands(标准命令)
1) asn1parse: asn1parse用于解释用ANS.1语法书写的语句(ASN一般用于定义语法的构成)
2) ca: ca用于CA的管理
openssl ca [options]:
2.1) -selfsign
使用对证书请求进行签名的密钥对来签发证书。即"自签名",这种情况发生在生成证书的客户端、签发证书的CA都是同一台机器(也是我们大多数实验中的情况),我们可以使用同一个
密钥对来进行"自签名"
2.2) -in file
需要进行处理的PEM格式的证书
2.3) -out file
处理结束后输出的证书文件
2.4) -cert file
用于签发的根CA证书
2.5) -days arg
指定签发的证书的有效时间
2.6) -keyfile arg
CA的私钥证书文件
2.7) -keyform arg
CA的根私钥证书文件格式:
2.7.1) PEM
2.7.2) ENGINE
2.8) -key arg
CA的根私钥证书文件的解密密码(如果加密了的话)
2.9) -config file
配置文件
example1: 利用CA证书签署请求证书
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
3) req: X.509证书签发请求(CSR)管理
openssl req [options] <infile >outfile
3.1) -inform arg
输入文件格式
3.1.1) DER
3.1.2) PEM
3.2) -outform arg
输出文件格式
3.2.1) DER
3.2.2) PEM
3.3) -in arg
待处理文件
3.4) -out arg
待输出文件
3.5) -passin
用于签名待生成的请求证书的私钥文件的解密密码
3.6) -key file
用于签名待生成的请求证书的私钥文件
3.7) -keyform arg
3.7.1) DER
3.7.2) NET
3.7.3) PEM
3.8) -new
新的请求
3.9) -x509
输出一个X509格式的证书
3.10) -days
X509证书的有效时间
3.11) -newkey rsa:bits
生成一个bits长度的RSA私钥文件,用于签发
3.12) -[digest]
HASH算法
3.12.1) md5
3.12.2) sha1
3.12.3) md2
3.12.4) mdc2
3.12.5) md4
3.13) -config file
指定openssl配置文件
3.14) -text: text显示格式
example1: 利用CA的RSA密钥创建一个自签署的CA证书(X.509结构)
openssl req -new -x509 -days 3650 -key server.key -out ca.crt
example2: 用server.key生成证书签署请求CSR(这个CSR用于之外发送待CA中心等待签发)
openssl req -new -key server.key -out server.csr
example3: 查看CSR的细节
openssl req -noout -text -in server.csr
4) genrsa: 生成RSA参数
openssl genrsa [args] [numbits]
[args]
4.1) 对生成的私钥文件是否要使用加密算法进行对称加密:
4.1.1) -des: CBC模式的DES加密
4.1.2) -des3: CBC模式的DES加密
4.1.3) -aes128: CBC模式的AES128加密
4.1.4) -aes192: CBC模式的AES192加密
4.1.5) -aes256: CBC模式的AES256加密
4.2) -passout arg: arg为对称加密(des、des、aes)的密码(使用这个参数就省去了console交互提示输入密码的环节)
4.3) -out file: 输出证书私钥文件
[numbits]: 密钥长度
example: 生成一个1024位的RSA私钥,并用DES加密(密码为1111),保存为server.key文件
openssl genrsa -out server.key -passout pass:1111 -des3 1024
5) rsa: RSA数据管理
openssl rsa [options] <infile >outfile
5.1) -inform arg
输入密钥文件格式:
5.1.1) DER(ASN1)
5.1.2) NET
5.1.3) PEM(base64编码格式)
5.2) -outform arg
输出密钥文件格式
5.2.1) DER
5.2.2) NET
5.2.3) PEM
5.3) -in arg
待处理密钥文件
5.4) -passin arg
输入这个加密密钥文件的解密密钥(如果在生成这个密钥文件的时候,选择了加密算法了的话)
5.5) -out arg
待输出密钥文件
5.6) -passout arg
如果希望输出的密钥文件继续使用加密算法的话则指定密码
5.7) -des: CBC模式的DES加密
5.8) -des3: CBC模式的DES加密
5.9) -aes128: CBC模式的AES128加密
5.10) -aes192: CBC模式的AES192加密
5.11) -aes256: CBC模式的AES256加密
5.12) -text: 以text形式打印密钥key数据
5.13) -noout: 不打印密钥key数据
5.14) -pubin: 检查待处理文件是否为公钥文件
5.15) -pubout: 输出公钥文件
example1: 对私钥文件进行解密
openssl rsa -in server.key -passin pass:111 -out server_nopass.key
example:2: 利用私钥文件生成对应的公钥文件
openssl rsa -in server.key -passin pass:111 -pubout -out server_public.key
6) x509:
本指令是一个功能很丰富的证书处理工具。可以用来显示证书的内容,转换其格式,给CSR签名等X.509证书的管理工作
openssl x509 [args]
6.1) -inform arg
待处理X509证书文件格式
6.1.1) DER
6.1.2) NET
6.1.3) PEM
6.2) -outform arg
待输出X509证书文件格式
6.2.1) DER
6.2.2) NET
6.2.3) PEM
6.3) -in arg
待处理X509证书文件
6.4) -out arg
待输出X509证书文件
6.5) -req
表明输入文件是一个"请求签发证书文件(CSR)",等待进行签发
6.6) -days arg
表明将要签发的证书的有效时间
6.7) -CA arg
指定用于签发请求证书的根CA证书
6.8) -CAform arg
根CA证书格式(默认是PEM)
6.9) -CAkey arg
指定用于签发请求证书的CA私钥证书文件,如果这个option没有参数输入,那么缺省认为私有密钥在CA证书文件里有
6.10) -CAkeyform arg
指定根CA私钥证书文件格式(默认为PEM格式)
6.11) -CAserial arg
指定序列号文件(serial number file)
6.12) -CAcreateserial
如果序列号文件(serial number file)没有指定,则自动创建它
example1: 转换DER证书为PEM格式
openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem
example2: 使用根CA证书对"请求签发证书"进行签发,生成x509格式证书
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
example3: 打印出证书的内容
openssl x509 -in server.crt -noout -text
7) crl: crl是用于管理CRL列表
openssl crl [args]
7.1) -inform arg
输入文件的格式
7.1.1) DER(DER编码的CRL对象)
7.1.2) PEM(默认的格式)(base64编码的CRL对象)
7.2) -outform arg
指定文件的输出格式
7.2.1) DER(DER编码的CRL对象)
7.2.2) PEM(默认的格式)(base64编码的CRL对象)
7.3) -text:
以文本格式来打印CRL信息值。
7.4) -in filename
指定的输入文件名。默认为标准输入。
7.5) -out filename
指定的输出文件名。默认为标准输出。
7.6) -hash
输出颁发者信息值的哈希值。这一项可用于在文件中根据颁发者信息值的哈希值来查询CRL对象。
7.7) -fingerprint
打印CRL对象的标识。
7.8) -issuer
输出颁发者的信息值。
7.9) -lastupdate
输出上一次更新的时间。
7.10) -nextupdate
打印出下一次更新的时间。
7.11) -CAfile file
指定CA文件,用来验证该CRL对象是否合法。
7.12) -verify
是否验证证书。
example1: 输出CRL文件,包括(颁发者信息HASH值、上一次更新的时间、下一次更新的时间)
openssl crl -in crl.crl -text -issuer -hash -lastupdate –nextupdate
example2: 将PEM格式的CRL文件转换为DER格式
openssl crl -in crl.pem -outform DER -out crl.der
8) crl2pkcs7: 用于CRL和PKCS#7之间的转换
openssl crl2pkcs7 [options] <infile >outfile
转换pem到spc
openssl crl2pkcs7 -nocrl -certfile venus.pem -outform DER -out venus.spc
https://www.openssl.org/docs/apps/crl2pkcs7.html
9) pkcs12: PKCS#12数据的管理
pkcs12文件工具,能生成和分析pkcs12文件。PKCS#12文件可以被用于多个项目,例如包含Netscape、 MSIE 和 MS Outlook
openssl pkcs12 [options]
http://blog.csdn.net/as3luyuan123/article/details/16105475
https://www.openssl.org/docs/apps/pkcs12.html
10) pkcs7: PCKS#7数据的管理
用于处理DER或者PEM格式的pkcs#7文件
openssl pkcs7 [options] <infile >outfile
http://blog.csdn.net/as3luyuan123/article/details/16105407
https://www.openssl.org/docs/apps/pkcs7.html
2. openssl list-message-digest-commands(消息摘要命令)
1) dgst: dgst用于计算消息摘要
openssl dgst [args]
1.1) -hex
以16进制形式输出摘要
1.2) -binary
以二进制形式输出摘要
1.3) -sign file
以私钥文件对生成的摘要进行签名
1.4) -verify file
使用公钥文件对私钥签名过的摘要文件进行验证
1.5) -prverify file
以私钥文件对公钥签名过的摘要文件进行验证
verify a signature using private key in file
1.6) 加密处理
1.6.1) -md5: MD5
1.6.2) -md4: MD4
1.6.3) -sha1: SHA1
1.6.4) -ripemd160
example1: 用SHA1算法计算文件file.txt的哈西值,输出到stdout
openssl dgst -sha1 file.txt
example2: 用dss1算法验证file.txt的数字签名dsasign.bin,验证的private key为DSA算法产生的文件dsakey.pem
openssl dgst -dss1 -prverify dsakey.pem -signature dsasign.bin file.txt
2) sha1: 用于进行RSA处理
openssl sha1 [args]
2.1) -sign file
用于RSA算法的私钥文件
2.2) -out file
输出文件爱你
2.3) -hex
以16进制形式输出
2.4) -binary
以二进制形式输出
example1: 用SHA1算法计算文件file.txt的HASH值,输出到文件digest.txt
openssl sha1 -out digest.txt file.txt
example2: 用sha1算法为文件file.txt签名,输出到文件rsasign.bin,签名的private key为RSA算法产生的文件rsaprivate.pem
openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt
3. openssl list-cipher-commands (Cipher命令的列表)
1) aes-128-cbc
2) aes-128-ecb
3) aes-192-cbc
4) aes-192-ecb
5) aes-256-cbc
6) aes-256-ecb
7) base64
8) bf
9) bf-cbc
10) bf-cfb
11) bf-ecb
12) bf-ofb
13) cast
14) cast-cbc
15) cast5-cbc
16) cast5-cfb
17) cast5-ecb
18) cast5-ofb
19) des
20) des-cbc
21) des-cfb
22) des-ecb
23) des-ede
24) des-ede-cbc
25) des-ede-cfb
26) des-ede-ofb
27) des-ede3
28) des-ede3-cbc
29) des-ede3-cfb
30) des-ede3-ofb
31) des-ofb
32) des3
33) desx
34) rc2
35) rc2-40-cbc
36) rc2-64-cbc
37) rc2-cbc
38) rc2-cfb
39) rc2-ecb
40) rc2-ofb
41) rc4
42) rc4-40
Six, SSL certificate format
1 DER, CER format
.DER .CER, the file is in binary format, only saves the certificate, not the private key.
- This format is binary file content, and Java and Windows servers prefer this encoding format.
OpenSSL view
openssl x509 -in certificate.der -inform der -text -noout
Convert to PEM:
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
2 PEM
.PEM, generally in text format, can save certificates and private keys.
Privacy Enhanced Mail, generally in text format, starts with -----BEGIN... and ends with -----END....
- The content in the middle is BASE64 encoded.
- This format can save the certificate and private key. Sometimes we also change the suffix of the private key in PEM format to .key to distinguish the certificate from the private key. You can see the contents of the file for details.
openssl x509 -in certificate.pem -text -noout
Convert to DER:
openssl x509 -in certificate.pem -outform der -out cert.der
3 CRT
.CRT, can be in binary format or text format, same as .DER format, does not save the private key.
The abbreviation of Certificate may be in PEM encoding format or DER encoding format. How to view please refer to the first two formats.
4 PFX
.PFX .P12, in binary format, contains both the certificate and the private key, generally protected by a password.
Predecessor of PKCS#12, this format is a binary format, and the certificate and private key are stored in a PFX file .
- Typically used for IIS servers on Windows.
- Files in this format generally have a password to ensure the security of the private key.
OpenSSL view:
openssl pkcs12 -in for-iis.pfx
Convert to PEM:
openssl pkcs12 -in for-iis.pfx -out for-iis.pem -nodes
5 JKS
.JKS, in binary format, contains both the certificate and the private key, generally protected by a password.
Java Key Storage, it is easy to know that this is the exclusive format of JAVA, and a tool called keytool of JAVA can be used for format conversion. Typically used for Tomcat servers.
Seven, RSA key operation
By default, openssl output format is PKCS#1-PEM
1. Generate an RSA key pair
By default, openssl output format is PKCS#1-PEM
Generate RSA private key (no encryption)
openssl genrsa -out rsa_private.key 2048
Generate RSA public key
openssl rsa -in rsa_private.key -pubout -out rsa_public.key
2. RSA key pair encrypted with AES256
Generate RSA private key (encrypted with aes256)
- Among them, passout replaces the shell to enter the password, otherwise it will prompt to enter the password;
openssl genrsa -aes256 -passout pass:111111 -out rsa_aes_private.key 2048
At this time, if you generate a public key, you need to provide a password
- Among them, passout replaces the shell to enter the password, otherwise it will prompt to enter the password;
openssl rsa -in rsa_aes_private.key -passin pass:111111 -pubout -out rsa_public.key
8. Conversion command
1. Encrypted and non-encrypted private key conversion
Encrypted private key to non-encrypted
openssl rsa -in rsa_aes_private.key -passin pass:111111 -out rsa_private.key
Non-encrypted private key to encryption
openssl rsa -in rsa_private.key -aes256 -passout pass:111111 -out rsa_aes_private.key
2. Private key PEM to DER
Private key PEM to DER
- The -inform and -outform parameters specify the input and output formats, and the conversion from der to pem format is the same.
openssl rsa -in rsa_private.key -outform der -out rsa_aes_private.der
View private key details
openssl rsa -in rsa_private.key -noout -text
View public key details
openssl rsa -in rsa_public.key -noout -text -pubin
3. Private key PKCS#1 to PKCS#8
Private key PKCS#1 to PKCS#8
openssl pkcs8 -topk8 -in rsa_private.key -passout pass:111111 -out pkcs8_private.key
- Among them, -passout specifies the password, and the output pkcs8 format key is in encrypted form, and pkcs8 uses the des3 encryption algorithm by default, the content is as follows:
-----BEGIN ENCRYPTED PRIVATE KEY-----
Base64 Encoded Data
-----END ENCRYPTED PRIVATE KEY-----
- Use the -nocrypt parameter to output the unencrypted pkcs8 key, as follows:
-----BEGIN PRIVATE KEY-----
Base64 Encoded Data
-----END PRIVATE KEY-----
9. Generate CA self-signed certificate
1. Generate RSA private key and self-signed certificate
- req is a subcommand of certificate request,
- -newkey rsa:2048 -keyout private_key.pem means to generate a private key (PKCS8 format),
- -nodes means that the private key is not encrypted, if this parameter is not included, it will prompt to enter the password;
- -x509 indicates the output certificate, -days365 is the validity period, and then enter the certificate owner information according to the prompt;
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt
To perform automatic input, use the -subj option:
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
Generate a self-signed certificate using an existing RSA private key
- -new means to generate a certificate request, plus -x509 means to output the certificate directly, -key specifies the private key file, and the rest of the options are the same as the above command
openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt
或者
openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
wangji@script-wang:/tmp/test4$ file -b *
PEM certificate
ASCII text
or
wangji@script-wang:/tmp/test4$ openssl genrsa -out ca.key 1024
wangji@script-wang:/tmp/test4$ openssl req -new -x509 -days 365 -key ca.key -out ca.cr -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
wangji@script-wang:/tmp/test4$ ls
ca.cr ca.key
wangji@script-wang:/tmp/test4$ file -b *
PEM certificate
PEM RSA private key
10. Generate CA signature request and CA signature
Use RSA private key to generate CSR signature request
openssl genrsa -aes256 -passout pass:111111 -out server.key 2048
After that, enter the password and server certificate information to complete, and you can also specify various parameters on the command line
openssl req -new -key server.key -out server.csr
或者
openssl req -new -key server.key -passin pass:111111 -out server.csr -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
此时生成的 csr签名请求文件可提交至 CA进行签发
View CSR details
cat server.csr
-----BEGIN CERTIFICATE REQUEST-----
Base64EncodedData
-----END CERTIFICATE REQUEST-----
wangji@script-wang:/tmp/test4$ file -b server.*
PEM certificate request
PEM RSA private key
Use the CA certificate and CA key to issue the requested certificate and generate an x509 certificate
- Among them, the CAxxx option is used to specify the CA parameter input
//生成RSA私有密钥
wangji@script-wang:/tmp/test4$ openssl genrsa -out rsa_private.key 2048
//使用 已有RSA 私钥生成自CA签名证书 cert.crt
wangji@script-wang:/tmp/test4$ openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
//使用 已有的RSA私钥生成 CSR 签名请求
wangji@script-wang:/tmp/test4$ openssl req -new -key ./rsa_private.key -passin pass:111111 -out server.csr -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"
//使用 CA 证书及CA密钥 对请求签发证书进行签发,生成 x509证书
wangji@script-wang:/tmp/test4$ openssl x509 -req -days 3650 -in server.csr -CA cert.crt -CAkey rsa_private.key -passin pass:111111 -CAcreateserial -out server.crt
wangji@script-wang:/tmp/test4$ ll
total 428
drwxr-xr-x 2 wangji wangji 4096 May 23 15:53 ./
drwxrwxrwx 2569 root root 409600 May 23 15:13 ../
-rw-r--r-- 1 wangji wangji 1375 May 23 15:48 cert.crt
-rw------- 1 wangji wangji 1679 May 23 15:48 rsa_private.key
-rw-r--r-- 1 wangji wangji 1253 May 23 15:53 server.crt
-rw-r--r-- 1 wangji wangji 1021 May 23 15:52 server.csr
wangji@script-wang:/tmp/test4$ file -b *
PEM certificate
ASCII text
PEM RSA private key
PEM certificate
PEM certificate request
11. Certificate viewing and conversion
View certificate details
openssl x509 -in cert.crt -noout -text
Convert certificate encoding format
openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem
Synthetic pkcs#12 certificate (including private key)
将 pem 证书和私钥转 pkcs#12 证书
openssl pkcs12 -export -in server.crt -inkey rsa_private.key -passin pass:111111 -password pass:111111 -out server.p12
- Where -export guides the pkcs#12 certificate,
- -inkey specifies the private key file,
- -passin is the private key (file) password (no encryption for nodes),
- -password specifies the password of the p12 file (import and export)
将 pem 证书和私钥/CA 证书 合成pkcs#12 证书
wangji@script-wang:/tmp/test4$ openssl pkcs12 -export -in server.crt -inkey rsa_private.key -passin pass:111111 -chain -CAfile server.crt -password pass:111111 -out server-all.p12
in:
- -chain indicates that the certificate chain is added at the same time,
- -CAfile specifies the CA certificate,
- The exported p12 file will contain multiple certificates.
- (Other options: -name can be used to specify the server certificate alias; -caname is used to specify the ca certificate alias)
pcks#12 提取PEM文件(含私钥)
openssl pkcs12 -in server.p12 -password pass:111111 -passout pass:111111 -out out/server.pem
- Where -password specifies the password of the p12 file (import and export),
- -passout refers to the encrypted password of the output private key (no encryption for nodes)
- The exported file is in pem format and contains both the certificate and the private key (pkcs#8):
Extract only the private key
wangji@script-wang:/tmp/test4$ openssl pkcs12 -in server.p12 -password pass:111111 -passout pass:111111 -nocerts -out out/key.pem
Extract certificates only (all certificates)
wangji@script-wang:/tmp/test4$ openssl pkcs12 -in server.p12 -password pass:111111 -nokeys -out out/key.pem
Extract only the ca certificate
openssl pkcs12 -in server-all.p12 -password pass:111111 -nokeys -cacerts -out out/cacert.pem
Extract only the server certificate
openssl pkcs12 -in server-all.p12 -password pass:111111 -nokeys -clcerts -out out/cert.pem
12. View certificate information
查看证书中的公钥信息:
openssl x509 -in ./cert.crt -pubkey
查看证书信息:
wangji@script-wang:/tmp/test4$ openssl x509 -in server.crt -noout -text
查看key信息:
wangji@script-wang:/tmp/test4$ openssl rsa -noout -text -in rsa_private.key
查看csr信息:
wangji@script-wang:/tmp/test4$ openssl req -noout -text -in server.csr
验证公钥和私钥是否匹配
wangji@script-wang:/tmp/test4$ diff -eq <(openssl x509 -pubkey -noout -in cert.crt) <(openssl rsa -pubout -in ./rsa_private.key)
writing RSA key
wangji@script-wang:/tmp/test4$ diff -eq <(openssl x509 -pubkey -noout -in server.crt) <(openssl rsa -pubout -in ./rsa_private.key)
writing RSA key
Other commands:
链接远程服务器:openssl s_client -connect www.google.com.hk:443
模拟https服务器
openssl s_server -accept 10086 -cert server.crt -key rsa_private.key -www
模拟client
openssl s_client -host 127.0.0.1 -port 10086 -showcerts -msg -state -tls1_2 -cert cert.crt -key rsa_private.key -CAfile server.crt
不同格式的证书转换
PEM转换为DER: openssl x509 -outform der -in myserver.crt -out myserver.der
DER转换为PEM:openssl x509 -inform der -in myserver.cer -out myserver.pem
PEM转换为PKCS:openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt -certfile ca.crt
PKCS转换为PEM: openssl pkcs12 -in myserver.pfx -out myserver2.pem -nodes
Reference:
RSA AES-symmetric encryption and asymmetric encryption ;
common asymmetric encryption algorithms ;
PSS mode of RSA signature ;
use openssl to generate certificates ;
SSL certificate formats are popular, PEM, CER, JKS, PKCS12 ;
6. Openssl common commands for parsing certificates ;
[1] Generate CA root certificate, public key, and private key instructions (digital certificate) ;
understand the difference between X509 certificate PEM DER CRT CER in one article ;
6. Openssl common commands for parsing certificates