openssl rsa命令¶

openssl rsa 命令:

usage: rsa [-ciphername] [-check] [-engine id] [-in file] [-inform fmt]
  [-modulus] [-noout] [-out file] [-outform fmt] [-passin src]
  [-passout src] [-pubin] [-pubout] [-sgckey] [-text]

 -check             Check consistency of RSA private key
 -engine id         Use the engine specified by the given identifier
 -in file           输入文件 (default stdin)
 -inform format     Input format (DER, NET or PEM (default))
 -modulus           Print the RSA key modulus
 -noout             Do not print encoded version of the key
 -out file          输出文件 (default stdout)
 -outform format    输出文件格式 (DER, NET or PEM (default PEM))
 -passin src        Input file passphrase source
 -passout src       Output file passphrase source
 -pubin             Expect a public key (default private key)
 -pubout            Output a public key (default private key)
 -sgckey            Use modified NET algorithm for IIS and SGC keys
 -text              Print in plain text in addition to encoded
 -ciphername      密码类型名


//转换为DER（Distinguished Encoding Rules，可辨别编码规则）编码:
openssl rsa -in key.pem -outform der -out key.der
// 转换回pem,并设为密码保护:
openssl rsa -inform der -in key.der -des3 -out enckey.pem

openssl rsautl命令:

Usage: rsautl [options]
-in file        input file
-out file       output file
-inkey file     input key
-keyform arg    private key format - default PEM
-pubin          input is an RSA public
-certin         input is a certificate carrying an RSA public key
-ssl            use SSL v2 padding
-raw            use no padding
-pkcs           use PKCS#1 v1.5 padding (default)
-oaep           use PKCS#1 OAEP
-sign           sign with private key
-verify         verify with public key
-encrypt        encrypt with public key
-decrypt        decrypt with private key
-hexdump        hex dump output
-engine e       use engine e, possibly a hardware device.
-passin arg    pass phrase source

//1.实例一:签名验证
// 私钥签名
openssl rsautl -sign -in test -out test.sig -inkey asn1enc.pem
// 公钥验证
openssl rsautl -verify -in test.sig -out test.vfy -inkey asn1pub.pem -pubin

RSA类加密使用:

// 生成密钥（RSA密钥至少为500位长，一般推荐使用1024位）
openssl genrsa -out test.key 1024
// 生成对应公钥
openssl rsa -in test.key -pubout -out test_pub.key
// 操作:加密文件
openssl rsautl -encrypt -in <file.pub> -inkey test_pub.key -pubin -out <file>
// 操作:解密文件
openssl rsautl -decrypt -in <file> -inkey test.key -out <newfile.pub>