加密算法:
對稱加密算法:
DES、IDEA、RC2、RC4、AES、Skipjack ……
非對稱加密算法:
RSA、DSA、DiffieHellman、PKCS、PGP ……
單向的HASH算法屬於報文摘要算法,雖然有些也出自OpenSSL庫。
命令操作:
1、生成普通私鑰:
[weigw@TEST src]$ openssl genrsa -out privatekey.key 1024
Generating RSA private key, 1024 bit long modulus ....++++++ .......++++++ e is 65537 (0x10001)
2、生成帶加密口令的密鑰:
[weigw@TEST src]$ openssl genrsa -des3 -out privatekey.key 1024
Generating RSA private key, 1024 bit long modulus ............++++++ .....................++++++ e is 65537 (0x10001) Enter pass phrase for privatekey.key: Verifying - Enter pass phrase for privatekey.key:
在生成帶加密口令的密鑰時需要自己去輸入密碼。對於為密鑰加密現在提供了一下幾種算法:
-des encrypt the generated key with DES in cbc mode
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)
-aes128, -aes192, -aes256 encrypt PEM output with cbc aes
去除密鑰的口令:
[weigw@TEST src]$ openssl rsa -in privatekey.key -out
privatekey.key Enter pass phrase for privatekey.key: writing RSA key
通過生成的私鑰去生成證書:
[weigw@TEST src]$ openssl req -new -x509 -key privatekey.key -out cacert.crt -days 1095
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:beijing
Locality Name (eg, city) [Newbury]:beijing
Organization Name (eg, company) [My Company Ltd]:wondersoft
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:WeiGW
Email Address []:[email protected]
在生成證書的時候需要按照提示輸入一些個人信息。
通過私鑰生成公鑰:
[weigw@TEST src]$ openssl rsa -in privatekey.key -pubout -out pubkey.key writing RSA key
格式轉換:(證書、私鑰、公鑰)(PEM <——>DER)
[weigw@TEST src]$ openssl x509 -in cacert.crt -inform PEM -out cacert.der -outform DER
[weigw@TEST src]$
[weigw@TEST src]$ openssl rsa -in privatekey.key -inform PEM -out privatekey.der -outform DER
writing RSA key
[weigw@TEST src]$ openssl rsa -pubin -in pubkey.key -inform PEM -pubout -out pubkey.der -outform DER
writing RSA key