OpenSSL's genrsa command is used to generate a new RSA private key. Generation of an RSA
private key involves finding two large prime numbers, each approximately half the length of the
key. A typical key size for RSA is 1,024. We don't recommend that you use smaller key lengths or
key lengths greater than 2,048 bits. By default, the generated private key will be unencrypted, but
the command does have the ability to encrypt the resultant key using DES, 3DES, or IDEA.
OpenSSL的 genrsa 命令用于生成新的RSA私钥。生成一个RSA私人密钥涉及找到两个大的素数,每个大约一半的长度
键。 RSA的典型密钥大小是1,024。我们不建议您使用较小的密钥长度或密钥长度大于2048位。默认情况下,生成的私钥是未加密的,但是该命令确实能够使用DES,3DES或IDEA对生成的密钥进行加密。
The rsa command is used to manipulate and examine RSA keys and is the RSA version of the
dsa command for DSA keys. It is capable of adding, modifying, and removing the encryption
protecting an RSA private key. It is also capable of producing an RSA public key from a private
key. The command can also be used to display information about a public or private key.
rsa命令用于操作和检查RSA密钥,并且是RSA的RSA版本DSA密钥的DSA命令。它能够添加,修改和删除加密保护RSA私钥。它也能够从私人生产RSA公钥键。该命令还可用于显示有关公钥或私钥的信息。
The rsautl command provides the ability to use an RSA key pair for encryption and signatures.
Options are provided for encrypting and decrypting data, as well as for signing and verifying
signatures. Remember that signing is normally performed on hashes, so this command is not
useful for signing large amounts of data, or even more than 160 bits of data. In general, we do not
recommend that you use this command at all for encrypting data. You should use the enc
command instead. Additionally, encryption and decryption using RSA is slow, and for that reason,
it should not be used on its own. Instead, it is commonly used to encrypt a key for a symmetric
cipher
rsautl命令提供了使用 RSA 密钥对进行加密和签名的功能。提供选项用于加密和解密数据,以及用于签名和验证签名。记住签名通常是在哈希上执行的,所以这个命令不是用于签署大量数据,甚至超过160位数据。一般来说,我们不建议您使用此命令来加密数据。你应该使用enc命令。另外,使用RSA的加密和解密很慢,因此,它不应该单独使用。相反,它通常用于加密对称密钥暗号
例子:
$ openssl genrsa -out rsaprivatekey.pem -passout pass:trousers -des3 1024
Generates a 1,024-bit RSA private key, encrypts it using 3DES and a password of
"trousers", and writes the result to the file rsaprivatekey.pem.
$ openssl rsa -in rsaprivatekey.pem -passin pass:trousers -pubout -out rsapublickey.pem
Reads an RSA private key from the file rsaprivatekey.pem, decrypts it using the password
"trousers", and writes the corresponding public key to the file rsapublickey.pem.
$ openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in plain.txt -out cipher.txt
Using the RSA public key from the file rsapublickey.pem, the contents of the file plain.txt
are encrypted and written to the file cipher.txt.
$ openssl rsautl -decrypt -inkey rsaprivatekey.pem -in cipher.txt -out plain.txt
Using the RSA private key from the file rsaprivatekey.pem, the contents of the file
cipher.txt are decrypted and written to the file plain.txt.
$ openssl rsautl -sign -inkey rsaprivatekey.pem -in plain.txt -out signature.bin
Using the RSA private key from the file rsaprivatekey.pem, the contents of the file
plain.txt are signed, and the signature is written to the file signature.bin.
$ openssl rsautl -verify -pubin -inkey rsapublickey.pem -in signature.bin -out plain.txt
Using the RSA public key from the file rsapublickey.pem, the signature in the file
signature.bin is verified, and the original unsigned data is written out to the file plain.txt.
网友评论