openssl

RSA

openssl version
# OpenSSL 1.1.1d  10 Sep 2019

# 生成私钥
openssl genrsa -out id_rsa 1024

# 生成公钥
openssl rsa -in id_rsa -pubout -out id_rsa.pub

加密

echo "hello openssl" > original.txt

# 使用公钥加密
openssl rsautl -encrypt -in original.txt -inkey id_rsa.pub -pubin -out encrypt.txt

# 使用私钥解密
openssl rsautl -decrypt -in encrypt.txt -inkey id_rsa -out decrypt.txt

diff original.txt decrypt.txt -y
# hello openssl                         hello openssl

关于diff更多使用 详细参考diff

签名

# 使用私钥签名
openssl rsautl -sign -in original.txt -inkey id_rsa -out signed.txt

# 使用公钥验签
openssl rsautl -verify -in signed.txt -inkey id_rsa.pub -pubin -out unsigned.txt

diff original.txt unsigned.txt -y
# hello openssl                         hello openssl

CA

# 生成CA私钥
openssl genrsa -out ca.key 1024

# 生成CA证书请求
openssl req -new -key ca.key -out ca.csr

# 生成CA根证书
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

证书

# 生成服务私钥
openssl genrsa -out server.key 1024

# 生成服务证书请求
openssl req -new -key server.key -out server.csr

# 使用CA根证书签名得到服务证书
mkdir -p ./demoCA/newcerts
touch ./demoCA/index.txt
echo "01" > ./demoCA/serial
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key

参考

• 数字签名是什么？