命令介绍openssl命令是一个强大的SecureSocketsLayer密码库。OpenSSL是一种开源命令行工具,通常用于生成私钥、创建CSR、安装SSL/TLS证书和识别证书信息。OpenSSL运行方式interactivemodebatchmode直接输入openssl回车进入interactive模式,输入opensslwithcommandoptions进入batchmode。[root@centos7~]#opensslOpenSSL>versionOpenSSL1.0.2k-fips26Jan2017OpenSSL整个软件包大致可以分为三个主要功能部分:密码算法库、SSL协议库和应用程序。openssl命令的主要目的是创建和管理私钥、公钥和参数公钥加密操作创建X.509证书,计算CSR和CRL消息摘要使用密码加密和解密SSL/TLS客户端和服务器测试处理S/MIME签名或加密消息时间戳请求、生成和验证语法格式opensslcommand[command_opts][command_args]列表消息摘要命令|列表密码命令|列表密码算法|列表消息摘要算法|list-public-key-algorithms]opensslno-XXX[任意选项]选项说明读者可以参考帮助文档https://www.digicert.com/kb/s...应用示例版本信息[root@centos7~]#opensslversionOpenSSL1.0.2k-fips26Jan2017[root@centos7~]#opensslversion-aOpenSSL1.0.2k-fips26Jan2017buildon:reproduciblebuild,dateunspecifiedplatform:linux4-x86_(64,64)md2(int)rc4(16x,int)des(idx,cisc,16,int)idea(int)blowfish(idx)编译器:gcc-I。-I..-I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT-m64-DL_ENDIAN-Wall-O2-g-pipe-Wall-Wp,-D_FORTIFY_SOURCE=2-fexceptions-项目第一ng?--param=ssp-buffer-size=4?-grecord-gcc-switches???-m64?-mtune=generic?-Wa,--noexecstack?-DPURIFY?-DOPENSSL_IA32_SSE2?-DOPENSSL_BN_ASM_MONT?-DOPENSSL_BN_ASM_MONT5?-DOPENSSL_BN_ASM_GF2m?-DRC4_ASM?-DSHA1_ASM?-DSHA256_ASM?-DSHA512_ASM?-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASMOPENSLDIR:"/etc/pki/tls"engines:rdranddynamic#版本号和版本发布日期(OpenSSL1.0.2k,January26,2017)#BuildusingthelibraryOptions(options)#存储证书和私钥目录(OPENSSLDIR)生成密码函数[root@centos7~]#opensslrand-base6415DYmkj+RY9QUcb4m5aoNV[root@centos7~]#opensslrand-base6410RpyTN5W7BLznjA==[root@centos7~]#opensslrand-base645AeQaaBE=MessageDigestAlgorithmApplication#使用SHA1算法计算文件openssl1.txt的哈希值[root@centos7~]#openssldgst-sha1openssl1.txtopenssl1.txt:Nosuchfileordirectory[root@centos7~]#touchopenssl1.txt[root@centos7~]#openssldgst-sha1openssl1.txtSHA1(openssl1.txt)=da39a3ee5e6b4b0d3255bfef95601890afd80709#使用SHA1算法计算文件openssl1.txt.txtsha的哈希值,输出到文件[root@centos7~]#打开slsha1-outsha1.txtopenssl1.txt[root@centos7~]#catsha1.txtSHA1(openssl1.txt)=da39a3ee5e6b4b0d3255bfef95601890afd80709对称加密应用程序#将文件openssl1.txt用base64编码输出到文件jiami.txt[root@centos7~]#catopenssl1.txtopenssl[root@centos7~]#opensslbase64-inopenssl1.txt-outjiami.txt[root@centos7~]#catjiami.txtb3BlbnNzbAo=DSAapplication#Generate1024-bitDSA参数设置,并输出到文件jm.pem[root@centos7~]#openssldsaparam-outjm.pem1024GeneratingDSAparameters,1024bitlongprimeThiscouldtakesometime.......+..........+......................+......+............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+.........+......+.....+..+......+........+......+......……+…………+………………............+................+........+......................+....+.+......+....+......................+...............................+..............+。+……+…………+…………+…………++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*[root@centos7~]#?cat?jm.pem-----BEGIN?DSA?PARAMETERS-----MIIBHgKBgQCR+2rHHnotQERnaw1i3PaeeGyhZHP7Mjih9RAnNRv3oe+HO2AgiLgrvWLbT/oRNZhdnvuW8u8b1dmm9xPwwAfkNt0cPyH+28HNJ6ImoO9qQCBVlgPnwmahWPtA9TXIw7kJVOCUImKKXkbQvKOvlXsTgFHhhQ9GAt9gbHxmWVhqjwIVANzDXsuChXZDNAR6O0Dke4p/4H1XAoGAHzT3cByKaD0IN0zCXA0yXMNlyDtE8w7dlv37LcaR7u0ZV1r4zof/g7Pf+GCHbkVUVPzTrrlkn1Wfqtl2QsmT73jMBwPl+z3Oj7DyFb8JNm66epCO1uLaXoIubTZa4QFCuuTarWouizo4qDYQg/vYRDBQK8N5nIh8Wfnte9gqzTY=-----END?DSA?PARAMETERS-----RSA应用#生成1024位RSA私钥,用3DES加密,密码为mingongge,输出到文件rsa.pem[root@centos7~]#opensslgenrsa-outrsa.pem-passoutpass:mingongge-des31024正在生成RSA私钥,1024位长模......++++++......++++++e为65537(0x10001)[root@centos7~]#catrsa.pem-----BEGINRSAPRIVATEKEY-----Proc-Type:4,ENCRYPTEDDEK-Info:DES-EDE3-CBC,34B51F9BE30A3448uvI8+9g2NGBS+t6VoxUW9JvjiSSnXAHVgJXFsiPtQRIQq3tUEv48QVXOXrLMSTeiDOmScLCrU0X+il+Kl2HtTEqmqzxmP+HlbiahSMthTbXUEcqSnKt/80UxzsKFWsaglYj5yl+skQoMYLHt0JSc2MlWA6tAHPdEb4/BoEN0zerhgVcXDlLeFXm7ni1tUmVjmbHmM1TV03kxxzd8KQhFsQkwT/aDtm143rxVrD3NpSS4eXbzm8D4B2A3L0DMaUzkcAql+iggvH4vS3BCKOX6h5Zr9Vyo4CGjvYSyvkASbc+fVKgvmPM9KP0+hedUH2Hc55K1ND5S0TWa2qFWk511tKbpBT9RM5P7ipcnr3tyya/RSpVZT7EpEUm+EokOrvHgSY6AgPSojYdDL3/WrQvJAkMQmuckpEW1lNYGSgFsQmRN8gFb8LXhr+uUf8psT3D9+Cvo5ynkocW1P1sHpJHuA7WtW7SaRbBGwEoPKjzAfKaV41oz9Sknn1PE5LXpvtIAzn/vVbKVQvD3ho2I2RuX5vtI7Jvy/TeKDOO9fAuNKqlR7/MmqE7OiKZovuh2xHRk3d3qif8uH6dCe7l6rElqgONNkYYJ/dBgJ+ZV15ahJFNK10JoBqFgF9dj+vFumWGt7FuN2kk7Qe1YSn13ZZ7M10EWDPxaMXSnjynazC8MLnokRwf1SwqsZW250J9/dbvtBEE00IQWC+RmaRgJV+H+3gvCHyMZBRGaxUKiOftrM9Ir3w28wk2jwgSm6v6p/WUg4JUMPAqjft82lv+MwfKn4OHnuIyfgrZGB6+oR52BToQ=-----RSA私钥结束-----每天学一个Linux命令(103):dstat每天学一个Linux命令(104):zcat每天学一个Linux命令(105):tee
