![]() Openssl req -new -key hostca.key -out hostca.req Openssl req -new -x509 -sha1 -key rootca.key -out -days 1000 -subj “/…” Openssl rsa -in target.key -des3 -out enc-target.pem You also can choose the encryption algorithm to cipher the RSA key file.The next command can view the details of RSA key pair. This command create a file contain both public and private key, which are encrypted.you can follow this section’s instruction to create the root certificate and put that into the location mentioned in openssl.cnf file. This section show you how to create root certificate and issue certificate. ![]() You need to configure the computer’s openssl.cnf to set your PC’s CA environment. A self-signed certificate is the center of a Certificate Authority(CA) which can be used to issue other client certificate. create a root Certificate Create a root Certificate means that build a certificate which is self-signed.openssl version -d build your own CA step by step openssl rsautl -verify -in file.sig -out file.digest -inkey pub-key.pem -pubin verify certificate authority (CA) by command line openssl verify pem-file How to retrieve some web site’s certificate by command line? openssl s_client -showcerts -connect > cert_file OpenSSL's system path to store CA. # How to extract pub-key from key.pem refer to above section. # customer can verfiy the digist buy decrypt the signature file to # create a digest file, and compare the digest with the file to # verify the signature. # generate the RSA key key.pem first openssl rsautl -sign -in file.digest -out file.sig -inkey key.pem encrypt the digest to create a signature.# you can choose hash functions listed by OpenSSL dgst - help openssl dgst -sha1 -out file.digest file.txt Create a digest by chosen hash function.This section is a step to step tutorial to illustrate how to create a digit signature and verify it. # encyption, the plain.txt must no longer than 116 bytes = 928 bits openssl rsautl -encrypt -in plain.txt -inkey rsakey.pem -out cipher.txt # much better method, to encrypt by just the public key # openssl rsautl -encrypt -in plain.txt -pubin -inkey pub-rsakey.pem -out cipher.txt # decrypt the cipher.txt openssl rsautl -decrypt -in cipher.txt -inkey rsakey.pem -out plain.txt Create a signature of a file openssl genrsa -out rsakey.pem 2048 # maybe you need to encrypt the key file openssl rsa -in rsakey.pem -des3 -out # you can view the key file details (moduels, private key, public key) openssl rsa -in rsakey.pem -text -noout # yes, you can extract the public key openssl rsa -in rsakey.pem -pubout -out pub-rsakey.pemĮncrypt or decrypt by RSA public key algorithm. ![]() (in this case use aes-256-cbc) openssl enc -aes-256-cbc -in plain.txt -out ciphertext.txt openssl enc -aes-256-cbc -d -in ciphertext.txt -out decrypt.txt asymmetric cipher algorithm (public key algorithm) To see the complete list of the symmetric algorithms: openssl list-cipher-commandsĮncrypt and decrypt by one cipher mentioned above. Following sections provide a tutorial on how to use OpenSSL as a cipher tool. There are some kinds of classification methods of encryption algorithms - asymmetric and symmetric algorithms or secret key and public key algorithms. Use OpenSSL as an encryption and decryption tool And this article collect some the uses of OpenSSL command, which I already tested in the Linux environment. This article has also some extension based above on introduction. There is a Great tutorial of opens command toolkit: OpenSSL introduction. OpenSSL is a great project, which provides an excellent implement of SSL and TLS protocol, and also a great toolkit which can do many of kinds of job-related with cryptography field.
0 Comments
Leave a Reply. |