#采用公钥对文件进行加密 $ openssl rsautl -encrypt -in text -inkey rsa_pub.key -pubin -out text.en #采用私钥解密文件 $ openssl rsautl -decrypt -in text.en -inkey rsa_private.key this is a test
#用私钥对文件进行加密(签名) $openssl rsautl -sign -in text -inkey rsa_private.key -out text.en #用公钥对文件进行解密(校验) $openssl rsautl -verify -in text.en -inkey rsa_pub.key -pubin this is a test
#采用私钥生成一个CSR,过程中需要输入一些信息,这些信息都是公开的 $ openssl req -new -key rsa_private.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:中国 string is too long, it needs to be less than 2 bytes long Country Name (2 letter code) []:CN State or Province Name (full name) []:BEIJING Locality Name (eg, city) []:WANGJING Organization Name (eg, company) []:xxxx Organizational Unit Name (eg, section) []:wewe Common Name (eg, fully qualified host name) []:lll Email Address []:weiyuanke@xx.com Please enter the following 'extra' attributes to be sent with your certificate request #CSR文件生成了,查看一下,可以看到我们输入的信息 $ openssl req -in server.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: C=CN, ST=BEIJING, L=WANGJING, O=xxxx, OU=wewe, CN=lll/emailAddress=weiyuanke@xx.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c0:85:23:50:15:35:1c:4d:5b:f9:7f:6c:cf:07: 4e:7a:01:3d:d8:de:97:4f:3f:c6:11:5c:bb:2f:27: 43:e6:2d:3e:ab:52:df:ba:8b:ea:f5:e3:89:ee:e8: 87:82:76:ef:f1:72:87:5b:ec:02:6c:8e:18:39:95: a2:3c:48:f6:69:21:98:2a:69:5b:ca:f4:21:35:8e: 85:2f:02:28:c5:08:94:02:8d:ee:e9:0f:11:b8:bb: fa:b2:57:87:42:92:b5:d2:57:7b:b2:a8:31:99:ad: de:72:1e:31:0d:5c:ac:ad:e9:01:08:f1:fe:1a:a2: 36:f4:d2:7b:89:91:0e:88:a3:6e:3c:84:7d:32:c8: 6a:64:db:27:87:8f:25:e6:fd:43:84:05:c9:95:4f: 8a:4f:d0:8a:52:66:04:e5:24:81:77:c5:e4:5e:29: 28:e1:df:bd:5e:ac:9a:52:e5:06:01:03:bb:e4:31: 03:0e:3c:50:b7:a7:5e:bb:04:96:63:e6:bb:de:7d: 85:a4:e7:35:dc:b2:f6:52:16:fc:e9:34:96:64:72: 2c:1c:32:bb:9e:a3:b2:c2:64:bd:80:5e:52:6e:2c: c3:37:3c:b8:d0:a1:34:c0:da:cd:3e:ad:cc:56:57: 24:33:d7:b3:2e:e1:30:47:b3:5b:ec:e3:5b:ea:06: 86:9f Exponent: 65537 (0x10001) Attributes: challengePassword :unable to print attribute Signature Algorithm: sha256WithRSAEncryption 30:55:9a:db:3e:a6:ba:99:d8:f0:6f:a9:26:bb:3e:d7:79:1a: ab:ee:99:7a:f5:eb:fa:49:cd:68:10:21:e6:08:a9:73:4e:af: 5a:86:36:a4:8f:02:64:c4:9c:e3:54:0f:1a:56:c8:f3:29:94: 82:cf:a7:da:7a:4b:2f:b3:70:d5:e7:7f:31:6d:0f:a0:9c:06: 15:21:a3:52:66:7c:c0:d6:1d:fa:39:ae:4d:fb:91:d5:44:ea: 96:6c:af:4e:d6:a8:10:92:c2:e1:9b:77:e7:f4:71:bb:78:64: 71:16:01:be:c2:97:77:c6:99:b6:32:a7:e5:30:4d:9f:91:4c: 9e:a3:4b:b8:d9:9e:55:ab:d0:ae:9c:9e:e6:ca:3f:ad:d1:fc: 8a:a6:c8:7a:ec:d6:91:f1:93:5d:57:b9:07:e9:c7:3c:d4:d6: 9b:a6:f3:75:b5:9a:d8:9f:4a:68:40:1c:6a:d8:17:50:81:ca: 30:df:22:50:61:42:6a:6e:ee:12:40:71:63:74:76:55:58:1f: 8e:75:5b:fd:79:0c:b9:fc:3d:ae:8f:d6:a9:5a:c7:bf:b7:20: 29:d7:f1:5f:9f:20:ef:25:f4:05:a8:52:6c:9b:62:9b:3a:9e: 4f:13:d5:c8:31:5a:b3:64:3f:01:91:5c:6e:46:61:f2:69:fe: 00:7e:cb:24