mirror of
https://github.com/fofolee/uTools-Manuals.git
synced 2026-03-03 11:30:42 +08:00
语法高亮,滚动条美化,设置页面调整
This commit is contained in:
fofolee
@@ -19,70 +19,70 @@
|
||||
<h3 id="实例">实例</h3>
|
||||
<p><strong>1、使用 openssl 生成密码</strong></p>
|
||||
<p>几乎所有 Linux 发行版都包含 openssl。我们可以利用它的随机功能来生成可以用作密码的随机字母字符串。</p>
|
||||
<div class="sourceCode" id="cb1"><pre class="sourceCode bash"><code class="sourceCode bash"><a class="sourceLine" id="cb1-1" data-line-number="1"><span class="ex">openssl</span> rand -base64 10</a>
|
||||
<div class="sourceCode" id="cb1"><pre><code class="language-bash"><a class="sourceLine" id="cb1-1" data-line-number="1"><span class="ex">openssl</span> rand -base64 10</a>
|
||||
<a class="sourceLine" id="cb1-2" data-line-number="2"><span class="co"># nU9LlHO5nsuUvw==</span></a></code></pre></div>
|
||||
<p>nU9LlHO5nsuUvw==</p>
|
||||
<p><strong>2、消息摘要算法应用例子</strong></p>
|
||||
<p>用SHA1算法计算文件file.txt的哈西值,输出到stdout:</p>
|
||||
<pre><code># openssl dgst -sha1 file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl dgst -sha1 file.txt</code></pre>
|
||||
<p>用SHA1算法计算文件file.txt的哈西值,输出到文件digest.txt:</p>
|
||||
<pre><code># openssl sha1 -out digest.txt file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl sha1 -out digest.txt file.txt</code></pre>
|
||||
<p>用DSS1(SHA1)算法为文件file.txt签名,输出到文件dsasign.bin。签名的private key必须为DSA算法产生的,保存在文件dsakey.pem中。</p>
|
||||
<pre><code># openssl dgst -dss1 -sign dsakey.pem -out dsasign.bin file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl dgst -dss1 -sign dsakey.pem -out dsasign.bin file.txt</code></pre>
|
||||
<p>用dss1算法验证file.txt的数字签名dsasign.bin,验证的private key为DSA算法产生的文件dsakey.pem。</p>
|
||||
<pre><code># openssl dgst -dss1 -prverify dsakey.pem -signature dsasign.bin file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl dgst -dss1 -prverify dsakey.pem -signature dsasign.bin file.txt</code></pre>
|
||||
<p>用sha1算法为文件file.txt签名,输出到文件rsasign.bin,签名的private key为RSA算法产生的文件rsaprivate.pem。</p>
|
||||
<pre><code># openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt</code></pre>
|
||||
<p>用sha1算法验证file.txt的数字签名rsasign.bin,验证的public key为RSA算法生成的rsapublic.pem。</p>
|
||||
<pre><code># openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt</code></pre>
|
||||
<p><strong>3、对称加密应用例子</strong></p>
|
||||
<p>对称加密应用例子,用DES3算法的CBC模式加密文件plaintext.doc,加密结果输出到文件ciphertext.bin。</p>
|
||||
<pre><code># openssl enc -des3 -salt -in plaintext.doc -out ciphertext.bin</code></pre>
|
||||
<pre><code class="language-bash"># openssl enc -des3 -salt -in plaintext.doc -out ciphertext.bin</code></pre>
|
||||
<p>用DES3算法的OFB模式解密文件ciphertext.bin,提供的口令为trousers,输出到文件plaintext.doc。注意:因为模式不同,该命令不能对以上的文件进行解密。</p>
|
||||
<pre><code># openssl enc -des-ede3-ofb -d -in ciphertext.bin -out plaintext.doc -pass pass:trousers</code></pre>
|
||||
<pre><code class="language-bash"># openssl enc -des-ede3-ofb -d -in ciphertext.bin -out plaintext.doc -pass pass:trousers</code></pre>
|
||||
<p>用Blowfish的CFB模式加密plaintext.doc,口令从环境变量PASSWORD中取,输出到文件ciphertext.bin。</p>
|
||||
<pre><code># openssl bf-cfb -salt -in plaintext.doc -out ciphertext.bin -pass env:PASSWORD</code></pre>
|
||||
<pre><code class="language-bash"># openssl bf-cfb -salt -in plaintext.doc -out ciphertext.bin -pass env:PASSWORD</code></pre>
|
||||
<p>给文件ciphertext.bin用base64编码,输出到文件base64.txt。</p>
|
||||
<pre><code># openssl base64 -in ciphertext.bin -out base64.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl base64 -in ciphertext.bin -out base64.txt</code></pre>
|
||||
<p>用RC5算法的CBC模式加密文件plaintext.doc,输出到文件ciphertext.bin,salt、key和初始化向量(iv)在命令行指定。</p>
|
||||
<pre><code># openssl rc5 -in plaintext.doc -out ciphertext.bin -S C62CB1D49F158ADC -iv E9EDACA1BD7090C6 -K 89D4B1678D604FAA3DBFFD030A314B29</code></pre>
|
||||
<pre><code class="language-bash"># openssl rc5 -in plaintext.doc -out ciphertext.bin -S C62CB1D49F158ADC -iv E9EDACA1BD7090C6 -K 89D4B1678D604FAA3DBFFD030A314B29</code></pre>
|
||||
<p><strong>4、Diffie-Hellman应用例子</strong></p>
|
||||
<p>使用生成因子2和随机的1024-bit的素数产生D0ffie-Hellman参数,输出保存到文件dhparam.pem</p>
|
||||
<pre><code># openssl dhparam -out dhparam.pem -2 1024</code></pre>
|
||||
<pre><code class="language-bash"># openssl dhparam -out dhparam.pem -2 1024</code></pre>
|
||||
<p>从dhparam.pem中读取Diffie-Hell参数,以C代码的形式,输出到stdout。</p>
|
||||
<pre><code># openssl dhparam -in dhparam.pem -noout -C</code></pre>
|
||||
<pre><code class="language-bash"># openssl dhparam -in dhparam.pem -noout -C</code></pre>
|
||||
<p><strong>5、DSA应用例子应用例子</strong></p>
|
||||
<p>生成1024位DSA参数集,并输出到文件dsaparam.pem。</p>
|
||||
<pre><code># openssl dsaparam -out dsaparam.pem 1024</code></pre>
|
||||
<pre><code class="language-bash"># openssl dsaparam -out dsaparam.pem 1024</code></pre>
|
||||
<p>使用参数文件dsaparam.pem生成DSA私钥匙,采用3DES加密后输出到文件dsaprivatekey.pem</p>
|
||||
<pre><code># openssl gendsa -out dsaprivatekey.pem -des3 dsaparam.pem</code></pre>
|
||||
<pre><code class="language-bash"># openssl gendsa -out dsaprivatekey.pem -des3 dsaparam.pem</code></pre>
|
||||
<p>使用私钥匙dsaprivatekey.pem生成公钥匙,输出到dsapublickey.pem</p>
|
||||
<pre><code># openssl dsa -in dsaprivatekey.pem -pubout -out dsapublickey.pem</code></pre>
|
||||
<pre><code class="language-bash"># openssl dsa -in dsaprivatekey.pem -pubout -out dsapublickey.pem</code></pre>
|
||||
<p>从dsaprivatekey.pem中读取私钥匙,解密并输入新口令进行加密,然后写回文件dsaprivatekey.pem</p>
|
||||
<pre><code># openssl dsa -in dsaprivatekey.pem -out dsaprivatekey.pem -des3 -passin</code></pre>
|
||||
<pre><code class="language-bash"># openssl dsa -in dsaprivatekey.pem -out dsaprivatekey.pem -des3 -passin</code></pre>
|
||||
<p><strong>6、RSA应用例子</strong></p>
|
||||
<p>产生1024位RSA私匙,用3DES加密它,口令为trousers,输出到文件rsaprivatekey.pem</p>
|
||||
<pre><code># openssl genrsa -out rsaprivatekey.pem -passout pass:trousers -des3 1024</code></pre>
|
||||
<pre><code class="language-bash"># openssl genrsa -out rsaprivatekey.pem -passout pass:trousers -des3 1024</code></pre>
|
||||
<p>从文件rsaprivatekey.pem读取私匙,用口令trousers解密,生成的公钥匙输出到文件rsapublickey.pem</p>
|
||||
<pre><code># openssl rsa -in rsaprivatekey.pem -passin pass:trousers -pubout -out rsapubckey.pem</code></pre>
|
||||
<pre><code class="language-bash"># openssl rsa -in rsaprivatekey.pem -passin pass:trousers -pubout -out rsapubckey.pem</code></pre>
|
||||
<p>用公钥匙rsapublickey.pem加密文件plain.txt,输出到文件cipher.txt</p>
|
||||
<pre><code># openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in plain.txt -out cipher.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in plain.txt -out cipher.txt</code></pre>
|
||||
<p>使用私钥匙rsaprivatekey.pem解密密文cipher.txt,输出到文件plain.txt</p>
|
||||
<pre><code># openssl rsautl -decrypt -inkey rsaprivatekey.pem -in cipher.txt -out plain.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl rsautl -decrypt -inkey rsaprivatekey.pem -in cipher.txt -out plain.txt</code></pre>
|
||||
<p>用私钥匙rsaprivatekey.pem给文件plain.txt签名,输出到文件signature.bin</p>
|
||||
<pre><code># openssl rsautl -sign -inkey rsaprivatekey.pem -in plain.txt -out signature.bin</code></pre>
|
||||
<pre><code class="language-bash"># openssl rsautl -sign -inkey rsaprivatekey.pem -in plain.txt -out signature.bin</code></pre>
|
||||
<p>用公钥匙rsapublickey.pem验证签名signature.bin,输出到文件plain.txt</p>
|
||||
<pre><code># openssl rsautl -verify -pubin -inkey rsapublickey.pem -in signature.bin -out plain</code></pre>
|
||||
<pre><code class="language-bash"># openssl rsautl -verify -pubin -inkey rsapublickey.pem -in signature.bin -out plain</code></pre>
|
||||
<p>从X.509证书文件cert.pem中获取公钥匙,用3DES加密mail.txt,输出到文件mail.enc</p>
|
||||
<pre><code># openssl smime -encrypt -in mail.txt -des3 -out mail.enc cert.pem</code></pre>
|
||||
<pre><code class="language-bash"># openssl smime -encrypt -in mail.txt -des3 -out mail.enc cert.pem</code></pre>
|
||||
<p>从X.509证书文件cert.pem中获取接收人的公钥匙,用私钥匙key.pem解密S/MIME消息mail.enc,结果输出到文件mail.txt</p>
|
||||
<pre><code># openssl smime -decrypt -in mail.enc -recip cert.pem -inkey key.pem -out mail.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl smime -decrypt -in mail.enc -recip cert.pem -inkey key.pem -out mail.txt</code></pre>
|
||||
<p>cert.pem为X.509证书文件,用私匙key,pem为mail.txt签名,证书被包含在S/MIME消息中,输出到文件mail.sgn</p>
|
||||
<pre><code># openssl smime -sign -in mail.txt -signer cert.pem -inkey key.pem -out mail.sgn</code></pre>
|
||||
<pre><code class="language-bash"># openssl smime -sign -in mail.txt -signer cert.pem -inkey key.pem -out mail.sgn</code></pre>
|
||||
<p>验证S/MIME消息mail.sgn,输出到文件mail.txt,签名者的证书应该作为S/MIME消息的一部分包含在mail.sgn中</p>
|
||||
<pre><code># openssl smime -verify -in mail.sgn -out mail.txt</code></pre>
|
||||
<pre><code class="language-bash"># openssl smime -verify -in mail.sgn -out mail.txt</code></pre>
|
||||
<p>更多实例:</p>
|
||||
<pre><code>openssl version -a
|
||||
<pre><code class="language-bash">openssl version -a
|
||||
openssl help
|
||||
openssl genrsa -aes128 -out fd.key 2048 # pem format
|
||||
openssl rsa -text -in fd.key</code></pre>
|
||||
|
||||
Reference in New Issue
Block a user