摘要算法
[root@localhost ~]# openssl dgst -help #默认sha256
Usage: dgst [options] [file...]
file... files to digest (default is stdin)
-help Display this summary
-c Print the digest with separating colons
-r Print the digest in coreutils format
-out outfile Output to filename rather than stdout
-passin val Input file pass phrase source
-sign val Sign digest using private key #签名,使用RSA DSA ECDSA私钥签名
-verify val Verify a signature using public key #使用公钥验证签名
-prverify val Verify a signature using private key
-signature infile File with signature to verify #签名文件(与verify合用)
-keyform format Key file format (PEM or ENGINE)
-hex Print as hex dump #十六进制输出,默认就是-hex
-binary Print in binary form
-d Print debug info
-debug Print debug info
-fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint
-hmac val Create hashed MAC with key
-mac val Create MAC (not necessarily HMAC)
-sigopt val Signature parameter in n:v form
-macopt val MAC algorithm parameters in n:v form or key
-* Any supported digest
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-engine val Use engine e, possibly a hardware device
[root@localhost ~]# echo 'redhat' | openssl dgst -md5
(stdin)= bdb52aae3b5566607f3e6023ef2e74e5
[root@localhost ~]# echo 'redhat' | openssl dgst -sha256
(stdin)= 75fa176aecdc7a1b6b53778b38eac87c7152d5c916a755cb56071a93c01e040d
[root@localhost ~]# echo 'redhat' | openssl dgst -sha512
(stdin)= 20641bd9d93708c844f59bf5f5d5bfb16fd5c3cece84127f56072579f778e6aca04ca7985eb4a7f555bd9532115205884d11fc5323534618da7596c300b4666d
[root@localhost ~]# echo 'Redhat' | openssl dgst -md5
(stdin)= a2025805f5419fba99ba023354149090
[root@localhost ~]# echo 'Redhat' | openssl dgst -sha256
(stdin)= e06c5bb14a7e3b1bd58a4ff61a4cbe2c4fc61c172bdff7899be50adf2b4d3563
[root@localhost ~]# echo 'Redhat' | openssl dgst -sha512
(stdin)= 3005c755cba891b42c96ad7ab382f0fac402055b11cdedba7bcbdb33a7b47f55e1774ae25ec14874559c6b01691988b6f587f48c3be3fc7339a084ef51735df9
对称加密
[root@localhost ~]# openssl enc -help
Usage: enc [options]
Valid options are:
-help Display this summary
-ciphers List ciphers
-in infile Input file
-out outfile Output file
-pass val Passphrase source
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-v Verbose output
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
-bufsize val Buffer size
-k val Passphrase
-kfile infile Read passphrase from file
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-z Use zlib as the 'encryption'
-engine val Use engine, possibly a hardware device
[root@localhost ~]# openssl enc -ciphers
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes192
-aes192-wrap -aes256 -aes256-wrap
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -idea -idea-cbc
-idea-cfb -idea-ecb -idea-ofb
-rc2 -rc2-128 -rc2-40
-rc2-40-cbc -rc2-64 -rc2-64-cbc
-rc2-cbc -rc2-cfb -rc2-ecb
-rc2-ofb -rc4 -rc4-40
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb -sm4
-sm4-cbc -sm4-cfb -sm4-ctr
-sm4-ecb -sm4-ofb [root@localhost ~]# cat test
0123456789
alnkldljkdldjslflslsls
ldljfdsnjldsjlffsdlfj
fldfjdsfflsdfjsdljflsdfjl
jlfjldsfjjodsfjwej2o99ojkl
[root@localhost ~]# openssl enc -e -aes128 -a -k 123456789 -in test -out test_enc -pbkdf2
[root@localhost ~]# cat test_enc
U2FsdGVkX1/Y3xaAkBV42ZQXSrMuasKjq9jYRonHmE3YXv5qcv7rzxOpNxX09DrR
JmBbjzGF6dMmLBfaPIfm6x0ajzHzBojlfRM4Ulq+KUximcCe8X7+sm00ldtvVe21
KnTP85W/vFtmIR0cgARVhrWf94sboXm+ubIV+Qo1jK0=
[root@localhost ~]# openssl enc -d -aes128 -a -k 123456789 -in test_enc -out test_des #解密
[root@localhost ~]# openssl enc -e -aes128 -a -pass pass:123456789 -in test -out test_enc1 -pbkdf2
[root@localhost ~]# openssl enc -d -aes128 -a -pass pass:123456789 -in test_enc1 -out test_des1
[root@localhost ~]# openssl enc -e -aes128 -a -pass pass:123456789 -in test -out test_enc1 -p
salt=3834AB80CB0D45C9
key=25E62D924ACE8BD4F8CC4429CCD54875
iv =072829CEACAD01641D63EAEF58723C01
# -pass pass:123456 对应-k
# -pass file:passwd.txt 对应-kfile
# -pass env:passwd:使用环境变量;env表示环境变量
# -pass stdin 使用标准输入,默认是使用标准输入
# -pass fd:1 使用文件描述符,fd表示文件描述符
RSA非对称加密
- 生成私钥
使用 genrsa 来生成私钥
-aes256 是使用aes256加密这个私钥
-passout 是加密的密钥
-out 指明输出文件
2048是私钥的长度,这个2048 是放在最后的。老版本默认是1024位
还有DER格式,生成的私钥是Base64编码的,perm格式使用的是base64编码。
[root@localhost ~]# mkdir rsa
[root@localhost ~]# cd rsa
[root@localhost rsa]# openssl genrsa -aes256 -passout pass:test123 -out test_rsa_aes_prikey 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
......................+++++
e is 65537 (0x010001) #公钥指数, e值表示公用指数,默认情况下会被设置为65537。这是所谓的短公用指数(short public exponent),它可以显著提高RSA的验证性能。
[root@localhost rsa]# cat test_rsa_aes_prikey
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,EE88B4C778CCBFE0ADCA542815FAD479
lWXpOQOSHHmjHi7bRJTfuocwVw3r485E+zqnxOoMe3b5UW07L/3He5MKn6LwS7qc
jiHqoDKwXp00E5vOvegnR6LPK/pO3GPB5P+B0FiAn/wWv2pZ+OvIiq7xF3IQ+l5u
qazf2qLnR4nPlVn9slLNFNhun6gDDWLMkW+4GoD5CelAGlqEVX3XmhAfHv5SnCqV
tL3cT2lH8Y39jztgak7BEmDrLMBlGV0kK537otQW+8LgAtGqQbnmG6HXe15zm64o
WmF0abQ2iopOjGIoq0G+LpdezHiCvo/HWA6Rrle/Le0wN7ri7btOR5MBr8dT94rd
q+OiHixti124+GIJoPPCDCuCjJhNObXMYPRnRHZxP29eM4RKaRzy9bJ53ygnf37P
ozOK+qoIl0qWALuqPOq5DG+8MzMyUO6mOaWtyxWnQkYwz9SrqGVsdFZnMJtW1Ys/
/LAxiZ61M/U5Bf4YhPriz0U3eltZt0m/CGGXy61bEXS+ezZ/bQckbXgsKsk7LhiI
v0Qhufhw5lCzGpYu+RAmMq/+DeGqYtmf3G4tC3xo6k+iqZ52pX2OUPzYgsaQl1k0
YUMWn3NrWfWYwdI6xcZ/UXESbcVfaMQgu5NFxaXOqmO0Fw7qkMVR18GtbIjpkST4
GG+N2x+jxziPau6/3aFX7jgLl/ctyLr5xIzX7B5QEVLQkiwzunInqZpStYQj2h1H
Tc+vS/51QBFL6pTv2QbTfROJG471183sqt77wq+EPKyuAUSMo/6FmUOS5tdhShmT
+ucH7uqDKLPM5etXsA/1uUFQJALJtuy1AIDljyuXOswtjU7bCmrfEDjVIzOpgpQ+
CTPsWT42Cp1ylH7vPFqIdvSTM887XDDbX/c5UEeejlreTBF9J5pZJ+v9WQ4risqp
3rhhvtm3o4ud7DOXVFeDNURJ+QFjxb+Bw2mf0WDldP/c6EBDotqxL0Uo5q4FiUvF
jIh3AU7uVkiOPS/33jwUXOaobmEcS5ibj74ubrE8Ka5cVoQCleaMWnxYZV+O3Ovy
YFBaDV8o6luiMpCYy4Ba+veHLT6Neye0D1NlHdC/NcAr1frWLFpgyro+rJ7gEFII
1CtR3Nvw/PPK9Jd6pXCIY6d4MMZDrYIafhDGRnASW4e2rv5N20mHjg8qu7laLNl/
UlbuLfBWZUpX5KaBLPFMm7POnktZHaKiDpNUHvfS84ZnF22HAdhz3Bbru1CrKhyI
U4APHrLR+dKuHP+xg4fSPvcgy61ouhnP0X7Q2ibPP2my1M2rPjGxY74bQlwf5HnA
luWzGd5MvYn71/ovMZqi6XY7c2VjEBPYH4dss6EmEiAHXRRYpkSBXq7R2xNRtjHx
AQYg97KxqJzJqk2iKERktZSVkOppMl9aQfezZvIK5toYB1a6gKkqjyOD8TbMWfp/
uPJnJE6JtcOh1ba++nFlUvUKZ6MdskdDahOdl3rixuxUBx/Q8RRF7VMLIk1dXb8k
l3fS1sqzfwEMJjLay2eU1BPCkvkxKGBtwZlo0LByjzKZseyH13G222XUOJv4p+uk
tgXPdC74B3DBkRR/X7JfIfa/yrg6FJvIXzasH3QHlz9ECoxe90xDFMOt+0wD9a4X
-----END RSA PRIVATE KEY-----
[root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey
Enter pass phrase for test_rsa_aes_prikey:
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAm4J/cx6HD/AUTkRum6fOwsyuP6GO8iIhFemCZVXIPAMLq+I6
RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKpheR62CnUn5VQuxk56sCPgBV0HfBg
NnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoIfpcKgFsTvcx18GvXmorpwZjmjuf+
dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHauUxAvSKPWvvZYocxKh2FALLKoop2+
G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1iOqYU496RFLHygCjUQ+zEblCbrwo
d4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6dNwIDAQABAoIBAGvQvQYWSzOskpd0
8G6wmDQMbl6lZxLOwLuNap9RKwMYZXYk4Zr694cLzuoP+9R1l2285PrXJtW1PAie
ePXmAGxY7SaDUevWPOOK6NGt8Y+u0BOVvU7kRazVxPzNPKVpFYD6y1bXSUZgGZih
b6cm5W7GzzwQaQ50++vVCOUXnFtgzwI99dSviilsomxsekdgVTdaU5VOErcUg/kc
6+QUUBJRJKnp0O+3gGDiY1QcyeTDIZ7CjaHjow1q+s5bxRRo9n4tHUWoaf3izvDm
5SWYwCkuFWb8Pc7o0X2c2wC2zWq4JaraswXsXfQ8Y3m9zFafeyyKHJNJnBt4vnGc
dg9OmZkCgYEAyXzuUrJKMYINpgzGG+jnKOuYT1Ieogin9q4iBgIfzaqM581j8LOD
TK3EeGI6v0iTavI49bG6udu0+15Wi1a/aiIZFNqZGzEnc4NxVw+hyZT+cUczFHC0
Rd+WzO4VkALhshG8SiWknVO3hFQptOb7g5VEo1Epm/TY3jFaLFrPub0CgYEAxZUc
Yfd+Ljuvo/HXBIkfdpaNCl4lon3oLh1upxkH5CdNlez9V8uzrnDP2vzqhaM6O24r
KmPHFMlHGvIAMTIx68t9llf9RdbnzdNT7z3ALmZcyaUBBhzH8dBHuYUAwxI8fJk8
7qwdOX+sBTtuXmgM/v5s0uegcJ2OEevQwn58MAMCgYB/mb7UYFTcRaCfKDfONREv
uQQcN8VumEzGzEB/zZiWhwv1QP2p0gW06dci5hKOUUgK0pt//a5jReC30Ga+l5Fh
hXac3lNYBSkW3odIu32aS+FXm9+dckK4fYDjB2Rgb3K/crvruSsm932hMCu5hQ6D
pmRxiVTwj39IN7kDnf8vgQKBgCWcI6H2VXuBewaPE2nWnDmboM9XanyK0PZuPdDq
79ibLqaaTQM4UESlTruVpyK3Fm+XofnYsl2fjrxvUmAK+Pu0aXyD1T9FECzazEBf
FcT/USxFD3PVaK38Apsq2SFIyGDDXpjkBFAcoGcCkBjCX67uSVLAKoclRpTcuYk8
QHF3AoGBAIla5lKv5mpAx8WZBJGnifEwXDiizzbrFiCyzgUTL3zn1Idr+V8OAfGZ
aYBa89DO4bP176L3ptKt/PK09o/2NTQSuYGCMeBQuC9SRdvviMyPyrGdPVuCFTU7
Y5zWioAOGECglWjwvQyw07+Tg27vyt+hLemXCArwosBElqqFYBv9
-----END RSA PRIVATE KEY-----
[root@localhost rsa]# openssl rsa -pubout -in test_rsa_aes_prikey
Enter pass phrase for test_rsa_aes_prikey:
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4J/cx6HD/AUTkRum6fO
wsyuP6GO8iIhFemCZVXIPAMLq+I6RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKp
heR62CnUn5VQuxk56sCPgBV0HfBgNnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoI
fpcKgFsTvcx18GvXmorpwZjmjuf+dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHau
UxAvSKPWvvZYocxKh2FALLKoop2+G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1
iOqYU496RFLHygCjUQ+zEblCbrwod4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6d
NwIDAQAB
-----END PUBLIC KEY-----[root@localhost rsa]# openssl rsa --help
Usage: rsa [options]
Valid options are:
-help Display this summary
-inform format Input format, one of DER NET PEM
-outform format Output format, one of DER NET PEM PVK
-in val Input file #指定输入文件;默认in后面指定的是一个私钥信息
-out outfile Output file #指定输出的文件
-pubin Expect a public key in input file #读取公钥信息 ;如果-in指定的是一个公钥;默认in指定的是一个私钥信息
-pubout Output a public key #输出公钥信息;根据私钥的信息得出公钥
-passout val Output file pass phrase source #私钥密码;用于将非加密的私钥转换成加密的私钥
-passin val Input file pass phrase source #私钥生成时的私钥密码 ; 用于将加密的私钥解密
-RSAPublicKey_in Input is an RSAPublicKey
-RSAPublicKey_out Output is an RSAPublicKey
-noout Don't print key out #不输出私钥(或公钥)本身
-text Print the key in text #以文本形式显示
-modulus Print the RSA key modulus
-check Verify key consistency
-* Any supported cipher
-pvk-strong Enable 'Strong' PVK encoding level (default)
-pvk-weak Enable 'Weak' PVK encoding level
-pvk-none Don't enforce PVK encoding
-engine val Use engine, possibly a hardware device
[root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -passout pass:test123 -out enc_rsa_2048_prikey
Enter pass phrase for test_rsa_aes_prikey:
writing RSA key
[root@localhost rsa]# openssl rsa -pubout -in enc_rsa_2048_prikey
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4J/cx6HD/AUTkRum6fO
wsyuP6GO8iIhFemCZVXIPAMLq+I6RJI1rre4DQUe8JN0/WeLE/8V3v7SLSqY/hKp
heR62CnUn5VQuxk56sCPgBV0HfBgNnUjP30G57N5OREpRUvgkg13YXCFGxm+gBoI
fpcKgFsTvcx18GvXmorpwZjmjuf+dSftwYeyJ2Ylk8uAWvJFQziN6WBjhiPnIHau
UxAvSKPWvvZYocxKh2FALLKoop2+G7NWP4NuvQw+bo1vgJwxWJUgUx3v2amvMNs1
iOqYU496RFLHygCjUQ+zEblCbrwod4RNUNpA4ApTXyVd/o11x2tf6b4DferPAM6d
NwIDAQAB
-----END PUBLIC KEY-----
[root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -ase128 -passout pass:test123 -out enc_rsa_2048_prikey
#私钥是否加密是可以生成之后再改变的- 格式转换
#默认是pem 格式 转换成der格式
[root@localhost rsa]# openssl rsa -in test_rsa_aes_prikey -outform der -out 2048prikey.der
Enter pass phrase for test_rsa_aes_prikey:
writing RSA key
#将der格式转换为pem格式
[root@localhost rsa]# openssl rsa -in 2048prikey.der -inform der -outform pem -out 2048prikey.pem
writing RSA key
#pkcs8 格式转换 默认 pem 格式
[root@localhost rsa]# openssl pkcs8 -topk8 -inform pem -in test_rsa_aes_prikey -outform pem -nocrypt
Enter pass phrase for test_rsa_aes_prikey:
3.使用公钥和私钥进行解密解密
[root@localhost rsa]# openssl rsautl -help
Usage: rsautl [options]
Valid options are:
-help Display this summary
-in infile Input file #输入文件(待加密或待解密的文件)
-out outfile Output file #输出文件,加密解密后的文件
-inkey val Input key #密钥输入
-keyform PEM|DER|ENGINE Private key format - default PEM #私钥格式
-pubin Input is an RSA public #表明输入的是公钥(默认是私钥)
-certin Input is a cert carrying an RSA public key #指定证书(从证书读取公钥)
-ssl Use SSL v2 padding
-raw Use no padding #无填充,加密的文件要是117或 245字节(正好117或245个字节)
-pkcs Use PKCS#1 v1.5 padding (default)
-oaep Use PKCS#1 OAEP
-sign Sign with private key #表明使用私钥签名
-verify Verify with public key #表明使用公钥验证签名
-asn1parse Run output through asn1parse; useful with -verify
-hexdump Hex dump output #以十六进制形式输出
-x931 Use ANSI X9.31 padding
-rev Reverse the order of the input buffer
-encrypt Encrypt with public key #使用公钥加密
-decrypt Decrypt with private key #使用私钥解密
-passin val Input file pass phrase source #输入文件的自身的密码
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-engine val Use engine, possibly a hardware device使用公钥加密一个文件 能加密的文件的大小和公钥的大小有关,2048位的公钥可以加密 (2048) / 8-11 = 245 字节的明文 ,而 1024位的密钥可以加密 (1024)/ 8 -11 = 117 字节的明文。11 字节是填充信息的元数据。加密后的文件和密钥的长度一致。如果待加密的文件很小,那么会使用填充,已达到2048或1024位。
4.ECDSA
生成 ecdsa 私钥,ecdsa 无法设定密钥位数,要选择一个椭圆曲线(-name)
选择了曲线也就选择了位数,secp256k1(prime256v1) 就是生成 256位的ECDSA密钥,openssl有很多条可供选择的曲线,使用-list_curves选项可以查看所有的椭圆曲线,但是大多数web服务器只支持prime256v1和secp384r1 。256位的密钥在安全和效率上都很好了,是个平衡的选择。
- 生成ecdsa私钥
[root@localhost rsa]# openssl ecparam -genkey -name secp256k1 -out ecprikey.pem
[root@localhost rsa]# ll ecprikey.pem
-rw-------. 1 root root 294 10月 24 10:55 ecprikey.pem
[root@localhost rsa]# openssl ecparam -in ecprikey.pem -text
ASN1 OID: secp256k1
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
#查看ECDSA私钥和公钥
[root@localhost rsa]# openssl ec -in ecprikey.pem -text
read EC key
Private-Key: (256 bit)
priv:
82:40:8c:42:88:34:7e:11:f1:da:0c:e5:db:3b:c2:
5c:6b:54:75:04:56:de:be:13:9f:44:42:d4:4f:bd:
78:60
pub:
04:ee:fa:a7:ab:dd:96:e6:9a:cc:af:32:54:92:65:
2a:57:f1:d5:7e:30:7a:f0:b8:ce:de:84:e5:1a:d9:
b8:5f:40:93:4c:55:98:3a:ea:9b:3b:b7:48:ac:26:
e3:23:5a:68:89:c4:dc:df:f8:40:d0:a1:10:09:a0:
58:35:22:33:f5
ASN1 OID: secp256k1
writing EC key
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIIJAjEKINH4R8doM5ds7wlxrVHUEVt6+E59EQtRPvXhgoAcGBSuBBAAK
oUQDQgAE7vqnq92W5prMrzJUkmUqV/HVfjB68LjO3oTlGtm4X0CTTFWYOuqbO7dI
rCbjI1poicTc3/hA0KEQCaBYNSIz9Q==
-----END EC PRIVATE KEY-----
#提取公钥
[root@localhost rsa]# openssl ec -in ecprikey.pem -pubout -out ecpubkey.pem
read EC key
writing EC key
[root@localhost rsa]# cat ecpubkey.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE7vqnq92W5prMrzJUkmUqV/HVfjB68LjO
3oTlGtm4X0CTTFWYOuqbO7dIrCbjI1poicTc3/hA0KEQCaBYNSIz9Q==
-----END PUBLIC KEY-----
5.数字签名
[root@localhost rsa]# cat test
dflslsdfjljlasjlsaf
jdsljlsadfljlsdfjljlsdjlsadfl
kldkjfjjflsadjljlsdfjl
12jlk2309933l990kjldsjs
jdljldsljfdljdslfjlsdjlf
lsldjjlsdfjljlsdjdsjkkldjfjkldsjllfdsjlsadjljlkds
[root@localhost rsa]# openssl dgst -sign 2048prikey.pem -sha256 -out sha256_rsa_sign.test test6.其他一些命令
[root@localhost rsa]# openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 18537221 sha1's in 2.99s
Doing sha1 for 3s on 64 size blocks: 13406053 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 6720935 sha1's in 2.99s
Doing sha1 for 3s on 1024 size blocks: 2231335 sha1's in 3.00s
Doing sha1 for 3s on 8192 size blocks: 310411 sha1's in 2.99s
Doing sha1 for 3s on 16384 size blocks: 159209 sha1's in 3.00s
OpenSSL 1.1.1 11 Sep 2018
built on: Sat Oct 20 07:24:19 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sha1 99195.83k 285995.80k 575437.91k 761629.01k 850463.85k 869493.42k
[root@localhost rsa]# openssl speed sha256
Doing sha256 for 3s on 16 size blocks: 13126781 sha256's in 2.99s
Doing sha256 for 3s on 64 size blocks: 7492471 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 3480299 sha256's in 2.99s
Doing sha256 for 3s on 1024 size blocks: 1063047 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 146308 sha256's in 2.99s
Doing sha256 for 3s on 16384 size blocks: 73537 sha256's in 3.00s
OpenSSL 1.1.1 11 Sep 2018
built on: Sat Oct 20 07:24:19 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sha256 70243.64k 159839.38k 297978.78k 362853.38k 400854.56k 401610.07k
[root@localhost rsa]# openssl rand -hex 16
882b85d660d91c5e85cb5b6ea05ca67c
[root@localhost rsa]# openssl rand -base64 16
lGtlf+yGA0EDF85sAl8XEA==
[root@localhost rsa]# openssl rand -hex -out rand.txt 32
[root@localhost rsa]# cat rand.txt
6ae37cf3b7850b9532e153888ab38bd3ca985360ccc4b977d4c07fbeb5d7f49d