OpenSSL(1)密钥和证书管理

OpenSSL是一个开源项目,包括密码库和SSL/TLS工具集。 从项目的官方站点可以看到:
  OpenSSL项目是安全套接字层( secure sockets layer, SSL)和传输层安全( transport layer security, TLS)协议的一个实现,是大家共同努力开发出的代码可靠、功能齐全、商业级别的开源工具集。项目由遍布世界的志愿者所组成的社区进行管理,他们通过互联网进行沟通、计划和开发OpenSSL工具集以及相关的文档。

       OpenSSL在这一领域已经成为事实上的标准,并且拥有比较长的历史。现在几乎所有的服务器软件和很多客户端软件都在使用OpenSSL,其中基于命令行的工具是进行密钥、证书管理以及测试最常用到的软件了。 

确定 OpenSSL 版本和配置

查看ubuntu版本

OpenSSL(1)密钥和证书管理

查看OpenSSL版本

OpenSSL(1)密钥和证书管理

上面最后一行的输出( /usr/lib/ssl)是OpenSSL默认情况下查找配置和证书的目录 。

misc/目录包含一些补充脚本,其中最有用的脚本允许你实现一个私有的证书颁发机构。 

查看可用命令

OpenSSL(1)密钥和证书管理

第一部分标准命令Standard commands列出了所有可以使用的工具。如果对于某个命令,想获取更加详细的信息,可以使用man加上工具的名称。例如man ciphers会告诉我们密码套件是如何配置的。

第二部分消息摘要命令Message Digest commands展示了可用的消息摘要命令。

第三部分加密命令Cipher commands 展示了所有的加密命令 。

创建可信证书库

OpenSSL没有自带可信根证书(也叫作可信证书库),所以如果你是自己从头开始安装的话,那么就需要从别的地方找找了。一种选择是使用操作系统自带的可信证书库,一般来说没有问题,但是这个可信证书库可能不是最新的。更好的一种选择是从Mozilla那里获取,虽然麻烦一点 。

密钥和证书管理

多数用户借助OpenSSL是因为希望配置并运行能够支持SSL的Web服务器。整个过程包括3个步骤: (1) 生成强加密的私钥; (2) 创建证书签名申请( certificate signing request, CSR)并且发送给CA(3) 在你的Web服务器上安装CA提供的证书。

生成密钥

现在,一般认为2048位的RSA密钥是安全的,所以你应该采用这个长度的密钥。 DSA密钥也应该不少于2048位, ECDSA密钥则应该是256位以上。

使用genrsa命令来生成RSA密钥 

 openssl genrsa -aes128 -out fd.key 2048

OpenSSL(1)密钥和证书管理

这里,我指定私钥会使用AES-128算法来加密保存。

私钥以所谓的PEM格式存储,该格式仅包含文本: 

cat fd.key

OpenSSL(1)密钥和证书管理

乍一看私钥是一堆随机数据,其实不是。你可以使用下面的rsa命令解析出私钥的结构

openssl rsa -text -in fd.key
Private-Key: (2048 bit)
modulus:
    00:b3:02:c2:68:7a:bd:b3:11:47:98:d9:25:e1:21:
    d8:16:84:aa:e7:23:85:aa:f9:38:8f:e2:7f:d1:b5:
    2f:76:c8:5a:d9:75:f9:6c:d2:54:dd:e0:b2:be:3c:
    f6:eb:9b:0e:3d:b6:37:eb:02:d1:44:09:09:40:f8:
    4d:5d:1d:41:1d:53:79:dc:b1:55:2e:e7:8b:0a:62:
    b7:07:2e:55:ef:fc:92:96:6a:ef:3c:27:0a:74:17:
    8e:57:b7:79:d5:83:5f:cc:53:a9:e6:b9:8a:fa:00:
    23:b9:ec:78:e2:a3:69:81:ac:28:3e:06:cb:92:05:
    db:35:7b:00:b3:fc:52:da:2a:17:1c:14:67:67:ad:
    1f:d4:e2:80:51:9f:40:4c:b8:a7:3e:9a:8b:2e:f8:
    5c:a7:dd:73:55:84:c7:4d:9b:eb:24:0a:c7:b6:b0:
    57:fc:96:a2:9a:81:14:18:dc:20:db:8b:d1:31:e1:
    5d:01:78:23:cb:20:1d:c2:a4:fc:bd:da:b2:16:fc:
    63:22:b9:31:d1:50:21:78:07:b6:91:9e:47:10:de:
    80:3d:d4:8e:bb:cb:d0:ca:ba:8e:7b:6d:ba:3c:b5:
    9a:af:49:96:8a:6f:72:bc:cc:a8:73:07:1f:8e:d3:
    77:99:98:72:9e:35:eb:01:70:ee:f5:75:33:e9:ff:
    e3:e5
publicExponent: 65537 (0x10001)
privateExponent:
    7b:17:b5:a8:f4:65:c7:61:65:73:34:36:78:e5:b5:
    da:5e:25:ca:c4:c1:60:7c:f9:28:ef:9d:e7:0d:08:
    f3:4b:f8:34:ba:8b:e6:09:87:b3:fe:93:ca:7e:cf:
    67:d9:7a:64:73:0d:66:7b:cc:7c:55:1e:58:df:a5:
    0b:17:57:b4:1b:b7:9b:4b:11:81:2c:54:8e:b2:ac:
    9a:b2:81:03:82:11:26:7f:a7:bc:1c:38:72:f5:d3:
    ba:7b:7e:ba:94:18:e6:be:cd:00:cb:ab:46:17:9c:
    79:77:a2:f4:6d:5b:da:80:10:37:fe:a2:32:e9:f5:
    ff:83:72:4b:51:81:83:63:f1:89:7b:7e:80:35:5e:
    55:92:8e:11:8c:bb:d8:36:b8:34:02:6d:ed:14:e0:
    09:1a:d2:ea:90:d3:b8:04:cc:c3:48:1d:10:30:39:
    da:e2:ab:a9:f5:a8:83:3b:54:6e:1f:8e:2d:6a:7e:
    5b:2c:ef:0f:6b:b2:d9:33:d1:68:f7:b7:7b:ca:8f:
    bf:33:f6:77:0d:88:f9:18:db:cc:be:16:93:d0:92:
    be:8a:22:8c:aa:da:fa:80:59:eb:69:85:d3:ff:de:
    c1:58:fd:5b:92:37:21:56:eb:56:ad:c4:d0:dd:96:
    cd:55:e6:97:ed:e4:15:fb:10:de:a3:8e:75:0e:c7:
    2d
prime1:
    00:d9:48:10:0b:85:a5:bb:98:ef:03:89:05:37:74:
    9a:97:2b:00:cf:6e:3a:bd:a2:8e:b0:a4:e9:de:32:
    72:14:a8:50:4d:de:b7:d1:fa:bc:3c:43:97:c6:fe:
    d2:24:a2:da:56:ff:40:be:75:bf:ee:63:bf:04:50:
    dc:d3:8d:ea:31:77:11:f8:b1:48:55:39:c5:f1:92:
    46:df:34:68:47:8f:70:3d:72:5c:b8:a7:3d:31:14:
    44:38:f5:ff:2d:38:78:08:34:d0:2b:80:8b:63:fb:
    bc:40:e1:29:91:37:99:f4:0b:36:5a:e5:42:19:81:
    ec:e0:22:30:8c:8e:38:7c:3f
prime2:
    00:d2:e8:dd:6d:e5:e7:62:2c:24:74:fb:c1:e3:52:
    d6:f7:78:29:7d:39:03:65:76:d3:57:84:10:78:7f:
    b1:08:9d:68:ee:f7:5c:50:d7:51:a0:e5:e8:ca:fc:
    7d:2e:18:64:9a:c8:46:89:4d:49:86:5b:73:83:bf:
    66:21:ac:45:98:b5:37:ce:6e:1f:ff:c1:5a:f5:2f:
    1b:e1:67:75:a3:0f:06:cd:17:24:24:69:90:f5:ed:
    2b:c8:b8:9c:be:ab:1f:a8:ba:79:6c:eb:e3:4d:c5:
    c3:00:5c:17:6c:1d:de:c4:50:ff:d8:7c:6e:ef:8b:
    41:c8:40:08:a7:60:b3:e6:db
exponent1:
    00:8c:b1:40:d2:75:23:af:a9:83:7a:c2:8a:82:32:
    1a:b7:af:bc:c2:94:19:ad:19:49:53:d0:35:2f:0f:
    73:17:35:35:6a:76:c0:88:52:d6:f8:1e:bc:74:ba:
    23:d0:5d:33:0c:0a:14:1e:3f:98:9c:00:32:7b:d4:
    f0:68:7c:08:1d:27:80:97:8c:13:ce:3b:ae:94:91:
    a7:1a:78:90:dd:65:5f:c4:29:fd:28:04:02:77:79:
    2c:03:c6:26:09:5d:fb:3b:35:17:66:53:c1:ee:67:
    de:aa:14:22:1a:49:ea:82:3f:90:5e:a2:fc:7e:0f:
    c7:16:0a:8d:6d:35:da:15:79
exponent2:
    00:87:07:3b:2c:ae:f2:32:72:1c:6d:20:f9:82:f6:
    78:56:3b:82:24:7f:a9:e2:fd:ee:54:ab:62:78:23:
    18:4e:71:a8:ca:c5:67:3f:02:7b:6a:4d:87:7a:dd:
    a7:af:29:42:cf:ad:c5:2b:06:66:3a:34:b6:81:f4:
    ba:08:78:e8:9d:d9:f7:7e:9c:16:b4:81:30:20:a5:
    26:6e:6a:f4:6f:8e:a1:46:10:b8:bc:ef:31:35:a1:
    c0:54:63:8d:46:ac:fc:39:e4:18:f5:59:18:4f:a4:
    7b:31:f1:c3:b5:1e:72:8e:b1:64:fb:4e:bf:1f:71:
    c2:8d:d8:21:32:37:c1:35:dd
coefficient:
    00:9a:f0:08:62:0b:0d:0c:d0:ff:23:f1:06:8d:e4:
    8f:db:7d:16:f5:33:d5:6c:d1:dc:1e:d1:35:33:a1:
    4f:7b:e4:ef:ed:eb:ac:a1:36:a1:87:44:f3:e1:d2:
    24:3b:45:c0:d3:47:92:63:ec:ec:06:aa:a4:da:9c:
    f4:0b:97:70:26:d1:c1:33:d8:40:ca:b7:46:95:e3:
    a3:f6:ed:be:76:bf:1d:ee:71:a8:0f:9e:73:9a:e3:
    5c:a1:d4:c3:03:77:29:ea:47:64:a4:e0:ac:4d:c4:
    25:ea:cf:4a:15:58:fa:bb:b0:bd:7d:0c:cd:0f:23:
    fc:9b:a8:72:fb:29:40:72:a7
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAswLCaHq9sxFHmNkl4SHYFoSq5yOFqvk4j+J/0bUvdsha2XX5
bNJU3eCyvjz265sOPbY36wLRRAkJQPhNXR1BHVN53LFVLueLCmK3By5V7/ySlmrv
PCcKdBeOV7d51YNfzFOp5rmK+gAjuex44qNpgawoPgbLkgXbNXsAs/xS2ioXHBRn
Z60f1OKAUZ9ATLinPpqLLvhcp91zVYTHTZvrJArHtrBX/JaimoEUGNwg24vRMeFd
AXgjyyAdwqT8vdqyFvxjIrkx0VAheAe2kZ5HEN6APdSOu8vQyrqOe226PLWar0mW
im9yvMyocwcfjtN3mZhynjXrAXDu9XUz6f/j5QIDAQABAoIBAHsXtaj0ZcdhZXM0
NnjltdpeJcrEwWB8+SjvnecNCPNL+DS6i+YJh7P+k8p+z2fZemRzDWZ7zHxVHljf
pQsXV7Qbt5tLEYEsVI6yrJqygQOCESZ/p7wcOHL107p7frqUGOa+zQDLq0YXnHl3
ovRtW9qAEDf+ojLp9f+DcktRgYNj8Yl7foA1XlWSjhGMu9g2uDQCbe0U4Aka0uqQ
07gEzMNIHRAwOdriq6n1qIM7VG4fji1qflss7w9rstkz0Wj3t3vKj78z9ncNiPkY
28y+FpPQkr6KIoyq2vqAWetphdP/3sFY/VuSNyFW61atxNDdls1V5pft5BX7EN6j
jnUOxy0CgYEA2UgQC4Wlu5jvA4kFN3SalysAz246vaKOsKTp3jJyFKhQTd630fq8
PEOXxv7SJKLaVv9AvnW/7mO/BFDc043qMXcR+LFIVTnF8ZJG3zRoR49wPXJcuKc9
MRREOPX/LTh4CDTQK4CLY/u8QOEpkTeZ9As2WuVCGYHs4CIwjI44fD8CgYEA0ujd
beXnYiwkdPvB41LW93gpfTkDZXbTV4QQeH+xCJ1o7vdcUNdRoOXoyvx9LhhkmshG
iU1Jhltzg79mIaxFmLU3zm4f/8Fa9S8b4Wd1ow8GzRckJGmQ9e0ryLicvqsfqLp5
bOvjTcXDAFwXbB3exFD/2Hxu74tByEAIp2Cz5tsCgYEAjLFA0nUjr6mDesKKgjIa
t6+8wpQZrRlJU9A1Lw9zFzU1anbAiFLW+B68dLoj0F0zDAoUHj+YnAAye9TwaHwI
HSeAl4wTzjuulJGnGniQ3WVfxCn9KAQCd3ksA8YmCV37OzUXZlPB7mfeqhQiGknq
gj+QXqL8fg/HFgqNbTXaFXkCgYEAhwc7LK7yMnIcbSD5gvZ4VjuCJH+p4v3uVKti
eCMYTnGoysVnPwJ7ak2Het2nrylCz63FKwZmOjS2gfS6CHjondn3fpwWtIEwIKUm
bmr0b46hRhC4vO8xNaHAVGONRqz8OeQY9VkYT6R7MfHDtR5yjrFk+06/H3HCjdgh
MjfBNd0CgYEAmvAIYgsNDND/I/EGjeSP230W9TPVbNHcHtE1M6FPe+Tv7eusoTah
h0Tz4dIkO0XA00eSY+zsBqqk2pz0C5dwJtHBM9hAyrdGleOj9u2+dr8d7nGoD55z
muNcodTDA3cp6kdkpOCsTcQl6s9KFVj6u7C9fQzNDyP8m6hy+ylAcqc=
-----END RSA PRIVATE KEY-----
View Code

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode