OpensslCommand-LineHowto.pdf_opensslverify-CAfile资源-CSDN文库

需积分: 9 131 浏览量 2011-05-20 11:30:14 上传评论收藏 163KB PDF 举报

### OpenSSL命令行手册知识点概述 #### 一、简介与版本查询 - **版本查询**: 使用`openssl version`命令可以查询当前系统安装的OpenSSL版本。 #### 二、命令列表及帮助文档 - **命令列表**: 使用`openssl help`或者`openssl -help`可以获得所有可用命令的列表。 - **具体命令帮助**: 例如，使用`openssl req -help`来获取证书请求(`req`)命令的帮助文档。 #### 三、密码算法列表 - **获取支持的密码算法**: 可以通过`openssl ciphers -v`来查看系统支持的所有密码算法。 #### 四、性能基准测试 - **本地系统性能测试**: - 使用`openssl speed`命令进行CPU加密解密速度测试。 - `openssl speed rsa1024`测试特定长度的RSA算法的性能。 - **远程连接性能测试**: - 可以通过建立SSL/TLS连接并发送数据来测试远程服务器的性能，例如：`openssl s_client -connect server.example.com:443 -cipher AES256`。 #### 五、证书管理 - **自签名证书生成**: - 使用`openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes`来生成一个有效期为一年的自签名证书。 - **证书请求生成**: - 为了提交给CA(如VeriSign)认证，使用`openssl req -new -key key.pem -out csr.pem`生成证书签名请求(CSR)。 - **新证书测试**: - 可以通过`openssl x509 -in cert.pem -text -noout`来验证生成的证书信息。 - **远程证书获取**: - 使用`openssl s_client -connect server.example.com:443 < /dev/null | openssl x509 -outform pem > cert.pem`来获取并保存远程服务器的证书。 - **证书信息提取**: - 通过`openssl x509 -in cert.pem -text -noout`来查看证书详细信息。 - **PKCS#12证书处理**: - 导出证书到PKCS#12格式：`openssl pkcs12 -export -out certificate.p12 -inkey key.pem -in cert.pem` - 导入PKCS#12证书：`openssl pkcs12 -in certificate.p12 -out key-cert.pem -nodes` #### 六、证书验证 - **证书验证**: - 使用`openssl verify -CAfile cacert.pem cert.pem`来验证证书的有效性。 - **信任的CA列表**: - 默认情况下，OpenSSL使用其内置的信任根证书列表。可以通过`openssl x509 -in cacert.pem -text -noout`查看。 - **添加自定义CA证书**: - 通过`openssl x509 -inform PEM -in customcacert.pem -outform DER -out customcacert.der`转换格式，并将转换后的DER格式文件添加到OpenSSL的证书存储中。 #### 七、客户端与服务器配置 - **安全SMTP服务器连接**: - 使用`openssl s_client -starttls smtp -connect mail.example.com:25`来测试连接。 - **其他安全服务连接**: - 类似地，可以使用`openssl s_client -connect server.example.com:port`连接到任何支持SSL/TLS的服务。 - **设置SSL服务器**: - 通过`openssl s_server -accept 443 -cert cert.pem -key key.pem`启动一个简单的SSL服务器。 #### 八、摘要算法 - **MD5或SHA1摘要创建**: - 创建文件的MD5摘要：`openssl dgst -md5 file.txt` - 创建文件的SHA1摘要：`openssl dgst -sha1 file.txt` - **摘要签名与验证**: - 签名：`openssl dgst -sign private_key.pem -out signature.bin file.txt` - 验证：`openssl dgst -verify public_key.pem -signature signature.bin file.txt` #### 九、加密与解密 - **Base64编码**: - 对文本进行Base64编码：`echo -n "plaintext" | openssl base64` - **简单文件加密**: - 使用对称加密算法加密文件：`openssl enc -aes-256-cbc -in file.txt -out file.enc` #### 十、密钥生成 - **RSA密钥生成**: - 生成2048位的RSA私钥：`openssl genrsa -out key.pem 2048` - 从私钥导出公钥：`openssl rsa -in key.pem -pubout -out pub.pem` - **DSA密钥生成**: - 生成1024位的DSA私钥：`openssl dsaparam -out dsa.params 1024 && openssl gendsa -out dsa.key dsa.params` - **移除密钥口令**: - 移除密钥口令：`openssl rsa -in key.pem -out key_nopass.pem -passin pass:yourpass` #### 十一、密码哈希 - **生成密码哈希**: - 生成crypt风格的密码哈希：`openssl passwd -crypt password` - 生成shadow风格的密码哈希：`openssl passwd -1 -salt 'salt' password` #### 十二、随机数据生成 - **生成随机数据**: - 生成一定数量的随机比特：`openssl rand -hex 16` #### 十三、S/MIME操作 - **验证S/MIME签名消息**: - 使用`openssl smime -verify -in signed_message.eml -noverify`来验证一个已签名的S/MIME邮件。 - **加密S/MIME消息**: - 加密邮件：`openssl smime -encrypt -in message.txt -out encrypted.eml -binary -des3 recipient_cert.pem` - **签名S/MIME消息**: - 签名邮件：`openssl smime -sign -in message.txt -out signed_message.eml -signer signer_cert.pem -inkey signer_key.pem` #### 十四、进一步阅读与参考资料 - 本指南仅为OpenSSL命令行工具的基本用法概览，更多详细信息请参阅官方文档以及相关书籍和技术文章。 - 如果您在使用过程中遇到问题，欢迎反馈意见至`heinlein@madboa.com`，以便持续改进文档内容。

资源推荐

资源详情

资源评论

OpenSSL Command-Line HOWTO
madboa.com 
Home
Geek stuff
Praise songs
Paul's page
Book notes
This site
OpenSSL Command-Line HOWTO
Paul Heinlein <heinlein@madboa.com>
Initial publication: June 13, 2004 
Most recent revision: August 6, 2005 
The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This 
HOWTO provides some cookbook-style recipes for using it.
Table of Contents
Introduction 
How do I find out what OpenSSL version I'm running? 
How do I get a list of the available commands? 
How do I get a list of available ciphers? 
Benchmarking 
How do I benchmark my system's performance? 
How do I benchmark remote connections? 
Certificates 
How do I generate a self-signed certificate? 
How do I generate a certificate request for VeriSign? 
How do I test a new certificate? 
How do I retrieve a remote certificate? 
How do I extract information from a certificate? 
How do I export or import a PKCS#12 certificate? 
Certificate Verification 
How do I verify a certificate? 
What certificate authorities does OpenSSL recognize? 
How do I get OpenSSL to recognize/verify a certificate? 
Command-line clients and servers 
How do I connect to a secure SMTP server? 
How do I connect to a secure [whatever] server? 
How do I set up an SSL server from the command line? 
Digests 
How do I create an MD5 or SHA1 digest of a file? 
How do I sign a digest? 
How do I verify a signed digest? 
What other kinds of digests are available? 
Encryption/Decryption 
How do I base64-encode something? 
How do I simply encrypt a file? 
Keys 
http://www.madboa.com/geek/openssl/ (1 of 20)31/8/2005 14:43:10

OpenSSL Command-Line HOWTO

asn1parse ca ciphers crl crl2pkcs7

dgst dh dhparam dsa dsaparam

enc engine errstr gendh gendsa

genrsa nseq ocsp passwd pkcs12

pkcs7 pkcs8 rand req rsa

rsautl s_client s_server s_time sess_id

smime speed spkac verify version

x509

Message Digest commands (see the `dgst' command for more details)

md2 md4 md5 rmd160 sha

sha1

Cipher commands (see the `enc' command for more details)

aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc

aes-256-ecb base64 bf bf-cbc bf-cfb

bf-ecb bf-ofb cast cast-cbc cast5-cbc

cast5-cfb cast5-ecb cast5-ofb des des-cbc

des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb

des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb

des-ofb des3 desx rc2 rc2-40-cbc

rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb

rc4 rc4-40

What the shell calls “Standard commands” are the main top-level options.

You can use the same trick with any of the subcommands.

$ openssl dgst -h

unknown option '-h'

options are

-c to output the digest with separating colons

-d to output debug info

-hex output as hex dump

-binary output in binary form

-sign file sign digest using private key in file

-verify file verify a signature using public key in file

-prverify file verify a signature using private key in file

-keyform arg key file format (PEM or ENGINE)

-signature file signature to verify

-binary output in binary form

-engine e use engine e, possibly a hardware device.

-md5 to use the md5 message digest algorithm (default)

-md4 to use the md4 message digest algorithm

-md2 to use the md2 message digest algorithm

-sha1 to use the sha1 message digest algorithm

-sha to use the sha message digest algorithm

-mdc2 to use the mdc2 message digest algorithm

-ripemd160 to use the ripemd160 message digest algorithm

In more boring fashion, you can consult the OpenSSL man pages.

How do I get a list of available ciphers?

Use the ciphers option. The ciphers(1) man page is quite helpful.

http://www.madboa.com/geek/openssl/ (3 of 20)31/8/2005 14:43:10

剩余19页未读，继续阅读

评论收藏

内容反馈

yangfanjihua

粉丝: 0
资源: 2

Openssl Command-Line Howto.pdf

最新资源

Openssl Command-Line Howto.pdf

openssl源代码openssl-3.0.1.tar.gz openssl-1.1.1m.tar.gz

Server Management Command Line Protocol(SMTP) v1.0.pdf

openssl-1.0.0.tar.gz~~openssl-3.3.1.tar.gz.zip

The Linux Command Line 原版pdf by Shotts

The Command Line Crash Course.pdf

openssl-libs-1.0.2k-19.el7.x86_64

openssl-fips-2.0.15.tar.gz

openssl-devel-1.0.2k-12.el7.x86_64.rpm 下载

openssl-devel-1.1.1o-1.el7.x86_64.rpm openssl-devel

Amazon EC2 Command Line Reference.pdf

openssl-devel-1.0.1e-57.el6.x86_64-packages.zip

The Linux Command Line.pdf

openssl之enc命令教程

openssl-fips-2.0.10.tar.gz，安装nginx所需要的环境包

openssl-1.0.1e-57.0.6.el6.x86_64.rpm

openssl-1.0.2k-24.el7-9.x86-64.rpm包

The Linux Command Line(中文版).pdf.zip

里面包含有zlib-devel-1.2.7-17、openssl-devel-1.0.2k-16.el7.x86_64.rpm、

openssl-1.1.1a.tar.gz

GStreamer_Command-Line_Player_Application_Specification.pdf

openssl-1.1.1o-1.el7.x86_64.rpm openssl rpm包 openssl

openssl-1.1.1k-1.el7.x86_64.rpm

Executing Windows Command Line Investigations 无水印pdf

Data Science at the Command Line Janssens 2014 pdf

The_Linux_Command_Line linux命令行大全.pdf

The Linux Command Line 中文版 pdf

The Linux Command Line Linux命令行大全 中英文对照 pdf

Beginning the Linux Command Line(2nd).pdf 2016第2版

Windows 7 and Vista Guide to Scripting, Automation and Command Line Tools pdf 0分

最新资源

The Linux Command Line Linux命令行大全中英文对照 pdf