OpenSSL 有关密钥的那些事儿(HOWTO keys)
<DRAFT!>
OpenSSL 有关密钥的那些事儿(HOWTO keys) 1. 介绍(Introduction) Keys are the basis of public key algorithms and PKI. Keys usually
come in pairs, with one half being the public key and the other half
being the private key. With OpenSSL, the private key contains the
public key information as well, so a public key doesn't need to be
generated separately. Public keys come in several flavors, using different cryptographic
algorithms. The most popular ones associated with certificates are
RSA and DSA, and this HOWTO will show how to generate each of them. 2. 生成 RSA 密钥(To generate a RSA key) A RSA key can be used both for encryption and for signing. Generating a key for the RSA algorithm is quite easy, all you have to
do is the following: openssl genrsa -des3 -out privkey.pem 2048 With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above. NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key. The number 2048 is the size of the key, in bits. Today, 2048 or
higher is recommended for RSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon. 3. 生成 DSA 密钥(To generate a DSA key) A DSA key can be used for signing only. This is important to keep
in mind to know what kind of purposes a certificate request with a
DSA key can really be used for. Generating a key for the DSA algorithm is a two-step process. First,
you have to generate parameters from which to generate the key: openssl dsaparam -out dsaparam.pem 2048 The number 2048 is the size of the key, in bits. Today, 2048 or
higher is recommended for DSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon. When that is done, you can generate a key using the parameters in
question (actually, several keys can be generated from the same
parameters): openssl gendsa -des3 -out privkey.pem dsaparam.pem With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above. NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key. --
Richard Levitte
OpenSSL 有关密钥的那些事儿(HOWTO keys)的更多相关文章
- php openssl 增加密钥
生成私钥:openssl genrsa 1024 > private.key (注意,1024是密钥的长度,如果密钥较长,相应加密后的密文也会较长) 生成公钥:openssl rsa -in ...
- 使用openssl生成密钥、加密和签名
openssl genrsa -out rsakey.pem 1024 //生成1024bit的RSA密钥,并保存到rsakey.pem,此处未对密钥进行加密 openssl genrsa -aes ...
- OpenSSL(1)密钥和证书管理
OpenSSL是一个开源项目,包括密码库和SSL/TLS工具集. 从项目的官方站点可以看到: OpenSSL项目是安全套接字层( secure sockets layer, SSL)和传输层安全( t ...
- openssl RSA密钥格式PKCS1和PKCS8相互转换
RSA私钥格式PKCS1和PKCS8相互转换 RSA公钥格式PKCS1和PKCS8相互转换 以下转换基于openssl命令的操作: 1. openssl 生成pkcs1格式的私钥,密钥长度1024位, ...
- openssl pem密钥文件rsa加密解密例子
准备工作 命令行加密解密,用与比对代码中的算法和命令行的算法是否一致 C:\openssl_test>openssl rsautl -encrypt -in data.txt -inkey pu ...
- 简单使用OpenSSL生成密钥
一.生成自签名证书 1.1.创建root CA私钥 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 ...
- openssl生成密钥/证书
一.公钥/私钥/签名/验证签名/加密/解密/非对称加密 对称加密:用同一个密码 加密/解密 文件. 非对称加密:加密用的一个密码,解密用另外一组密码. 加密解密:公钥加密数据,然后私钥解密. 公钥 ...
- 基于OpenSSL的RSA加密应用(非算法)
基于OpenSSL的RSA加密应用(非算法) iOS开发中的小伙伴应该是经常用der和p12进行加密解密,而且在通常加密不止一种加密算法,还可以加点儿盐吧~本文章主要阐述的是在iOS中基于openSL ...
- 创建私有CA,我就用openSSL
目录 简介 搭建root CA 生成root CA 使用CRL 使用OSCP 总结 简介 一般情况下我们使用的证书都是由第三方权威机构来颁发的,如果我们有一个新的https网站,我们需要申请一个世界范 ...
随机推荐
- mysql case when使用记录
两种实现方式 第一种,CASE后面跟字段,当等于WHEN后面的值时,输出指定的数据 SELECT CASE gc.cat_id THEN '台球' THEN '羽毛球' ELSE '其它' END A ...
- mysql5.6免安装配置(菜鸟版)
mysql5.6免安装配置 MySQL5.6.13安装步骤(Windows7 32位) 1. 下载MySQL Community Server 5.6.13 2. 解压MySQL压缩包 将以下载的My ...
- [bzoj2190][SDOI2008]仪仗队 ——欧拉函数
题解 以c点为(0, 0)建立坐标系,可以发现, 当(x,y)!=1,即x,y不互素时,(x,y)点一定会被点(x/n, y/n)遮挡. 所以点(x, y)被看到的充分必要条件是Gcd(x, y) = ...
- ClientScript.RegisterClientScriptBlock 不执行
ClientScript.RegisterClientScriptBlock 不执行 页面中 form标签必须加入 runat=server
- 火柴排队(NOIP2013)(附树状数组专题讲解(其实只是粗略。。。))
原题传送门 首先,这道题目是一道神奇的题. 看到这道题,第一眼就觉得2个数组排个序,然后一一对应的时候一定差值最小. 由于我们可以将这2个数列同时进行调换. 所以我们先把2个数列排个序. 第二个序列中 ...
- STM in Haskell
Software Transactional Memory,软件事务内存管理(应该是这么翻译的吧T_T) 类似于数据库的事务,所有的操作都有log,最后验证其他线程是否对数据进行修改,要是有那么就回滚 ...
- Appium+python自动化10-AVD 模拟器【转载】
前言 有些小伙伴没android手机,这时候可以在电脑上开个模拟器玩玩 一.模拟器配置 1.双击启动AVD Manager,进入配置界面
- 【原创】Talend ETL开发——基于joblet的统一的email发送
更新 2019/1/16:增加了允许5个附件发送.smtp等配置的字段. 一.背景 在ETL数据整合过程中,肯定会涉及到email的通知,比如ETL的执行情况汇报,执行耗时汇报,关键数据更新情况等信息 ...
- PostgreSQL备份和恢复数据表
备份数据表: pg_dump -U user_name db_name -t table_name -f /tmp/backup_file.suffix 恢复数据表: 方法1: 登录数据库:\i /t ...
- (12)C#枚举,结构
枚举 枚举类型是类似自定义的一个类,类里放着你自己定义的常量,关键字enum. enum Season{spring,summer,fall,winter} 想用这里的常量的话,首先把变量定义成 Se ...