Openssl smime命令
一、简介
S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息
二、语法
openssl smime [-encrypt] [-decrypt] [-sign] [-verify] [-pk7out] [-nointern] [-nosigs] [-noverify] [-nocerts] [ -nodetach] [-noattr] [-binary] [-in file] [-inform SMIME|PEM|DER] [-certfile file] [-signer file] [-recip file] [-passin arg] [-inkey file] [-keyform PEM |ENGINE] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-CApath directory] [-CAfile filename] [-crl_check] [-crl_check_all] [-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem…] [-des] [-des3] [-rc2-] [-rc2-] [-rc2-]
选项
-encrypt encrypt message
-decrypt decrypt encrypted message
-sign sign message
-verify verify signed message
-pk7out output PKCS# structure
-des3 encrypt with triple DES
-des encrypt with DES
-seed encrypt with SEED
-rc2- encrypt with RC2- (default)
-rc2- encrypt with RC2-
-rc2- encrypt with RC2-
-aes128, -aes192, -aes256
encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-nointern don't search certificates in message for signer
-nosigs don't verify message signature
-noverify don't verify signers certificate
-nocerts don't include signers certificate when signing
-nodetach use opaque signing
-noattr don't include any signed attributes
-binary don't translate message to text
-certfile file other certificates file
-signer file signer certificate file
-recip file recipient certificate file for decryption
-in file input file
-inform arg input format SMIME (default), PEM or DER
-inkey file input private key (if not signer or recipient)
-keyform arg input private key format (PEM or ENGINE)
-out file output file
-outform arg output format SMIME (default), PEM or DER
-content file supply or override content for detached signature
-to addr to address
-from ad from address
-subject s subject
-text include or delete text MIME headers
-CApath dir trusted certificates directory
-CAfile file trusted certificates file
-trusted_first use trusted certificates first when building the trust chain
-crl_check check revocation status of signer's certificate using CRLs
-crl_check_all check revocation status of signer's certificate chain using CRLs
-engine e use engine e, possibly a hardware device.
-passin arg input file pass phrase source
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
cert.pem recipient certificate(s) for encryption
三、实例
1、进行数字签名
1)包含证书和原文信息
openssl smime -sign -inkey prikey.pem -signer certself.pem -in install.log -out install_sign.msg
2)不包含证书信息
openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" –nocerts -in install.log -out install_sign.msg
3)不包含原文
openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" -nodetach -in install.log -out install_sign.msg
2、进行签名验证
1)包含证书和原文信息
openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log
2)不验证签名者证书信息
openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
3)不包含原文
openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
3、进行数字信封加密
openssl smime -encrypt -in install.log -out install_evp.enc certself.pem
4、进行数字信封解密
openssl smime -decrypt -in install_evp.enc -out install_ope.log -inkey prikey.pem
5、smime格式与pkcs#7格式的互转
openssl smime -in text_sign.msg -pk7out -out test_pkcs.pem
openssl pkcs7 -in test_pkcs.pem -text
6、对一个现存的消息添加一个签名者
openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
Openssl smime命令的更多相关文章
- openssl常用命令行汇总
openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...
- (转)openssl 命令: openssl req 命令详解
openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...
- Openssl asn1parse命令
一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...
- Openssl pkcs7命令
一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件. 二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...
- Openssl crl2pkcs7命令
一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息. 二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...
- Openssl verify命令
一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...
- Openssl rsa命令
一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...
- Openssl pkeyutl命令
一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...
- Openssl gendsa命令
一.简介 gendsa命令能够根据DSA密钥参数生成DSA密钥 二.语法 openssl gendsa [-out filename] [-passout out] [-rand file(s)] [ ...
随机推荐
- python学习(二十四) 字符串格式化
1: Test 1 a = 'city' b = 'country' print(" aaa %s bbb %s " % (a, b)) result: aaa city bbb ...
- php网站环境无法上传的解决办法?
一. 检查网站目录的权限.二. php.ini配置文件php.ini中影响上传的有以下几处:file_uploads 是否开启 on 必须开启是否允许HTTP文件上传post_max_size = 8 ...
- oracle startup mount nomount 区别
看oracle入门书,其中一句话说,使用startup nomount 命令启动例程,不可以和mount open 和exclusive一起使用,这个命令适用于建立数据库或是维护数据库时使用. 于是查 ...
- MySql For Windows解压缩版配置
#配置步骤 1.首先下载解压. (此处我解压到了我电脑的“E:\software\MySql”这个位置,下文以这个目录举例); 2.我的电脑右键属性,找到环境变量配置,配置环境变量,将mysql.ex ...
- VMware Workstation 12 Pro(安装CentOS7)
之前安装了一版 Ubuntu 14.04版本,发现蛮不好用的,果断放弃,换上CentOS7版本(在远程服务器上的安装方式除了网络设置有差异,基本相同) VMware Workstation 12 Pr ...
- 关注下Swoole
面向生产环境的 PHP 异步网络通信引擎 使 PHP 开发人员可以编写高性能的异步并发 TCP.UDP.Unix Socket.HTTP,WebSocket 服务.Swoole 可以广泛应用于互联网. ...
- Python实践练习:生成随机的测验试卷文件
题目 假如你是一位地理老师,班上有 35 名学生,你希望进行美国各州首府的一个小测验.不妙的是,班里有几个坏蛋,你无法确信学生不会作弊.你希望随机调整问题的次序,这样每份试卷都是独一无二的,这让任何人 ...
- mongodb(二)
数据准备: var persons = [{ name:"jim", age:25, email:"75431457@qq.com", c:89,m:96,e: ...
- leetcode840
本题不清楚题意,从网上找到了python的解答,记录如下. class Solution: def numMagicSquaresInside(self, grid): ans, lrc = 0, [ ...
- 变体类型 Variant VARIANT
变体类型 Variant VARIANT class RTL_DELPHIRETURN Variant: public TVarData typedef struct tagVARIANT V ...