zoukankan      html  css  js  c++  java
  • Openssl smime命令

    一、简介

    S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息

    二、语法

    openssl smime [-encrypt] [-decrypt] [-sign] [-verify] [-pk7out] [-nointern] [-nosigs] [-noverify] [-nocerts] [ -nodetach] [-noattr] [-binary] [-in file] [-inform SMIME|PEM|DER] [-certfile file] [-signer file] [-recip file] [-passin arg] [-inkey file] [-keyform PEM |ENGINE] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-CApath directory] [-CAfile filename] [-crl_check] [-crl_check_all] [-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem…] [-des] [-des3] [-rc2-40] [-rc2-64] [-rc2-128]

    选项

    -encrypt       encrypt message
    -decrypt       decrypt encrypted message
    -sign          sign message
    -verify        verify signed message
    -pk7out        output PKCS#7 structure
    -des3          encrypt with triple DES
    -des           encrypt with DES
    -seed          encrypt with SEED
    -rc2-40        encrypt with RC2-40 (default)
    -rc2-64        encrypt with RC2-64
    -rc2-128       encrypt with RC2-128
    -aes128, -aes192, -aes256
                   encrypt PEM output with cbc aes
    -camellia128, -camellia192, -camellia256
                   encrypt PEM output with cbc camellia
    -nointern      don't search certificates in message for signer
    -nosigs        don't verify message signature
    -noverify      don't verify signers certificate
    -nocerts       don't include signers certificate when signing
    -nodetach      use opaque signing
    -noattr        don't include any signed attributes
    -binary        don't translate message to text
    -certfile file other certificates file
    -signer file   signer certificate file
    -recip  file   recipient certificate file for decryption
    -in file       input file
    -inform arg    input format SMIME (default), PEM or DER
    -inkey file    input private key (if not signer or recipient)
    -keyform arg   input private key format (PEM or ENGINE)
    -out file      output file
    -outform arg   output format SMIME (default), PEM or DER
    -content file  supply or override content for detached signature
    -to addr       to address
    -from ad       from address
    -subject s     subject
    -text          include or delete text MIME headers
    -CApath dir    trusted certificates directory
    -CAfile file   trusted certificates file
    -trusted_first use trusted certificates first when building the trust chain
    -crl_check     check revocation status of signer's certificate using CRLs
    -crl_check_all check revocation status of signer's certificate chain using CRLs
    -engine e      use engine e, possibly a hardware device.
    -passin arg    input file pass phrase source
    -rand file:file:...
                   load the file (or the files in the directory) into
                   the random number generator
    cert.pem       recipient certificate(s) for encryption

    三、实例

    1、进行数字签名

    1)包含证书和原文信息

    openssl smime -sign -inkey prikey.pem -signer certself.pem -in install.log -out install_sign.msg

    image

    2)不包含证书信息

    openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" –nocerts -in install.log -out install_sign.msg

    3)不包含原文

    openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" -nodetach -in install.log -out install_sign.msg

    2、进行签名验证

    1)包含证书和原文信息

    openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log 

    image

    2)不验证签名者证书信息

    openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log

    3)不包含原文

    openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log

    3、进行数字信封加密

    openssl smime -encrypt -in install.log -out install_evp.enc certself.pem

    image

    4、进行数字信封解密

    openssl smime -decrypt -in install_evp.enc -out install_ope.log -inkey prikey.pem

    image

    5、smime格式与pkcs#7格式的互转

    openssl smime -in text_sign.msg -pk7out -out test_pkcs.pem
    openssl pkcs7 -in test_pkcs.pem -text

    6、对一个现存的消息添加一个签名者

    openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
  • 相关阅读:
    MySQL执行计划解读(转载)
    排序算法
    Linux下在防火墙中开启80端口、3306端口
    Android APN
    PB之——DropDownListBox 与 DropDownPictureListBox
    CSS总则。
    WIN7系统中设置默认登录用户
    Javascript日期比较
    myeclipse中UTF-8设置
    webview loadUrl() 弹出系统浏览器解决办法
  • 原文地址:https://www.cnblogs.com/274914765qq/p/4673487.html
Copyright © 2011-2022 走看看