zoukankan      html  css  js  c++  java
  • Openssl smime命令

    一、简介

    S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息

    二、语法

    openssl smime [-encrypt] [-decrypt] [-sign] [-verify] [-pk7out] [-nointern] [-nosigs] [-noverify] [-nocerts] [ -nodetach] [-noattr] [-binary] [-in file] [-inform SMIME|PEM|DER] [-certfile file] [-signer file] [-recip file] [-passin arg] [-inkey file] [-keyform PEM |ENGINE] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-CApath directory] [-CAfile filename] [-crl_check] [-crl_check_all] [-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem…] [-des] [-des3] [-rc2-40] [-rc2-64] [-rc2-128]

    选项

    -encrypt       encrypt message
    -decrypt       decrypt encrypted message
    -sign          sign message
    -verify        verify signed message
    -pk7out        output PKCS#7 structure
    -des3          encrypt with triple DES
    -des           encrypt with DES
    -seed          encrypt with SEED
    -rc2-40        encrypt with RC2-40 (default)
    -rc2-64        encrypt with RC2-64
    -rc2-128       encrypt with RC2-128
    -aes128, -aes192, -aes256
                   encrypt PEM output with cbc aes
    -camellia128, -camellia192, -camellia256
                   encrypt PEM output with cbc camellia
    -nointern      don't search certificates in message for signer
    -nosigs        don't verify message signature
    -noverify      don't verify signers certificate
    -nocerts       don't include signers certificate when signing
    -nodetach      use opaque signing
    -noattr        don't include any signed attributes
    -binary        don't translate message to text
    -certfile file other certificates file
    -signer file   signer certificate file
    -recip  file   recipient certificate file for decryption
    -in file       input file
    -inform arg    input format SMIME (default), PEM or DER
    -inkey file    input private key (if not signer or recipient)
    -keyform arg   input private key format (PEM or ENGINE)
    -out file      output file
    -outform arg   output format SMIME (default), PEM or DER
    -content file  supply or override content for detached signature
    -to addr       to address
    -from ad       from address
    -subject s     subject
    -text          include or delete text MIME headers
    -CApath dir    trusted certificates directory
    -CAfile file   trusted certificates file
    -trusted_first use trusted certificates first when building the trust chain
    -crl_check     check revocation status of signer's certificate using CRLs
    -crl_check_all check revocation status of signer's certificate chain using CRLs
    -engine e      use engine e, possibly a hardware device.
    -passin arg    input file pass phrase source
    -rand file:file:...
                   load the file (or the files in the directory) into
                   the random number generator
    cert.pem       recipient certificate(s) for encryption

    三、实例

    1、进行数字签名

    1)包含证书和原文信息

    openssl smime -sign -inkey prikey.pem -signer certself.pem -in install.log -out install_sign.msg

    image

    2)不包含证书信息

    openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" –nocerts -in install.log -out install_sign.msg

    3)不包含原文

    openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" -nodetach -in install.log -out install_sign.msg

    2、进行签名验证

    1)包含证书和原文信息

    openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log 

    image

    2)不验证签名者证书信息

    openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log

    3)不包含原文

    openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log

    3、进行数字信封加密

    openssl smime -encrypt -in install.log -out install_evp.enc certself.pem

    image

    4、进行数字信封解密

    openssl smime -decrypt -in install_evp.enc -out install_ope.log -inkey prikey.pem

    image

    5、smime格式与pkcs#7格式的互转

    openssl smime -in text_sign.msg -pk7out -out test_pkcs.pem
    openssl pkcs7 -in test_pkcs.pem -text

    6、对一个现存的消息添加一个签名者

    openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
  • 相关阅读:
    java io系列23之 BufferedReader(字符缓冲输入流)
    java io系列22之 FileReader和FileWriter
    java io系列21之 InputStreamReader和OutputStreamWriter
    java io系列20之 PipedReader和PipedWriter
    java io系列19之 CharArrayWriter(字符数组输出流)
    java io系列18之 CharArrayReader(字符数组输入流)
    java io系列17之 System.out.println("hello world")原理
    java io系列16之 PrintStream(打印输出流)详解
    java io系列15之 DataOutputStream(数据输出流)的认知、源码和示例
    java io系列14之 DataInputStream(数据输入流)的认知、源码和示例
  • 原文地址:https://www.cnblogs.com/274914765qq/p/4673487.html
Copyright © 2011-2022 走看看