zoukankan      html  css  js  c++  java

  • openssl命令

    openssl dgst -verify pub.pem -sha256 -signature sign.txt file.txt  通过公钥pub.pem验证签名文件sign.txt和file.txt

    openssl x509 -in new.crt -pubkey -noout > pubkey.pem 从证书new.crt提取公钥文件pubkey.pem

    openssl base64 -in test.base64 -d -out text.bin 将base64编码文件test.base64转为二进制文件tetx.bin  需要手动在test.base64后添加换行符

    openssl dgst -binary -sha256 -out hash.bin test.tar   计算test.tar包的hash值 (二进制格式)
    openssl base64 -in hash.bin -out hash.base64 计算base64编码

    对csr文件进行签名:

    openssl smime -sign -binary -signer certificat.pem -inkey key.pem -in testCSRfile_to_sign.pem -out testCSRfile_smime.signed -nodetach

    openssl smime -verify -noverify -in testCSRfile_smime.signed -pk7out -out testCSRfile_P7.signed

    openssl pkcs7 -in testCSRfile_P7.signed -out testCSRfile_P7_DER.signed -outform der

    mv testCSRfile_P7_DER.signed PKCS10_testCSRfile.data

    openssl常用命令

    http://man.linuxde.net/openssl

    ECC证书请求文件

    openssl ecparam -name prime256v1 -genkey -out server-ecc.key 生成密钥
    openssl req -new -key server-ecc.key -out server.csr 生成csr请求文件

    从p7b格式证书链提取证书

    openssl pkcs7 -inform der -in consol_p7_MP_ECC_256_18.p7b -out MP_ECC.p7b

    openssl pkcs7 -print_certs -in MP_ECC.p7b -out MP_ECC.cer

    验证证书链

     openssl verify -CAfile MP_RSA_2048_chain.cer -untrusted rsa_sec.cer submp.cer

    MP_RSA_2048_chain二级证书链,有根证书和二级证书

    rsa_sec.cer二级证书

    submp.cer叶子证书

    证书链验证证书

    openssl verify -CAfile  cert.pem test.crt

    cert.pem证书链

    test.crt叶子证书

    ECC证书签名验签

    1 从证书test.cer中获取到公钥信息,将获取到的信息存为public_key.pem

    openssl x509 -noout -pubkey -in test.cer

    2 对t数据进行sha256签名,

    testsign.txt待签名文件,

    test.private私钥,

    sha256.sign签名结果

    openssl dgst -sign test.private -sha256 -out sha256.sign testsign.txt

    3 验证签名

    openssl dgst -verify public_key.pem -sha256 -signature sha256.sign testsign.txt

    查看证书test.crt内容

    openssl x509 -in ./test.crt -text 

     查看key

    openssl rsa -in ./test.key -text

    检测私钥一致性 

    openssl rsa -in test.key -check

    https://www.cnblogs.com/wyzhou/p/9738964.html

    pem文件是用ASCLL(BASE64)编码的

    DER文件是二进制编码

    公钥经过CA签名后可以当作证书

    合成证书链,证书格式需要转化为pem格式

    openssl crl2pkcs7 -inform PEM -certfile rootca.crt -certfile second-platform-ca.crt  -certfile leaf.pem -outform PEM -out root1.p7b -nocrl

    转化p7b文件

    openssl pkcs7 -print_certs -in root1.p7b -out cert1.cer

    验证证书链

    openssl verify -CAfile cert1.cer fourth.pem

    der转化pem
    openssl x509 -inform der -in myserver.der -outform pem -out myserver.pem
    pem转化der
    openssl x509 -inform pem -in myserver.pem -outform der -out myserver.der
  • 相关阅读:
    【LeetCode】Validate Binary Search Tree
    【LeetCode】Search in Rotated Sorted Array II(转)
    【LeetCode】Search in Rotated Sorted Array
    【LeetCode】Set Matrix Zeroes
    【LeetCode】Sqrt(x) (转载)
    【LeetCode】Integer to Roman
    贪心算法
    【LeetCode】Best Time to Buy and Sell Stock III
    【LeetCode】Best Time to Buy and Sell Stock II
    CentOS 6 上安装 pip、setuptools
  • 原文地址:https://www.cnblogs.com/meadow/p/8616549.html
Copyright © 2011-2022 走看看