OpenSSL 有关密钥的那些事儿(HOWTO keys)

<DRAFT!>
			OpenSSL 有关密钥的那些事儿(HOWTO keys)

1. 介绍(Introduction)

Keys are the basis of public key algorithms and PKI.  Keys usually
come in pairs, with one half being the public key and the other half
being the private key.  With OpenSSL, the private key contains the
public key information as well, so a public key doesn‘t need to be
generated separately.

Public keys come in several flavors, using different cryptographic
algorithms.  The most popular ones associated with certificates are
RSA and DSA, and this HOWTO will show how to generate each of them.

2. 生成 RSA 密钥(To generate a RSA key)

A RSA key can be used both for encryption and for signing.

Generating a key for the RSA algorithm is quite easy, all you have to
do is the following:

  openssl genrsa -des3 -out privkey.pem 2048

With this variant, you will be prompted for a protecting password.  If
you don‘t want your key to be protected by a password, remove the flag
‘-des3‘ from the command line above.

    NOTE: if you intend to use the key together with a server
    certificate, it may be a good thing to avoid protecting it
    with a password, since that would mean someone would have to
    type in the password every time the server needs to access
    the key.

The number 2048 is the size of the key, in bits.  Today, 2048 or
higher is recommended for RSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon.

3. 生成 DSA 密钥(To generate a DSA key)

A DSA key can be used for signing only.  This is important to keep
in mind to know what kind of purposes a certificate request with a
DSA key can really be used for.

Generating a key for the DSA algorithm is a two-step process.  First,
you have to generate parameters from which to generate the key:

  openssl dsaparam -out dsaparam.pem 2048

The number 2048 is the size of the key, in bits.  Today, 2048 or
higher is recommended for DSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon.

When that is done, you can generate a key using the parameters in
question (actually, several keys can be generated from the same
parameters):

  openssl gendsa -des3 -out privkey.pem dsaparam.pem

With this variant, you will be prompted for a protecting password.  If
you don‘t want your key to be protected by a password, remove the flag
‘-des3‘ from the command line above.

    NOTE: if you intend to use the key together with a server
    certificate, it may be a good thing to avoid protecting it
    with a password, since that would mean someone would have to
    type in the password every time the server needs to access
    the key.

--
Richard Levitte
时间: 2024-12-26 18:14:14

OpenSSL 有关密钥的那些事儿(HOWTO keys)的相关文章

php openssl 增加密钥

  生成私钥:openssl genrsa 1024 > private.key (注意,1024是密钥的长度,如果密钥较长,相应加密后的密文也会较长) 生成公钥:openssl rsa -in private.key -pubout > public.key 使用php的openssl 的函数加密和解密即可 php openssl 增加密钥

使用openssl生成密钥、加密和签名

openssl genrsa -out rsakey.pem 1024  //生成1024bit的RSA密钥,并保存到rsakey.pem,此处未对密钥进行加密 openssl genrsa -aes128 -out rsakey.pem -passout pass:123456 1024 //生成1024bit的RSA密钥,此处对密钥使用AES128进行加密,密钥口令为123456 openssl rsa -in rsakey.pem -out rsa_pubkey.pem -pubout /

OpenSSL(1)密钥和证书管理

OpenSSL是一个开源项目,包括密码库和SSL/TLS工具集. 从项目的官方站点可以看到: OpenSSL项目是安全套接字层( secure sockets layer, SSL)和传输层安全( transport layer security, TLS)协议的一个实现,是大家共同努力开发出的代码可靠.功能齐全.商业级别的开源工具集.项目由遍布世界的志愿者所组成的社区进行管理,他们通过互联网进行沟通.计划和开发OpenSSL工具集以及相关的文档. OpenSSL在这一领域已经成为事实上的标准,

openssl生成密钥

1.生成RSA私钥(无加密):openssl.exe genrsa -out rsa_private.key 2048 2.openssl rsa -in rsa_private.key -pubout -out rsa_public.key 原文地址:https://www.cnblogs.com/osbreak/p/9486188.html

CVE-2014-0160 Heartbleed Vul Analysis &amp;&amp; OpenSSL Cryptographic Software Library Bug

目录 1. Heartbleed漏洞简介 2. 漏洞造成的风险和影响 3. 漏洞的测试.POC 4. OpenSSL漏洞源代码分析 5. 防御.修复方案 6. 从漏洞中得到的攻防思考 1. Heartbleed漏洞简介 从本质上说,这个漏洞的起因是一个操作系统基础软件库OPENSSL在实现TLS/DTLS heartbeat extension (RFC6520) 时存在代码bug,导致越权信息泄漏 The Heartbleed Bug is a serious vulnerability in

使用OpenSSL生成私钥 Private Key 以及根据Private Key创建证书

公钥和私钥通常是成对出现的,有了公钥那就存在对应的私钥,通常OpenSSL,公钥是很容易从私钥中得到的,因而我们要创建证书,那我们首先要做的就是创建私钥. 1.使用OpenSSL生成私钥常用的生成算法有RSA及DSA,RSA生成的私钥可以用来加密以及签名,而DSA生成的私钥只可以用来签名 1.1).RSA算法生成key的示例 openssl genrsa -des3 -out privkey.pem 2048 genrsa:指定了生成了算法使用RSA-desc:表示生成的key是有密码保护的(注

openssl生成证书链多级证书

环境centos6.5 初始化 /etc/pki/tls/openssl.cnf rm -rf /etc/pki/CA/*.old touch /etc/pki/CA/index.txt echo 01 > /etc/pki/CA/serial echo 02 > /etc/pki/CA/serial rm -rf keys mkdir keys 生成根CA并自签(Common Name填RootCA) openssl genrsa -des3 -out keys/RootCA.key 204

Widows下利用OpenSSL生成证书

1.下载OpenSSL的windows版本 32位:openssl-1.0.2a-i386-win32.zip 64位:openssl-1.0.2a-x64_86-win64.zip 下载之后解压即可使用,不过软件缺少配置文件 2.建立配置文件 在解压后的目录, 即openssl.exe所在目录新建配置文件,名为openssl-1.0.2a.cnf,内容如下 # For use with easy-rsa version 2.0 and OpenSSL 1.0.0* # This definit

非对称加密,数字签名,公钥私钥,Openssl,https,TLS/SSL等概念说明

本文将通过个人口吻介绍有关公钥私钥,Openssl,https,TLS/SSL等的一些概念及简单配置,在目前时间点(2017年5月7号)下,个人水平有限,存在不少知识理解不够深入,望见谅,后续有新的收获之后将会补充完善该博文. 关于http以及web等基础概念,欢迎看我的另一篇博文:"http,https,www,web等的区别含义" 博文链接地址:http://watchmen.blog.51cto.com/6091957/1922919 本文参考文献引用链接: 1.https://