Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to achieve DSA and RSA asymmetric encryption of OpenSSL under Linux". The content of the article is simple and clear, and it is easy to learn and understand. Please follow Xiaobian's train of thought to study and learn "how to achieve DSA and RSA asymmetric encryption of OpenSSL under Linux".

In the daily system management work, need to do some encryption and decryption work, through the openssl toolkit can complete many of our requirements!

1. Openssl RSA encryption and decryption

RSA is an asymmetric encryption method based on the difficult decomposition of the product of large primes in number theory. It uses public and private keys for encryption and decryption.

The public key is used for encryption, which is open to everyone; the private key is used for decryption, and only the recipient of the ciphertext holds it.

Generate a key (private key)

The code is as follows:

[root@hunterfu ~] # openssl genrsa-out private.key 1024

Note: it should be noted that this file contains two parts: the public key and the key, that is, the file can be used for both encryption and decryption, and the next 1024 is the length of the generated key.

Extract the public key through the key file private.key

The code is as follows:

[root@hunterfu] # openssl rsa-in private.key-pubout-out pub.key

Encrypt information using the public key

The code is as follows:

[root@hunterfu ~] # echo-n "123456" | openssl rsautl-encrypt-inkey pub.key-pubin > encode.result

Decrypt information using private key

The code is as follows:

[root@hunterfu ~] # cat encode.result | openssl rsautl-decrypt-inkey private.key

123456

At this point, the process of RSA encryption and decryption has been completed!

2. Openssl DSA signature and verification

Contrary to RSA encryption and decryption process, in DSA digital signature and authentication, the sender uses his own private key to sign the file or message, and the receiver uses the sender's public key to verify the authenticity of the signature after receiving the message.

DSA is only an algorithm, which is different from RSA in that it can not be used for encryption and decryption, nor can it exchange keys, but only for signature. It is much faster than RSA.

Generate a key (private key)

The code is as follows:

[root@hunterfu ~] # openssl dsaparam-out dsaparam.pem 1024

[root@hunterfu ~] # openssl gendsa-out privkey.pem dsaparam.pem

Generate public key

The code is as follows:

[root@hunterfu] # openssl dsa-in privkey.pem-out pubkey.pem-pubout

[root@hunterfu ~] # rm-fr dsaparam.pem

Sign with a private key

The code is as follows:

[root@hunterfu ~] # echo-n "123456" | openssl dgst-dss1-sign privkey.pem > sign.result

Use public key authentication

The code is as follows:

[root@hunterfu ~] # echo-n "123456" | openssl dgst-dss1-verify pubkey.pem-signature sign.result

Verified OK

At this point, a DSA signature and verification process is complete!

3. Summary and points for attention

Note: since the information becomes unreadable after being encrypted or signed, base64 can be used for encoding in order to facilitate terminal viewing and transmission (url submits data, which requires urlencode operation).

Openssl enc-base64-A: encode the encrypted information using base64

Openssl enc-d-base64-A: unencode information using base64

This private key in java needs to be converted to the following format before it can be used:

The code is as follows:

[root@hunterfu] # openssl pkcs8-topk8-nocrypt-in private.key-outform PEM-out java_private.key

Thank you for your reading, the above is the content of "how to achieve DSA and RSA asymmetric encryption of OpenSSL under Linux". After the study of this article, I believe you have a deeper understanding of how to achieve DSA and RSA asymmetric encryption of OpenSSL under Linux, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.