Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use OpenSSL command in Linux", the explanation content in the article is simple and clear, easy to learn and understand, please follow the idea of Xiaobian slowly in-depth, together to study and learn "how to use OpenSSL command in Linux"!

OpenSSL is a powerful Secure Sockets Layer cryptographic library that Apache uses to encrypt HTTPS and OpenSSH uses to encrypt SSH, but you shouldn't just use it as a library, it's also a multipurpose, cross-platform cryptographic tool.

OpenSSL operating mode

interactive mode

batch mode

Enter openssl directly to enter interactive mode, enter openssl with command options to enter batch mode.

[root@centos7 ~]# opensslOpenSSL> versionOpenSSL 1.0.2k-fips 26 Jan 2017

The OpenSSL package can be roughly divided into three main functional parts: cryptographic algorithm library, SSL protocol library, and application.

The openssl command is primarily used

Create and manage private keys, public keys and parameters

public-key cryptographic operation

Create X.509 certificates, CSR and CRL

Calculation of message digest

Encryption and decryption using passwords

SSL/TLS Client and Server Testing

Handling S/MIME signed or encrypted messages

Timestamp requests, generation and validation

syntax openssl command [command_opts][command_args] openssl [list-standard-commands| list-message-digest-commands| list-cipher-commands| list-cipher-algorithms| list-message-digest-algorithms| list-public-key-algorithms] openssl no-XXX [arbitrary options] Options Description Application Examples Version info [root@centos7~]#openssl versionOpenSSL 1. 0. 2k-fips 26 Jan 2017 [root@centos7~]#openssl version-aOpenSSL 1. 0. 2k-fips 26 Jan 2017 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)compiler: gcc-I. -I.. -I../ include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASMOPENSSLDIR: "/etc/pki/tls"engines: rdrand dynamic

#Version number and version release date (OpenSSL 1.0.2k, January 26, 2017)#Options built with libraries (options)#Directory where certificates and private keys are stored (OPENSSLDIR)

Password generation function [root@centos7~]#openssl rand-base64 15 DYmkj + RY 9 QUcb 4 m5 aoNV [root@centos7~]#openssl rand-base64 10 RpyTN 5 W7 BLznjA ==[root@centos7~]#openssl rand-base64 5AeQaaBE = Message Digest Algorithm Application

#Calculate the hash value of openssl1.txt with SHA1 algorithm

[root@centos7 ~]# openssl dgst -sha1 openssl1.txtopenssl1.txt: No such file or directory[root@centos7 ~]# touch openssl1.txt[root@centos7 ~]# openssl dgst -sha1 openssl1.txtSHA1(openssl1.txt)= da39a3ee5e6b4b0d3255bfef95601890afd80709

#Use SHA1 algorithm to calculate the hash value of file openssl1.txt, output to file sha1.txt

[root@centos7~]#openssl sha1-out sha1.txt openssl1.txt [root@centos7~]#cat sha1.txtSHA1 (openssl1.txt)= da 39 a3 ee 5e 6 b4 b 0 d3255 bfef 95601890 afd 80709 symmetric encryption application

#encode the file openssl1.txt with base64 and output it to the file jiami.txt

[root@centos7~]#cat openssl1.txtopenssl [root@centos7~]#opensslbase64-in openssl1.txt-out jiami. txt [root@centos7~]#cat jiami.txtb3BlbnNzbAo = DSA application

#Generate 1024-bit DSA parameter set and output to file jm.pem

[root@centos7 ~]# openssl dsaparam -out jm.pem 1024Generating DSA parameters, 1024 bit long primeThis could take some time........+...........+..................+.....+..............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..........+......+.....+..+......+.........+.........+.................+............+...........+..................+...........+........+............+....+.+......+....+...............................+.................+.................+.+......+.......+..........+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* [root@centos7~]#cat jm.pem-----BEGIN DSA PARAMETERS-----MIIBHgKBgQCR+2rHHnotQERnaw1i3PaeeGyhZHP7Mjih9RAnNRv3oe+HO2AgiLgrvWLbT/oRNZhdnvuW8u8b1dmm9xPwwAfkNt0cPyH+28HNJ6ImoO9qQCBVlgPnwmahWPtA9TXIw7kJVOCUImKKXkbQvKOvlXsTgFHhhQ9GAt9gbHxmWVhqjwIVANzDXsuChXZDNAR6O0Dke4p/4H1XAoGAHzT3cByKaD0IN0zCXA0yXMNlyDtE8w7dlv37LcaR7u0ZV1r4zof/g7Pf+GCHbkVUVPzTrrlkn1Wfqtl2QsmT73jMBwPl+z3Oj7DyFb8JNm66epCO1uLaXoIubTZa4QFCuuTarWouizo4qDYQg/vYRDBQK 8 N5 nIh 8 Wfnte 9 gqzTY =----END DSA PARAMETERS----RSA Applications

#Generate a 1024-bit RSA private key, encrypt it with 3DES, password mingongge, output to file rsa.pem

[root@centos7 ~]# openssl genrsa -out rsa.pem -passout pass:mingongge -des3 1024Generating RSA private key, 1024 bit long modulus....................++++++...............++++++ e is 65537 (0x10001)[root@centos7~]#cat rsa.pem-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC, 34B51F9BE30A3448uvI8+9g2NGBS+t6VoxUW9JvjiSSnXAHVgJXFsiPtQRIQq3tUEv48QVXOXrLMSTeiDOmScLCrU0X+il+Kl2HtTEqmqzxmP+HlbiahSMthTbXUEcqSnKt/80UxzsKFWsaglYj5yl+skQoMYLHt0JSc2MlWA6tAHPdEb4/BoEN0zerhgVcXDlLeFXm7ni1tUmVjmbHmM1TV03kxxzd8KQhFsQkwT/aDtm143rxVrD3NpSS4eXbzm8D4B2A3L0DMaUzkcAql+iggvH4vS3BCKOX6h6Zr9Vyo4CGjvYSyvkASbc+fVKgvmPM9KP0+hedUH2Hc55K1ND5S0TWa2qFWk511tKbpBT9RM5P7ipcnr3tyya/RSpVZT7EpEUm+EokOrvHgSY6AgPSojYdDL3/WrQvJAkMQmuckpEW1lNYGSgFsQmRN8gFb8LXhr+uUf8psT3D9+Cvo5ynkocW1P1sHpJHuA7WtW7SaRbBGwEoPKjzAfKaV41oz9Sknn1PE5LXpvtIAzn/vVbKVQvD3ho2I2RuX5vtI7Jvy/TeKDOO9fAuNKqlR7/MmqE7OiKZovuh3xHRk3d3qif8uH6dCe7l6rElqgONNkYYJ/dBgJ+ ZV 15 ahJFNK 10 JoBqFgF 9dj + vFumWGt 7 FuN 2kk 7 Qe 1 YSn 13 ZZ 7 M10 EWDPxaMXSnzynazC 8 MLnokRwf 1 SwqsZW 250 J 9/dbvtBEE 00 IQWC + RmaRgJV + H +3gvCHyMZBRGaxUKiOftrM 9 Ir 3 w28 wk 2 jwgSm 6v 6p/WUg 4JUMPAqjft 82 lv + MwffM Kn 4 OHnuIyfgrZGB 6 + oR 52 BToQ =----END RSA PRIVATE KEY----Thank you for reading, the above is the content of "How to use OpenSSL command in Linux", after learning this article, I believe everyone has a deeper understanding of how to use OpenSSL commands in Linux, and the specific use needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.