openssl smime

用途:
S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息
语法:
openssl smime
[-encrypt] [-decrypt] [-sign] [-verify] [-pk7out] [-nointern] [-nosigs]
[-noverify] [-nocerts] [ -nodetach] [-noattr] [-binary] [-in file]
[-inform SMIME|PEM|DER] [-certfile file] [-signer file] [-recip file]
[-passin arg] [-inkey file] [-keyform PEM |ENGINE] [-out file]
[-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s]
[-text] [-CApath directory] [-CAfile filename] [-crl_check] [-crl_check_all]
[-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem…] [-des]
[-des3] [-rc2-40] [-rc2-64] [-rc2-128]
参数说明:
-encrypt encrypt message
-decrypt decrypt encrypted message
-sign sign message
-verify verify signed message
-pk7out output PKCS#7 structure
-des3 encrypt with triple DES
-des encrypt with DES
-seed encrypt with SEED
-rc2-40 encrypt with RC2-40 (default)
-rc2-64 encrypt with RC2-64
-rc2-128 encrypt with RC2-128
-aes128, -aes192, -aes256
encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-nointern don't search certificates in message for signer
-nosigs don't verify message signature
-noverify don't verify signers certificate
-nocerts don't include signers certificate when signing
-nodetach use opaque signing
-noattr don't include any signed attributes
-binary don't translate message to text
-certfile file other certificates file
-signer file signer certificate file
-recip file recipient certificate file for decryption
-in file input file
-inform arg input format SMIME (default), PEM or DER
-inkey file input private key (if not signer or recipient)
-keyform arg input private key format (PEM or ENGINE)
-out file output file
-outform arg output format SMIME (default), PEM or DER
-content file supply or override content for detached signature
-to addr to address
-from ad from address
-subject s subject
-text include or delete text MIME headers
-CApath dir trusted certificates directory
-CAfile file trusted certificates file
-trusted_first use trusted certificates first when building the trust chain
-crl_check check revocation status of signer's certificate using CRLs
-crl_check_all check revocation status of signer's certificate chain using CRLs
-engine e use engine e, possibly a hardware device.
-passin arg input file pass phrase source
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
cert.pem recipient certificate(s) for encryption
例子:
1、进行数字签名
openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log
openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
2、进行签名验证
openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log
openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
3、进行数字信封加密
openssl smime -encrypt -in install.log -out install_evp.enc certself.pem
4、进行数字信封解密
openssl smime -decrypt -in install_evp.enc -out install_ope.log -inkey prikey.pem
5、smime格式与pkcs#7格式的互转
openssl smime -in text_sign.msg -pk7out -out test_pkcs.pem
openssl pkcs7 -in test_pkcs.pem -text

 


posted @ 2018-04-15 15:12  艾小小雨  阅读(964)  评论(0编辑  收藏  举报