OpenSSL RSA 签名

密钥的生成
a.生成非对称密钥对
openssl genrsa -out rsa.key
b. 指定生成的密钥的位数,默认512
openssl genrsa -out rsa_2048.key 2048
c.为私钥添加密码 （一般都不用）
openssl genrsa -out rsa_des3.key -des3

密钥的查看
d.查看私钥
openssl rsa -in rsa.key
e.查看公钥
openssl rsa -in rsa.key -pubout
f.查看公钥和modulus
openssl rsa -in rsa.key -modulus
g.查看密钥的详细信息,包含component prime等细节信息，这些信息的值都是冒号分割的，称为abstract
openssl rsa -in rsa.key -text
h.查看只有public key的文件
openssl rsa -in pub.txt -pubin
注：pub.txt 可由openssl rsa -in rsa.key -pubout >pub.txt或
  openssl rsa -in rsa.key -pubout -out pub.txt 产生如果pub.txt 中不是公钥将报错， -pubin 仅仅说明 -in 所指定的文件里面是什么
i.只查看key的其他信息，不显示key
openssl  rsa -in rsa.key -noout

OPENSSL基本命令

#生成RSA私钥(指定生成的密钥的位数,默认512)
genrsa -out rsa_private_key.pem 2048
#生成RSA公钥
rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
#将RSA私钥转换成PKCS8格式
pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt

[root@Irving ~]# openssl
OpenSSL> genrsa -out rsa.2048 2048
Generating RSA private key, 2048 bit long modulus
...........++++++
..........++++++
e is 65537 (0x10001)
OpenSSL> rsa -in rsa.2048 -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0BlFXN1wkgBb5hadMeLz4Pqj2
nZQGyyidW1GTun9rnKkG7o/v/YM8MCcrqW+2hizkbJygfRGvb1iHvc22SD7Q1Unk
7yKU5qDiDnXdIl1x05PMGRwfNhG75uv9tr/IsxA+bmIrEAZ+fxlGhXbg8R2gUm2O
c51AyBOgb92DtEfLgQIDAQAB
-----END PUBLIC KEY-----
OpenSSL> rsa -in rsa.2048 -pubout -out rsa.2048.pub
writing RSA key
OpenSSL> dgst -sign rsa.2048 -sha1 -out a.sign a.php
OpenSSL> dgst -verify rsa.2048.pub -sha1 -signature a.sign a.php
Verified OK
OpenSSL>

Refer:
数字证书原理
http://www.cnblogs.com/JeffreySun/archive/2010/06/24/1627247.html