openssl命令使用
OpenSSL是一个开放源代码的软件库包,应用程序可以使用这个包来进行安全通信,避免窃听,同时确认另一端连线者的身份。这个包广泛被应用在互联网的网页服务器上
其主要库是以C语言所写成,实现了基本的加密功能,实现了SSL与TLS协议。
三种子命令:
标准命令
消息摘要命令
加密命令
[root@localhost ~]# openssl version OpenSSL 1.1.1k FIPS 25 Mar 2021
加密命令
[root@localhost ~]# openssl passwd --help Usage: passwd [options] Valid options are: -help Display this summary -in infile Read passwords from file -noverify Never verify when reading password from terminal -quiet No warnings -table Format output as table -reverse Switch table columns -salt val Use provided salt -stdin Read passwords from stdin -6 SHA512-based password algorithm -5 SHA256-based password algorithm -apr1 MD5-based password algorithm, Apache variant -1 MD5-based password algorithm -aixmd5 AIX MD5-based password algorithm -crypt Standard Unix password algorithm (default) -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file
[root@localhost ~]# echo 123456 | openssl passwd -6 --stdin -salt "WNoUVbFvp40Aw7aL" #盐 $6$WNoUVbFvp40Aw7aL$d7T63djg2TnXnF7SZyogKoHhrV9xG6PGksnnC0x3FYzTFoIBSn1y15n322WgJmpphkRxXtyvRIj5FvTfkeEVn0
openssl命令单向哈希加密
[root@localhost ~]# openssl aes-128-cbc camellia-128-cbc crl2pkcs7 des-ofb genrsa rc2-64-cbc sha1 aes-128-ecb camellia-128-ecb des desx md2 rc2-cbc sha224 aes-192-cbc camellia-192-cbc des3 dgst md4 rc2-cfb sha256 aes-192-ecb camellia-192-ecb des-cbc dh md5 rc2-ecb sha384 aes-256-cbc camellia-256-cbc des-cfb dhparam nseq rc2-ofb sha512 aes-256-ecb camellia-256-ecb des-ecb dsa ocsp rc4 smime asn1parse cast des-ede dsaparam passwd rc4-40 speed base64 cast5-cbc des-ede3 ec pkcs12 req spkac bf cast5-cfb des-ede3-cbc ecparam pkcs7 rmd160 s_server bf-cbc cast5-ecb des-ede3-cfb enc pkcs8 rsa s_time bf-cfb cast5-ofb des-ede3-ofb engine prime rsautl verify bf-ecb cast-cbc des-ede-cbc errstr rand s_client version bf-ofb ciphers des-ede-cfb gendh rc2 sess_id x509 ca crl des-ede-ofb gendsa rc2-40-cbc sha [root@localhost ~]# openssl md5 md2 md4 md5
openssl命令生成随机数
随机数生成器:伪随机数字,利用键盘和鼠标,块设备中断生成随机数
[root@localhost ~]# openssl rand -hex 4 64ee60b2
[root@localhost ~]# openssl rand -base64 10 #3的整数倍 uzGSMtJVEtVYWg==
[root@localhost ~]# openssl rand -base64 -hex 1 4b
NUM: 表示字节数,使用-hex,每个字符为十六进制,相当于4位二进制,出现的字符数为NUM*2
生成随机密码并保存
for i in {211..212};do useradd user$i;password=`openssl rand -base64 10 | head -c 8`;echo user$i:$password >> c.txt;echo $password | passwd --stdin user$i;done
for i in {300..301};do useradd user$i;password=`openssl rand -base64 10 | head -c 8`;echo user$i:$password | tee -a b.txt;echo $password | passwd --stdin user$i;done
for i in {21..35};do userdel -r user$i;done
tr -dc '[:alnum:]' < /dev/urandom |head -c 8
除了数字字母全删了
openssl命令实现 PKI
公钥加密:
算法:RSA, ELGamal
工具:gpg, openssl rsautl(man rsautl)
数字签名:
算法:RSA, DSA, ELGamal
密钥交换:
算法:dh
DSA:Digital Signature Algorithm
DSS:Digital Signature Standard
RSA:
openssl命令生成密钥对儿:man genrsa
生成私钥
openssl genrsa -out /PATH/TO/PRIVATEKEY.FILE [-aes128] [-aes192] [-aes256] [- des3] [NUM_BITS,默认2048]
#对称加密算法:man genrsa -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, - camellia192, -camellia256, -des, -des3, -idea
openssl genrsa -out /data/nginx.key
推出公钥
[root@localhost data]# openssl rsa -in nginx.key -pubout -out nginx.pubkey writing RSA key [root@localhost data]# cat nginx.pubkey -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXzMK4t8mUpzEVaU7hjm W9IKUQ5K8W62yPTlhpBqZVf3Sx2YazGB6szwIBOF0hEA8MRc21K+9aBFw//OFKPD aeWC95e1uRgYh44dBL2vs+Ohv0/3mYmBBSLWDbLzsg5QGYtM3KYExgUwrvdOXLpW kvO+kcu84CxKJf3399388YJFbQimNobfSFQ6n9rfQDgryCaYEIFay+x1IkatS/NI b9wUo/D+iiCzct5TkqlaaO6Sj0xUhDR/PJQxuO2Mtpdfcd/09xA+cTVgnwfd2Hkc hH+2vi+VVEB4ZdKTSEwxagzxyQnX0GhbWn//CydXM8Wah+yNeZrKQ31YpqUBXyry qwIDAQAB -----END PUBLIC KEY-----
