实验一 嵌入式开发基础
1-3 学时实践要求(30 分)
- 参考云班课相关教学视频,在 Ubuntu或openEuler中(推荐 openEuler)中实践课程思维导图中OpenSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(5分)
openssl cmd
tongshijia@Sodom:~/test1$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl list -help
tongshijia@Sodom:~/test1$ openssl list -help
Usage: list [options]
General options:
-help Display this summary
Output options:
-1 List in one column
-verbose Verbose listing
-select val Select a single algorithm
-commands List of standard commands
-standard-commands List of standard commands
-digest-commands List of message digest commands (deprecated)
-digest-algorithms List of message digest algorithms
-kdf-algorithms List of key derivation and pseudo random function algorithms
-random-instances List the primary, public and private random number generator details
-random-generators List of random number generators
-mac-algorithms List of message authentication code algorithms
-cipher-commands List of cipher commands (deprecated)
-cipher-algorithms List of cipher algorithms
-encoders List of encoding methods
-decoders List of decoding methods
-key-managers List of key managers
-key-exchange-algorithms List of key exchange algorithms
-kem-algorithms List of key encapsulation mechanism algorithms
-signature-algorithms List of signature algorithms
-asymcipher-algorithms List of asymmetric cipher algorithms
-public-key-algorithms List of public key algorithms
-public-key-methods List of public key methods
-store-loaders List of store loaders
-providers List of provider information
-engines List of loaded engines
-disabled List of disabled features
-options val List options for specified command
-objects List built in objects (OID<->name mappings)
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
openssl <==>openssl help
tongshijia@Sodom:~/test1$ openssl -help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
rmd160 sha1 sha224 sha256
sha3-224 sha3-256 sha3-384 sha3-512
sha384 sha512 sha512-224 sha512-256
shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb sm4-cbc sm4-cfb
sm4-ctr sm4-ecb sm4-ofb
数据输入输出 文本
tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo 123 | od -tx1 -tc
0000000 31 32 33 0a
1 2 3 \n
0000004
tongshijia@Sodom:~/test1$ echo -n 123 | od -tx1 -tc
0000000 31 32 33
1 2 3
0000003
tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo -n 123 | openssl sm3
SM3(stdin)= 6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
tongshijia@Sodom:~/test1$ echo 123 > 123.txt
tongshijia@Sodom:~/test1$ openssl sm3 -file 123.txt
SM3(123.txt)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
数据输入输出 二进制
tongshijia@Sodom:~/test1$ echo "obase=16;123" | bc
7B
tongshijia@Sodom:~/test1$ echo -n -e "\x7B" > 123.bin
tongshijia@Sodom:~/test1$ od -tx1 123.bin
0000000 7b
0000001
tongshijia@Sodom:~/test1$ openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
tongshijia@Sodom:~/test1$ echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
常用命令 prime
tongshijia@Sodom:~/test1$ openssl prime -help
Usage: prime [options] [number...]
General options:
-help Display this summary
-bits +int Size of number in bits
-checks +int Number of checks
Output options:
-hex Hex output
-generate Generate a prime
-safe When used with -generate, generate a safe prime
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
number Number(s) to check for primality if not generating
素性检查
tongshijia@Sodom:~/test1$ openssl prime 3
3 (3) is prime
tongshijia@Sodom:~/test1$ openssl prime 33
21 (33) is not prime
tongshijia@Sodom:~/test1$ openssl prime -checks 10 33
21 (33) is not prime
tongshijia@Sodom:~/test1$ openssl prime -hex 4F
4F (4F) is prime
素数产生
tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10
773
tongshijia@Sodom:~/test1$ openssl prime 773
305 (773) is prime
tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10
787
tongshijia@Sodom:~/test1$ openssl prime 787
313 (787) is prime
tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10 -hex
03F5
tongshijia@Sodom:~/test1$ openssl prime -hex 03F5
3F5 (03F5) is prime
常用命令 rand
tongshijia@Sodom:~/test1$ openssl rand -help
Usage: rand [options] num
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Output options:
-out outfile Output file
-base64 Base64 encode output
-hex Hex encode output
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
num Number of bytes to generate
随机数产生
tongshijia@Sodom:~/test1$ openssl rand 10
���[�e�TVE
tongshijia@Sodom:~/test1$ openssl rand 10 | od -tx1
0000000 33 bf a5 aa c5 5f fe ba 34 c7
0000012
tongshijia@Sodom:~/test1$ openssl rand 10 | xxd -p
fe40389a89ff96c9d76a
tongshijia@Sodom:~/test1$ openssl rand -hex 10
44e60c1d076e46f658e6
tongshijia@Sodom:~/test1$ openssl rand -base64 10
+mj3jyNaV7q4tw==
随机数文件
tongshijia@Sodom:~/test1$ openssl rand -out r1.bin 10
tongshijia@Sodom:~/test1$ od -tx1 r1.bin
0000000 28 32 ba 62 5c 2b 6d 82 8e 0a
0000012
tongshijia@Sodom:~/test1$ openssl rand 10 > r2.bin
tongshijia@Sodom:~/test1$ cat r2.bin | xxd -p
0947837109c9f70ad378
常用指令 base
tongshijia@Sodom:~/test1$ openssl base64 -help
Usage: base64 [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
编码解码
tongshijia@Sodom:~/test1$ echo tsj | openssl base64
dHNqCg==
tongshijia@Sodom:~/test1$ echo tsj | openssl base64 -e
dHNqCg==
tongshijia@Sodom:~/test1$ echo dHNqCg== | openssl base64 -d
tsj
tongshijia@Sodom:~/test1$ echo -ne "\x11\x22\x33" | openssl base64
ESIz
tongshijia@Sodom:~/test1$ echo ESIz | openssl base64 -d | xxd -p
112233
tongshijia@Sodom:~/test1$ echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
tongshijia@Sodom:~/test1$ echo ESIzRA== | openssl base64 -d | xxd -p
11223344
文件编码解码
tongshijia@Sodom:~/test1$ echo tsj > tsj.txt
tongshijia@Sodom:~/test1$ openssl base64 -in tsj.txt -out tsj.b64
tongshijia@Sodom:~/test1$ cat tsj.b64
dHNqCg==
tongshijia@Sodom:~/test1$ openssl base64 -d -in tsj.b64 -out tsj2.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsj2.txt
tongshijia@Sodom:~/test1$ cat tsj2.txt
tsj
常用命令 asn1parse
tongshijia@Sodom:~/test1$ openssl asn1parse -help
Usage: asn1parse [options]
General options:
-help Display this summary
-oid infile file of extra oid definitions
I/O options:
-inform PEM|DER input format - one of DER PEM
-in infile input file
-out outfile output file (output format is always DER)
-noout do not produce any output
-offset +int offset into file
-length +int length of section in file
-strparse +int offset; a series of these can be used to 'dig'
-genstr val string to generate ASN1 structure from
into multiple ASN1 blob wrappings
-genconf val file to generate ASN1 structure from
-strictpem do not attempt base64 decode outside PEM markers
-item val item to parse and print
(-inform will be ignored)
Formatting options:
-i indents the output
-dump unknown data in hex form
-dlimit +int dump the first arg bytes of unknown data in hex form
密码工程中的格式
tongshijia@Sodom:~/test1$ echo -ne "\x03\x02\x04\x90" >bitstring.der
tongshijia@Sodom:~/test1$ openssl asn1parse -inform der -i -in bitstring.der
0:d=0 hl=2 l= 2 prim: BIT STRING
tongshijia@Sodom:~/test1$ openssl base64 -in bitstring.der -out bitstring.pem
tongshijia@Sodom:~/test1$ ls bitstring.pem
bitstring.pem
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in bitstring.pem
0:d=0 hl=2 l= 2 prim: BIT STRING
Hash与HMAC:dgst
tongshijia@Sodom:~/test1$ openssl dgst -help
Usage: dgst [options] [file...]
General options:
-help Display this summary
-list List digests
-engine val Use engine e, possibly a hardware device
-engine_impl Also use engine given by -engine for digest operations
-passin val Input file pass phrase source
Output options:
-c Print the digest with separating colons
-r Print the digest in coreutils format
-out outfile Output to filename rather than stdout
-keyform format Key file format (ENGINE, other values ignored)
-hex Print as hex dump
-binary Print in binary form
-xoflen +int Output length for XOF algorithms
-d Print debug info
-debug Print debug info
Signing options:
-sign val Sign digest using private key
-verify val Verify a signature using public key
-prverify val Verify a signature using private key
-sigopt val Signature parameter in n:v form
-signature infile File with signature to verify
-hmac val Create hashed MAC with key
-mac val Create MAC (not necessarily HMAC)
-macopt val MAC algorithm parameters in n:v form or key
-* Any supported digest
-fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
file Files to digest (optional; default is stdin)
tongshijia@Sodom:~/test1$ openssl dgst -list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool
tongshijia@Sodom:~/test1$ echo tsj | openssl dgst -sm3
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -hex
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -binary
� {��<��9,�w�~Rt�L
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -binary | xxd -p
0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274
a14c
tongshijia@Sodom:~/test1$ echo tsj > tsj.txt
tongshijia@Sodom:~/test1$ openssl sm3 tsj.txt
SM3(tsj.txt)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ ~/diocs/sh/openssl$ echo tsj | openssl sm3
SM3(stdin)= 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
对称算法:enc
tongshijia@Sodom:~/test1$ openssl enc -help
Usage: enc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
tongshijia@Sodom:~/test1$ openssl enc -list
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes192
-aes192-wrap -aes256 -aes256-wrap
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -rc2 -rc2-128
-rc2-40 -rc2-40-cbc -rc2-64
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -seed -seed-cbc
-seed-cfb -seed-ecb -seed-ofb
-sm4 -sm4-cbc -sm4-cfb
-sm4-ctr -sm4-ecb -sm4-ofb
加密解密
tongshijia@Sodom:~/test1$ openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in tsj.txt -out tsj.enc
tongshijia@Sodom:~/test1$ openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in tsj.enc -out tsj2.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsj2.txt
RSA
tongshijia@Sodom:~/test1$ openssl genpkey -help
Usage: genpkey [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-paramfile infile Parameters file
-algorithm val The public key algorithm
-quiet Do not output status while generating keys
-pkeyopt val Set the public key algorithm option as opt:value
-config infile Load a configuration file (this may load modules)
Output options:
-out outfile Output file
-outform PEM|DER output format (DER or PEM)
-pass val Output file pass phrase source
-genparam Generate parameters, not key
-text Print the in text
-* Cipher to use to encrypt the key
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Order of options may be important! See the documentation.
产生公私钥对
tongshijia@Sodom:~/test1$ openssl genpkey -algorithm RSA -out private_key.pem
.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+.+.....................+...+......+...+........+...+.........+...+...+.+.....+.+.........+......+............+...+.....+...+...............+......+....+..+.......+.....+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+...+.........+..+.+.....+.........+...+.+.........+...+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+.+...............+...+.................+.........+....+..+.+.................+......+.+........+.+..+.............+...........+......+.......+...+............+...........+......+.+..+.+..+............+.+......+......+............+..+...+.+...........+...+...+...+....+..+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tongshijia@Sodom:~/test1$ ls private_key.pem
private_key.pem
tongshijia@Sodom:~/test1$ cat private_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDziHFKDnOK/thm
O1Hu6pa0YEw5CCvZWBwOHDQdSF/Z8cWvfgnodSouKWLVFQ9jH0UXzc+wG0UbP9OD
xtwzp+wy1i3Cfmv58LsL0gi3cHH+sZ1wtjveXBfDdzC/Ol1/GhkxEIHjqFIdJ2et
tyunxK9mZmxyqWVfu9tEu0bGSZgCVx3rPQRGQQn9l+A43Fc1xQKu3AmXg5VAwzJs
IdhsB2CEhQafbBBObwkK8dPEhIAZve088hZ7kVTtGVTrOY1Kv8Pw2hi7gZTcajPw
Bc1xKKwtVoGAuH6VQbOCKMiI0a4VpIGg8UvCwK2ama4A2BzKDKGWL7DcZT70QTvQ
0a/qaTQ3AgMBAAECggEASlKsyH4qkxP9tQ2Ljs+3WKs+9/TfdQBn54KCASHSZvBb
dZiQq4n+aoIk8ITx4j1r17zvEn7wE0XiZogtMfKgqk8lPgNZLrliTFQ4ZsuBbsqE
Ex76nH0cn4Hjtai5Wg37/DZefb0j+lPJV4HcZ+Il6al+lWvPTW1GmO5Sxjc1lhip
0Cf6pb4APfUeGTlPJM9u7wgp01SyDTwQ4uXykIYAo5a9S2F31Uaqjr0PMfJIwDy7
h0WDh+zcJP1Jl1uSuYv7hoGXwI2ofCnwM+u8s7LJ7+woPo/6VTvr6gq8mkyNOW8T
QdKcDUecBYqxTUcyWpt5L3jxKoO9OxhRcTmHMY7N0QKBgQD0tqbSf3I1NDJn8DFd
+yDpH4bcu0BwdcNfP/CMXyMj5t0xpFvFMhR4Z7ms7PNN6yQ7Jr1w1AOjKXBLB2rF
AGXTraxxBi/BJbxz4wE4asMZDkcLZ3gnb+FFCu6x58sye5S3m1KVFguz0NM/RP+y
IBpFGwTQJo6pxf8wTt8jRxee2QKBgQD+w9pDkj7WrnmGltQOBsiOQi1LVFBIpRYL
BEYDaHAoRSSnHnuGEWDaAtkn3a3bj+UZhLBupmjK/mdiHtLQKRbrjw0qwlGLgHsV
7G52mGfVANpKZ7vx9t+UFWFZPIXUaq/6ItRvIKxouylzTbNULYoGBarwo8EBmy+y
U9gz8zmhjwKBgQDO9J3XDcOHrVInxuHpSlYF8gy7Jn2T3nRRXKDSBi+Q0FEnB4o5
FmZrgcVssqP9tKxafiPehN9ioMwAGBC69OApCgr5NzMx1PkwxL2medvvl7yLr4DV
UXAhVOKTgKW/VvZp5SkNPqy88RGGw5K/kRjGctg6NTGX8QQlVb6udhRK2QKBgDX/
x0yZO+5/Ds0jPRE4CNx2VGlqFpY/P5vYLQrd4R/3/9vYTzBMkK3E+shDaW1nY5T0
Ff1uEjoskDcw91gdzXjiWlUc2PHrqqsr8QH8Lc3tH1e0Axc3T45wtbCXbnpmnqQz
K7neQAz21sNUzdTiziWWn/PfkbJIdWSj9uiT/jwrAoGBAO/6r2ew9yWslhgOxR8S
LS/yFyc0rY8QXwwJQ4qoNoJdJ3J/ZsqteB6laZzwJN6EAfEl//VuukSNCUcgN6NQ
lH8JrkSOwPDpsovBZSSjMKTG0oiJikBGUn8zZtPSQdFfLWbJ5OTy9tgb6ci5Xk+G
oJInrWarKWrf/Drx8ZyT5g83
-----END PRIVATE KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in private_key.pem
0:d=0 hl=4 l=1214 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l=1192 prim: OCTET STRING [HEX DUMP]:308204A40201000282010100F388714A0E738AFED8663B51EEEA96B4604C39082BD9581C0E1C341D485FD9F1C5AF7E09E8752A2E2962D5150F631F4517CDCFB01B451B3FD383C6DC33A7EC32D62DC27E6BF9F0BB0BD208B77071FEB19D70B63BDE5C17C37730BF3A5D7F1A19311081E3A8521D2767ADB72BA7C4AF66666C72A9655FBBDB44BB46C6499802571DEB3D04464109FD97E038DC5735C502AEDC0997839540C3326C21D86C07608485069F6C104E6F090AF1D3C4848019BDED3CF2167B9154ED1954EB398D4ABFC3F0DA18BB8194DC6A33F005CD7128AC2D568180B87E9541B38228C888D1AE15A481A0F14BC2C0AD9A99AE00D81CCA0CA1962FB0DC653EF4413BD0D1AFEA6934370203010001028201004A52ACC87E2A9313FDB50D8B8ECFB758AB3EF7F4DF750067E782820121D266F05B759890AB89FE6A8224F084F1E23D6BD7BCEF127EF01345E266882D31F2A0AA4F253E03592EB9624C543866CB816ECA84131EFA9C7D1C9F81E3B5A8B95A0DFBFC365E7DBD23FA53C95781DC67E225E9A97E956BCF4D6D4698EE52C637359618A9D027FAA5BE003DF51E19394F24CF6EEF0829D354B20D3C10E2E5F2908600A396BD4B6177D546AA8EBD0F31F248C03CBB87458387ECDC24FD49975B92B98BFB868197C08DA87C29F033EBBCB3B2C9EFEC283E8FFA553BEBEA0ABC9A4C8D396F1341D29C0D479C058AB14D47325A9B792F78F12A83BD3B1851713987318ECDD102818100F4B6A6D27F7235343267F0315DFB20E91F86DCBB407075C35F3FF08C5F2323E6DD31A45BC532147867B9ACECF34DEB243B26BD70D403A329704B076AC50065D3ADAC71062FC125BC73E301386AC3190E470B6778276FE1450AEEB1E7CB327B94B79B5295160BB3D0D33F44FFB2201A451B04D0268EA9C5FF304EDF2347179ED902818100FEC3DA43923ED6AE798696D40E06C88E422D4B545048A5160B0446036870284524A71E7B861160DA02D927DDADDB8FE51984B06EA668CAFE67621ED2D02916EB8F0D2AC2518B807B15EC6E769867D500DA4A67BBF1F6DF941561593C85D46AAFFA22D46F20AC68BB29734DB3542D8A0605AAF0A3C1019B2FB253D833F339A18F02818100CEF49DD70DC387AD5227C6E1E94A5605F20CBB267D93DE74515CA0D2062F90D05127078A3916666B81C56CB2A3FDB4AC5A7E23DE84DF62A0CC001810BAF4E0290A0AF9373331D4F930C4BDA679DBEF97BC8BAF80D551702154E29380A5BF56F669E5290D3EACBCF11186C392BF9118C672D83A353197F1042555BEAE76144AD902818035FFC74C993BEE7F0ECD233D113808DC7654696A16963F3F9BD82D0ADDE11FF7FFDBD84F304C90ADC4FAC843696D676394F415FD6E123A2C903730F7581DCD78E25A551CD8F1EBAAAB2BF101FC2DCDED1F57B40317374F8E70B5B0976E7A669EA4332BB9DE400CF6D6C354CDD4E2CE25969FF3DF91B2487564A3F6E893FE3C2B02818100EFFAAF67B0F725AC96180EC51F122D2FF2172734AD8F105F0C09438AA836825D27727F66CAAD781EA5699CF024DE8401F125FFF56EBA448D09472037A350947F09AE448EC0F0E9B28BC16524A330A4C6D288898A4046527F3366D3D241D15F2D66C9E4E4F2F6D81BE9C8B95E4F86A09227AD66AB296ADFFC3AF1F19C93E60F37
提取公钥
tongshijia@Sodom:~/test1$ openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key
tongshijia@Sodom:~/test1$ ls public_key.pem
public_key.pem
tongshijia@Sodom:~/test1$ cat public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84hxSg5ziv7YZjtR7uqW
tGBMOQgr2VgcDhw0HUhf2fHFr34J6HUqLili1RUPYx9FF83PsBtFGz/Tg8bcM6fs
MtYtwn5r+fC7C9IIt3Bx/rGdcLY73lwXw3cwvzpdfxoZMRCB46hSHSdnrbcrp8Sv
ZmZscqllX7vbRLtGxkmYAlcd6z0ERkEJ/ZfgONxXNcUCrtwJl4OVQMMybCHYbAdg
hIUGn2wQTm8JCvHTxISAGb3tPPIWe5FU7RlU6zmNSr/D8NoYu4GU3Goz8AXNcSis
LVaBgLh+lUGzgijIiNGuFaSBoPFLwsCtmpmuANgcygyhli+w3GU+9EE70NGv6mk0
NwIDAQAB
-----END PUBLIC KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in public_key.pem
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
RSA加密解密
tongshijia@Sodom:~/test1$ openssl genpkey -help
Usage: genpkey [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-paramfile infile Parameters file
-algorithm val The public key algorithm
-quiet Do not output status while generating keys
-pkeyopt val Set the public key algorithm option as opt:value
-config infile Load a configuration file (this may load modules)
Output options:
-out outfile Output file
-outform PEM|DER output format (DER or PEM)
-pass val Output file pass phrase source
-genparam Generate parameters, not key
-text Print the in text
-* Cipher to use to encrypt the key
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Order of options may be important! See the documentation.
tongshijia@Sodom:~/test1$ openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in tsj.txt -out tsjrsaenc.bin
tongshijia@Sodom:~/test1$ openssl pkeyutl -decrypt -inkey private_key.pem -in tsjrsaenc.bin -out tsjrsadec.txt
tongshijia@Sodom:~/test1$ ls
1.c bitstring.der private_key.pem r2.bin tsj.b64 tsj2.txt
123.bin bitstring.pem public_key.pem random_data.bin tsj.enc tsjrsadec.txt
123.txt new_random_data.bin r1.bin random_state.bin tsj.txt tsjrsaenc.bin
tongshijia@Sodom:~/test1$ diff tsj.txt tsjrsadec.txt
RSA签名验签
tongshijia@Sodom:~/test1$ openssl dgst -sha256 -sign private_key.pem -out tsj.sig tsj.txt
tongshijia@Sodom:~/test1$ openssl dgst -sha256 -verify public_key.pem -signature tsj.sig tsj.txt
Verified OK
tongshijia@Sodom:~/test1$ openssl pkeyutl -sign -inkey private_key.pem -in tsj.txt -out tsjrsa.sig
tongshijia@Sodom:~/test1$ openssl pkeyutl -verify -in tsj.txt -sigfile tsjrsa.sig -inkey private_key.pem
Signature Verified Successfully
SM2
tongshijia@Sodom:~/test1$ openssl ecparam -help
Usage: ecparam [options]
General options:
-help Display this summary
-list_curves Prints a list of all curve 'short names'
-engine val Use engine, possibly a hardware device
-genkey Generate ec key
-in infile Input file - default stdin
-inform PEM|DER Input format - default PEM (DER or PEM)
-out outfile Output file - default stdout
-outform PEM|DER Output format - default PEM
Output options:
-text Print the ec parameters in text form
-noout Do not print the ec parameter
-param_enc val Specifies the way the ec parameters are encoded
Parameter options:
-check Validate the ec parameters
-check_named Check that named EC curve parameters have not been modified
-no_seed If 'explicit' parameters are chosen do not use the seed
-name val Use the ec parameters with specified 'short name'
-conv_form val Specifies the point conversion form
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
tongshijia@Sodom:~/test1$ openssl ec -help
Usage: ec [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Input options:
-in val Input file
-inform format Input format (DER/PEM/P12/ENGINE)
-pubin Expect a public key in input file
-passin val Input file pass phrase source
-check check key consistency
-* Any supported cipher
-param_enc val Specifies the way the ec parameters are encoded
-conv_form val Specifies the point conversion form
Output options:
-out outfile Output file
-outform PEM|DER Output format - DER or PEM
-noout Don't print key out
-text Print the key
-param_out Print the elliptic curve parameters
-pubout Output public key, not private
-no_public exclude public key from private key
-passout val Output file pass phrase source
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
SM2产生密钥对
tongshijia@Sodom:~/test1$ openssl ecparam -genkey -name SM2 -out sm2private_key.pem
tongshijia@Sodom:~/test1$ cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIP6hU3Y5b2qjbh6R
0abbjdqOBuESnfvW+OSWUa6obouboUQDQgAEYkkLkS0E8L2JrJPl2VMfhktELPyi
9Jeue0uKIOn21EnXOooH9Fc9xp42CKirmHZ2TFqiq7/ihqj7q1wsbqw1nA==
-----END PRIVATE KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in sm2private_key.pem
0:d=0 hl=2 l= 8 prim: OBJECT :sm2
tongshijia@Sodom:~/test1$ openssl base64 -d -in sm2privatekey.pem -out sm2privatekey.der
Can't open "sm2privatekey.pem" for reading, No such file or directory
4087B0FCA87F0000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(sm2privatekey.pem, r)
4087B0FCA87F0000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
tongshijia@Sodom:~/test1$ openssl base64 -d -in sm2private_key.pem -out sm2private_key.der
tongshijia@Sodom:~/test1$ openssl asn1parse -inform DER -in sm2private_key.der
0:d=0 hl=2 l= 8 prim: OBJECT :sm2
tongshijia@Sodom:~/test1$ od -tx1 sm2private_key.der
0000000 06 08 2a 81 1c cf 55 01 82 2d
0000012
tongshijia@Sodom:~/test1$ openssl pkey -in sm2private_key.pem -text -noout
Private-Key: (256 bit)
priv:
fe:a1:53:76:39:6f:6a:a3:6e:1e:91:d1:a6:db:8d:
da:8e:06:e1:12:9d:fb:d6:f8:e4:96:51:ae:a8:6e:
8b:9b
pub:
04:62:49:0b:91:2d:04:f0:bd:89:ac:93:e5:d9:53:
1f:86:4b:44:2c:fc:a2:f4:97:ae:7b:4b:8a:20:e9:
f6:d4:49:d7:3a:8a:07:f4:57:3d:c6:9e:36:08:a8:
ab:98:76:76:4c:5a:a2:ab:bf:e2:86:a8:fb:ab:5c:
2c:6e:ac:35:9c
ASN1 OID: SM2
SM2提取公钥
tongshijia@Sodom:~/test1$ openssl ec -in sm2private_key.pem -pubout -out sm2public_key.pem
read EC key
writing EC key
tongshijia@Sodom:~/test1$ cat sm2public_key.pem
-----BEGIN PUBLIC KEY-----
MFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABGJJC5EtBPC9iayT5dlTH4ZLRCz8
ovSXrntLiiDp9tRJ1zqKB/RXPcaeNgioq5h2dkxaoqu/4oao+6tcLG6sNZw=
-----END PUBLIC KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in sm2public_key.pem
0:d=0 hl=2 l= 90 cons: SEQUENCE
2:d=1 hl=2 l= 20 cons: SEQUENCE
4:d=2 hl=2 l= 8 prim: OBJECT :sm2
14:d=2 hl=2 l= 8 prim: OBJECT :sm2
24:d=1 hl=2 l= 66 prim: BIT STRING
SM2加密解密
tongshijia@Sodom:~/test1$ openssl pkeyutl -encrypt -pubin -inkey sm2public_key.pem -in tsj.txt -out tsjsm2enc.bin
tongshijia@Sodom:~/test1$ openssl pkeyutl -decrypt -inkey sm2private_key.pem -in tsjsm2enc.bin -out tsjsm2dec.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsjsm2dec.txt
SM2签名验签
tongshijia@Sodom:~/test1$ openssl sm3 -sign sm2private_key.pem -out tsjsm2.sig tsj.txt
tongshijia@Sodom:~/test1$ openssl sm3 -verify sm2public_key.pem -signature tsjsm2.sig tsj.txt
Verified OK
tongshijia@Sodom:~/test1$ openssl pkeyutl -sign -in tsj.txt -inkey sm2private_key.pem -out tsjsm2.sig -rawin -digest sm3
tongshijia@Sodom:~/test1$ od -tx1 tsjsm2.sig
0000000 30 45 02 20 78 d8 60 51 4b 5b a4 04 bd 1f c7 b8
0000020 9b b3 71 1d 3e d8 0d a6 ac a2 e3 f3 d0 34 db 47
0000040 b3 28 9e b2 02 21 00 b9 8b 6a a7 6b 28 c0 51 dd
0000060 01 23 7d 86 20 f2 5f 68 71 a9 c9 71 94 68 a8 18
0000100 38 e3 44 71 b7 45 05
0000107
tongshijia@Sodom:~/test1$ openssl pkeyutl -verify -in tsj.txt -inkey sm2private_key.pem -sigfile tsjsm2.sig -rawin -dige
st sm3
Signature Verified Successfully
