OpenSSL命令行常用功能(1) - 中国信息安全组织
来源:百度文库 编辑:神马文学网 时间:2024/04/26 21:03:36
OpenSSL命令行常用功能(1)
作者:rainbow 文章出处:中国信息安全组织 发布时间:2005-11-04 点击: 2793 字体: 【小中大】
1、为CA创建一个RSA私钥
D:\openssl\bin>openssl genrsa -des3 -out -ca.key 1024
Loading ‘screen‘ into random state - done
Generating RSA private key, 1024 bit long modulus
............................................................................++++++
........++++++
e is 65537 (0x10001)
Enter pass phrase for -ca.key:123456
Verifying - Enter pass phrase for -ca.key:123456
2、利用CA的RSA私钥创建一个自签名的CA证书
D:\openssl\bin>openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config openssl.cnf
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:sh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ciso
Organizational Unit Name (eg, section) []:ciso
Common Name (eg, YOUR name) []:infosecurity.org.cn
Email Address []:webmaster@infosecurity.org.cn
3、生成证书请求
D:\openssl\bin>openssl req -config openssl.cnf -new -keyout webmaster.key -out wm_req.pem -days 365
Loading ‘screen‘ into random state - done
Generating a 1024 bit RSA private key
.....++++++
......................++++++
writing new private key to ‘newreq.pem‘
Enter PEM pass phrase:123456(自己输)
Verifying - Enter PEM pass phrase:123456(自己输)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:sh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ciso
Organizational Unit Name (eg, section) []:ciso
Common Name (eg, YOUR name) []:webmaster
Email Address []:webmaster@infosecurity.org.cn
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:(不输)
An optional company name []:(不输)
4、签发证书
D:\openssl\bin>openssl ca -config openssl.cnf -out webmaster.pem -infiles wm_req.pem
Using configuration from openssl.cnf
Loading ‘screen‘ into random state - done
1896:error:0E06D06C:configuration file routines:NCONF_get_string:no value:.\crypto\conf\conf_lib.c:329:group=CA_defa
ult name=unique_subject
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject‘s Distinguished Name is as follows
countryName :PRINTABLE:‘cn‘
stateOrProvinceName :PRINTABLE:‘sh‘
localityName :PRINTABLE:‘sh‘
organizationName :PRINTABLE:‘ciso‘
organizationalUnitName:PRINTABLE:‘ciso‘
commonName :PRINTABLE:‘webmaster‘
emailAddress :IA5STRING:'webmaster@infosecurity.org.cn‘
Certificate is to be certified until Aug 23 10:01:35 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
5、重复步骤3与4可以创建个人证书。
6、包成pfx文件格式。
输入:z1.key与z1.crt
输出:z1.pfx
D:\openssl\bin>openssl pkcs12 -export -inkey z1.key -in z1.crt -out z1.pfx
Loading ‘screen‘ into random state - done
Enter pass phrase for z1.key:(输入密码)
Enter Export Password: :(输入密码)
Verifying - Enter Export Password::(输入密码)
7、去除私钥的密码。
D:\openssl\bin>openssl rsa -in z1.key -out z1_nopwd.key
Enter pass phrase for z1.key:(输入密码)
writing RSA key
作者:rainbow 文章出处:中国信息安全组织 发布时间:2005-11-04 点击: 2793 字体: 【小中大】
1、为CA创建一个RSA私钥
D:\openssl\bin>openssl genrsa -des3 -out -ca.key 1024
Loading ‘screen‘ into random state - done
Generating RSA private key, 1024 bit long modulus
............................................................................++++++
........++++++
e is 65537 (0x10001)
Enter pass phrase for -ca.key:123456
Verifying - Enter pass phrase for -ca.key:123456
2、利用CA的RSA私钥创建一个自签名的CA证书
D:\openssl\bin>openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config openssl.cnf
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:sh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ciso
Organizational Unit Name (eg, section) []:ciso
Common Name (eg, YOUR name) []:infosecurity.org.cn
Email Address []:webmaster@infosecurity.org.cn
3、生成证书请求
D:\openssl\bin>openssl req -config openssl.cnf -new -keyout webmaster.key -out wm_req.pem -days 365
Loading ‘screen‘ into random state - done
Generating a 1024 bit RSA private key
.....++++++
......................++++++
writing new private key to ‘newreq.pem‘
Enter PEM pass phrase:123456(自己输)
Verifying - Enter PEM pass phrase:123456(自己输)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:sh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ciso
Organizational Unit Name (eg, section) []:ciso
Common Name (eg, YOUR name) []:webmaster
Email Address []:webmaster@infosecurity.org.cn
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:(不输)
An optional company name []:(不输)
4、签发证书
D:\openssl\bin>openssl ca -config openssl.cnf -out webmaster.pem -infiles wm_req.pem
Using configuration from openssl.cnf
Loading ‘screen‘ into random state - done
1896:error:0E06D06C:configuration file routines:NCONF_get_string:no value:.\crypto\conf\conf_lib.c:329:group=CA_defa
ult name=unique_subject
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject‘s Distinguished Name is as follows
countryName :PRINTABLE:‘cn‘
stateOrProvinceName :PRINTABLE:‘sh‘
localityName :PRINTABLE:‘sh‘
organizationName :PRINTABLE:‘ciso‘
organizationalUnitName:PRINTABLE:‘ciso‘
commonName :PRINTABLE:‘webmaster‘
emailAddress :IA5STRING:'webmaster@infosecurity.org.cn‘
Certificate is to be certified until Aug 23 10:01:35 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
5、重复步骤3与4可以创建个人证书。
6、包成pfx文件格式。
输入:z1.key与z1.crt
输出:z1.pfx
D:\openssl\bin>openssl pkcs12 -export -inkey z1.key -in z1.crt -out z1.pfx
Loading ‘screen‘ into random state - done
Enter pass phrase for z1.key:(输入密码)
Enter Export Password: :(输入密码)
Verifying - Enter Export Password::(输入密码)
7、去除私钥的密码。
D:\openssl\bin>openssl rsa -in z1.key -out z1_nopwd.key
Enter pass phrase for z1.key:(输入密码)
writing RSA key
OpenSSL命令行常用功能(1) - 中国信息安全组织
不用编程,得到一个用户QQ在线状态--中国信息安全组织
XP命令行加密功能
理解命令行出错信息
使用 OpenSSL API 进行安全编程
Windows下OpenSSL的BIO安全编程
使用 OpenSSL API 进行安全编程
shell命令行下常用快捷键
中国国家生物安全信息交换所
中国信息安全测评中心:360安全卫士没有“后门”--中国计算机安全--信息安全、网络安全资...
第四届中国可信计算与信息安全学术会议召开--中国计算机安全--信息安全、网络安全资讯
全能编码器 MEncoder命令行常用方法
《安全周报》2010年7月第4期——中国信息安全博士网|中国信息安全博士论坛 | 信息安全...
网络经典命令行1
命令行
文献信息组织
G综艺:中国"龙芯" 国防信息安全排头兵
小学生安全协议书-法搜-中国法律信息搜索网
秦尘:感谢微软提前对中国发动信息安全战争
秦尘:感谢微软提前对中国发动信息安全战争
中国农网网络信息安全整体解决方案
“中国国家生物多样性信息交换所”和“中国国家生物安全信息交换所”简介
信息编辑读取功能
网络信息组织对传统信息组织的借鉴