Openssl加密解密應用
1,對稱加密
(1)複製fstab至當前目錄,測試加密過程
[[email protected] ~]# cp /etc/fstab ./
加密fstab至 fstab.ciphertext檔案(設定機密密碼)
[[email protected] ~]# openssl enc -e -des3 -a -salt -in fstab -out fstab.ciphertext
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
檢視加密檔案
[[email protected] ~]# cat fstab.ciphertext
U2FsdGVkX187Ty1Sik0fuKuo3+XUxha/qfCFRuWWvvLE1eSw5yAtB/oqAGxhiUVn
GxtSKEj6Rg5l2gDWfMrdJDCjWHdHIB8/B+NDC/WTIj00kIGwY1h6DxDjFFePpXHm
Ido2oC6I+PvKujOz4u7xzAT0UTYsL9fr+EBTIXyVfMGlVN/QLrWnJPUHmf5kDQQi
bTLV82M7vgh5CBLu2jSYGRA5TlsP+TNuNZiTWrjbnPVp4tgs6h/ABH4wYZ0lFQFy
bUbEczgQourfxelzD5cXVY8kYHrZSSVTnicBA6S3LdcBxjvnVtz4BdCRZZlZG/Z1
TeV46HptpIB8tnroZU8EzYuJECF1OND4aUTHhCxuAu3RJjaKOO20L2Ts4u7T8fuy
jeA2gi9oijNhPgRo1fZwyNkKLR/GUBunJbcNiqhqIbcy5RxfwAREqwwuC2u+95mA
IFFeMujjg+XoSA4rDJJwmkPEBsp2dLZaX54gHqxEKLeUDUUpMOp6pyJxyfRtGfBq
JUSHKYmA1bKX5wWK0t0uaiY2HH6TPg8doueYRgaa5Xj4BAlmGevWnJ0nB3DfdK6y
PE+0A1hRbbvFCVjk4K7oaHEI5kgKFnpIgZcP2TglOHMEbvbwfuGgZF5NE7VfHgn8
LUWmE8kzCpVttNPKRmU52IVokJSMaaxEo4CP6O1VpYySioS9rpJmmaqRJMQYCSI1
ndWB6gqcsYtRz+KH32B9f6qLH/mqFhjLs3bkpCIyzck=
刪除原檔案
[[email protected] ~]# rm fstab
rm:是否刪除普通檔案 "fstab"?y
測試解密(輸入加密的密碼)
[[email protected] ~]# openssl enc -d -des3 -a -salt -out fstab -in fstab.ciphertext
enter des-ede3-cbc decryption password:
[[email protected] ~]# cat fstab
# # /etc/fstab # Created by anaconda on Wed Oct 24 06:00:20 2018 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=1357b48c-e338-4292-a617-994e50b64e94 /boot xfs defaults 0 0 /dev/mapper/centos-home /home xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0
2,單向加密
計算檔案特徵碼
方法1
[[email protected] ~]# md5sum fstab
8c2acfcfde2a825c2b176315cc9916aa fstab
方法2
[[email protected] ~]# openssl dgst -md5 fstab
MD5(fstab)= 8c2acfcfde2a825c2b176315cc9916aa
3,生成隨機數
方法1
[[email protected] ~]# openssl rand -base64 10
BhI3talqVWOVMg==
方法2
[[email protected] ~]# openssl rand -hex 10
b343e42cc7d625a2de67
4,生成密碼
[[email protected] ~]# openssl passwd -1 -salt suijishu
Password:
$1$suijishu$kTzp8EjARddLA5r/pbxLW/
5,隨機生成密碼
[[email protected] ~]# openssl passwd -1 -salt $(openssl rand -hex 4)
Password:
$1$e32e29ac$tlPp6ZD0FuhXTt.pfh.jg0
[[email protected] ~]# openssl passwd -1 -salt $(openssl rand -hex 4)
$1$297fe332$vd0iYQhqU8EClbKhW.yah.
6,生成金鑰(1024位)及提取公鑰
[[email protected] ~]# openssl genrsa 1024
Generating RSA private key, 1024 bit long modulus
...............++++++
..............................++++++
e is 65537 (0x10001)
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDMVUCBrwsPEmLlbui9vDmyEpYO3BGqDrjtSFzKHPQIKhhlCYu0
4zDTwuwJ5G/Na14SCt6HkRBOJHvlwugQl6q9reK8ITZnTu+IUNFSih/fpYQyrC9z
NkTTjHlwGy+C5yTgSruAzwAmyTMWKl86cGkwKGHJGAr1q+JrCXHL90Ys8wIDAQAB
AoGAZwwbcwtu/VPdci2jzIQPaMG80ZOkiOnR00CqIvfFDhUEpnfQ8BGffzwPQ9Hj
nGooT9sRbLb4zR/TKAVKeYuze/t0t4iQU8Y+/v5yKU0PXzR97rBFVewNMLxejdPK
HZnBUqfI5MzMvns5zlF7G406sO9CTrd+GWFHlP9dJj4MjOECQQD7BLSictRQvQyn
1lJ58DFliPGpeiADcXouOdS+RwmNBcbRUPbgwjTlZX7cJUS17YrNUqIPTNtrSINN
qUK0Kl4DAkEA0GNcucNorpjuq9Bss40lE4k+t1/V0z5zAHRmP6dEvLVImv8yFxCZ
lRsDC3LAGl8oBEaKnvZYKPg6opnrHlt6UQJAPxRGpFAA5K0tQfwMy9G9SAuq1vD2
nIbmsjkcKhjF4Kdj9/PFpmOHUWI5B+9hneosqD4stXWV6hbV0C1Jsua2qwJBAIrq
Md4DzbzWZgRTJKNs69JiI1TKphf0AWXEMoUsVD4X+xaYGCQYBMnI//aZwEXUOTDg
dXgScCKflzbdtEbAZIECQBKuJukydxWHuoawcpLYtS2/Is+p5aOcu5WCrHUVb2Sq
+kcbv0WKS+NbwWk7LgawhE661k9HYfv7o
金鑰儲存至檔案方法
方法1,重定向
[[email protected] ~]# openssl genrsa 1024 > /tmp/key.private
Generating RSA private key, 1024 bit long modulus
............................................++++++
......++++++
e is 65537 (0x10001
方法2,-out
[[email protected] ~]# openssl genrsa -out /tmp/key.private1 1024
Generating RSA private key, 1024 bit long modulus
.................++++++
........++++++
e is 65537 (0x10001)
一步完成許可權及生成金鑰設定
[[email protected] ~]# (umask 077; openssl genrsa -out /tmp/key.private2 2048)
Generating RSA private key, 2048 bit long modulus
...........+++
.........................+++
e is 65537 (0x10001)
[[email protected] ~]# ls /tmp -al | grep key
-rw-r--r--. 1 root root 887 10月 31 22:13 key.private
-rw-r--r--. 1 root root 887 10月 31 22:14 key.private1
-rw-------. 1 root root 1675 10月 31 22:16 key.private2
提出公鑰:
[[email protected] ~]# openssl rsa -in /tmp/key.private2 -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0JvDHV1FiRcDWdUkoJW
cvRz7MkmNT132Wv9c10jNsA6wKi/eXrEjvMk26O7/xIPAADKXeiCid9pg4GLABOW
+L9QNaOcPNMXvXFFoRiJv+6HHtBuD7eGyIu1qTZhAy+oDPtBryQzH9z3M6vlhuTb
58AhLqTksNaGAjkKbKzjW7jSHNHEH+ftOrSrbsQgyE8Q5aAriMdrQhTW/2Ufpp/q
7g1g4WyQrT/dXAuejo6D8+EoGSJkROCRJKbF3fIZWGG1rD7UzfZVtunsRjW+DKDc
uHbo0MUk/eGSQT1OVvHLMYi/rdZJ0v2pcLafvYOx/+hmRBz+ez4XAathaCsT2leI
bQIDAQAB
-----END PUBLIC KEY-----