1. 程式人生 > >Openssl加密解密應用

Openssl加密解密應用

1對稱加密

(1)複製fstab至當前目錄,測試加密過程

[[email protected] ~]# cp /etc/fstab ./

 

加密fstab fstab.ciphertext檔案(設定機密密碼)

[[email protected] ~]# openssl  enc  -e  -des3  -a  -salt  -in fstab   -out fstab.ciphertext

enter des-ede3-cbc encryption password:

Verifying - enter des-ede3-cbc encryption password:

 

檢視加密檔案

[[email protected] ~]# cat fstab.ciphertext

U2FsdGVkX187Ty1Sik0fuKuo3+XUxha/qfCFRuWWvvLE1eSw5yAtB/oqAGxhiUVn

GxtSKEj6Rg5l2gDWfMrdJDCjWHdHIB8/B+NDC/WTIj00kIGwY1h6DxDjFFePpXHm

Ido2oC6I+PvKujOz4u7xzAT0UTYsL9fr+EBTIXyVfMGlVN/QLrWnJPUHmf5kDQQi

bTLV82M7vgh5CBLu2jSYGRA5TlsP+TNuNZiTWrjbnPVp4tgs6h/ABH4wYZ0lFQFy

bUbEczgQourfxelzD5cXVY8kYHrZSSVTnicBA6S3LdcBxjvnVtz4BdCRZZlZG/Z1

TeV46HptpIB8tnroZU8EzYuJECF1OND4aUTHhCxuAu3RJjaKOO20L2Ts4u7T8fuy

jeA2gi9oijNhPgRo1fZwyNkKLR/GUBunJbcNiqhqIbcy5RxfwAREqwwuC2u+95mA

IFFeMujjg+XoSA4rDJJwmkPEBsp2dLZaX54gHqxEKLeUDUUpMOp6pyJxyfRtGfBq

JUSHKYmA1bKX5wWK0t0uaiY2HH6TPg8doueYRgaa5Xj4BAlmGevWnJ0nB3DfdK6y

PE+0A1hRbbvFCVjk4K7oaHEI5kgKFnpIgZcP2TglOHMEbvbwfuGgZF5NE7VfHgn8

LUWmE8kzCpVttNPKRmU52IVokJSMaaxEo4CP6O1VpYySioS9rpJmmaqRJMQYCSI1

ndWB6gqcsYtRz+KH32B9f6qLH/mqFhjLs3bkpCIyzck=

 

刪除原檔案

[[email protected] ~]# rm fstab

rm:是否刪除普通檔案 "fstab"y

 

測試解密(輸入加密的密碼)

[[email protected] ~]# openssl  enc  -d  -des3  -a  -salt  -out fstab   -in fstab.ciphertext

enter des-ede3-cbc decryption password:

 

[[email protected] ~]# cat fstab 

#
# /etc/fstab
# Created by anaconda on Wed Oct 24 06:00:20 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=1357b48c-e338-4292-a617-994e50b64e94 /boot                   xfs     defaults        0 0
/dev/mapper/centos-home /home                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0


 

2,單向加密

計算檔案特徵碼

方法1

[[email protected] ~]# md5sum fstab

8c2acfcfde2a825c2b176315cc9916aa  fstab

 

方法2

[[email protected] ~]# openssl dgst -md5 fstab

MD5(fstab)= 8c2acfcfde2a825c2b176315cc9916aa

 

 

3,生成隨機數

方法1

[[email protected] ~]# openssl rand -base64 10

BhI3talqVWOVMg==

方法2

[[email protected] ~]# openssl rand -hex 10

b343e42cc7d625a2de67

 

 

4,生成密碼

[[email protected] ~]# openssl  passwd  -1  -salt  suijishu

Password:

$1$suijishu$kTzp8EjARddLA5r/pbxLW/

 

5,隨機生成密碼

[[email protected] ~]# openssl  passwd  -1  -salt  $(openssl rand -hex 4)

Password:

$1$e32e29ac$tlPp6ZD0FuhXTt.pfh.jg0

[[email protected] ~]# openssl  passwd  -1  -salt  $(openssl rand -hex 4)

$1$297fe332$vd0iYQhqU8EClbKhW.yah.

 

6,生成金鑰(1024位)及提取公鑰

[[email protected] ~]# openssl  genrsa 1024

Generating RSA private key, 1024 bit long modulus

...............++++++

..............................++++++

e is 65537 (0x10001)

-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQDMVUCBrwsPEmLlbui9vDmyEpYO3BGqDrjtSFzKHPQIKhhlCYu0

4zDTwuwJ5G/Na14SCt6HkRBOJHvlwugQl6q9reK8ITZnTu+IUNFSih/fpYQyrC9z

NkTTjHlwGy+C5yTgSruAzwAmyTMWKl86cGkwKGHJGAr1q+JrCXHL90Ys8wIDAQAB

AoGAZwwbcwtu/VPdci2jzIQPaMG80ZOkiOnR00CqIvfFDhUEpnfQ8BGffzwPQ9Hj

nGooT9sRbLb4zR/TKAVKeYuze/t0t4iQU8Y+/v5yKU0PXzR97rBFVewNMLxejdPK

HZnBUqfI5MzMvns5zlF7G406sO9CTrd+GWFHlP9dJj4MjOECQQD7BLSictRQvQyn

1lJ58DFliPGpeiADcXouOdS+RwmNBcbRUPbgwjTlZX7cJUS17YrNUqIPTNtrSINN

qUK0Kl4DAkEA0GNcucNorpjuq9Bss40lE4k+t1/V0z5zAHRmP6dEvLVImv8yFxCZ

lRsDC3LAGl8oBEaKnvZYKPg6opnrHlt6UQJAPxRGpFAA5K0tQfwMy9G9SAuq1vD2

nIbmsjkcKhjF4Kdj9/PFpmOHUWI5B+9hneosqD4stXWV6hbV0C1Jsua2qwJBAIrq

Md4DzbzWZgRTJKNs69JiI1TKphf0AWXEMoUsVD4X+xaYGCQYBMnI//aZwEXUOTDg

dXgScCKflzbdtEbAZIECQBKuJukydxWHuoawcpLYtS2/Is+p5aOcu5WCrHUVb2Sq

+kcbv0WKS+NbwWk7LgawhE661k9HYfv7o

 

金鑰儲存至檔案方法

方法1,重定向

[[email protected] ~]# openssl  genrsa 1024 > /tmp/key.private

Generating RSA private key, 1024 bit long modulus

............................................++++++

......++++++

e is 65537 (0x10001

 

方法2-out

[[email protected] ~]# openssl  genrsa -out /tmp/key.private1 1024

Generating RSA private key, 1024 bit long modulus

.................++++++

........++++++

e is 65537 (0x10001)

 

一步完成許可權及生成金鑰設定

[[email protected] ~]# (umask 077;  openssl  genrsa  -out /tmp/key.private2 2048)

Generating RSA private key, 2048 bit long modulus

...........+++

.........................+++

e is 65537 (0x10001)

[[email protected] ~]# ls /tmp -al | grep key

-rw-r--r--.  1 root root  887 10 31 22:13 key.private

-rw-r--r--.  1 root root  887 10 31 22:14 key.private1

-rw-------.  1 root root 1675 10 31 22:16 key.private2

 

提出公鑰:

[[email protected] ~]# openssl rsa -in /tmp/key.private2 -pubout

writing RSA key

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0JvDHV1FiRcDWdUkoJW

cvRz7MkmNT132Wv9c10jNsA6wKi/eXrEjvMk26O7/xIPAADKXeiCid9pg4GLABOW

+L9QNaOcPNMXvXFFoRiJv+6HHtBuD7eGyIu1qTZhAy+oDPtBryQzH9z3M6vlhuTb

58AhLqTksNaGAjkKbKzjW7jSHNHEH+ftOrSrbsQgyE8Q5aAriMdrQhTW/2Ufpp/q

7g1g4WyQrT/dXAuejo6D8+EoGSJkROCRJKbF3fIZWGG1rD7UzfZVtunsRjW+DKDc

uHbo0MUk/eGSQT1OVvHLMYi/rdZJ0v2pcLafvYOx/+hmRBz+ez4XAathaCsT2leI

bQIDAQAB

-----END PUBLIC KEY-----