OpenSSL RSA is the processing tool for RSA keys
The OpenSSL Pkey is a general-purpose asymmetric key processing tool that is basically consistent in usage, so it only illustrates OpenSSL RSA.
They are very simple to use, basically the input and output of the private key or the role of the public key .
OpenSSL RSA [-in filename] [-passin arg] [-passout arg] [-out filename] [-des|-des3|-idea] [-text] [-N Oout] [-pubin] [-pubout] [-check]
OpenSSL pkey [-in filename] [-passin arg] [-passout arg] [-out filename] [-cipher] [-text ] [-noout] [-pubin] [-pubout]
"OpenSSL RSA Option Description:"
-in FileName: SpecifyKey input file. The private key is read by defaultIfspecifying the "-pubin" option will indicate the read public key。 The key will be read from the file and will be read from stdin when not specified. -out FileName: SpecifyKey output file. Default output private keyIfspecifying the "-pubin" or "-pubout" option will output the public key。 The output to stdout is not specified. -pubin: When this option is specified, the public key is explicitly read from the filename of "-in filename", so filename must be a public key file. :When this option is not specified, the private key is read from the filename by default。 The public key file can be distinguished by the public key identifier in the file: "-----BEGIN publicly key-----", and "-----END publicly key-----". -pubout: When this option is specified, the display indicates that theextracts the public key from the filename of "-in filename" and outputs, so the filename file must be a private key file. :When this option is not specified, the default output private key。 When "-pubin" is set, "-pubout" is also set by default. : The private key file can be distinguished by the private key identifier "-----BEGIN private Key-----" and "-----END private Key-----" in the file. -noout: Controldo not output any key information。 -text:convert input and output key file format to plain text format。 -check: Checkthe RSA key has not been modified, only the private key can be detectedBecause the public key originates from the private key. Therefore, the filename file for the option "-in filename" can only be a private key file. -des|-des3|-idea:Encrypt output fileSo that a password is required every time the output file is read. -passin ARG: Pass the password of the decryption key file. Password format See https://www.cnblogs.com/liliyang/p/9738929.html
-passout arg: Specifies the password for the encrypted output file.
"OpenSSL pkey option Description:"-cipher: Equivalent to "-des|-des3|-idea" of OpenSSL RSA, such as "-cipher Des3"
Example:
(1). Create an RSA private key file Genrsa.pri, and then extract the RSA public key into the Rsa.pub file
[email protected] tmp]# OpenSSL genrsa-out genrsa.pri #生成私钥
[email protected] tmp]# OpenSSL rsa-in genrsa.pri-pubout-out rsa.pub #提取公钥
[email protected] tmp]# cat Rsa.pub
-----BEGIN Public KEY-----
miibijanbgkqhkig9w0baqefaaocaq8amiibcgkcaqeatvnn4vfay/z39liyaf1/
Nb8mnbawhptodqd/vgsae012fxjmvydnkgyagxkq+rxaqzc8bx4hqsemahzhctg3
ht7ltjoxxra+mugowayzh0um+kelg8whls2zkfxwpdtgsaybteogusigwlqbsk5r
8mn6zlvrilsa4cqe6vyphxtp+3f5hofjarxkruodvchy8uq8apyzh+3lwfvcgsnc
K03ejordksbf3a7afif/oksp0xnorjcgoli4xtye91gmdgypat9fazdlqr0nv3zp
Rfjtfmhfeaw++qmxpbvllii5cayvtkyqbis5okz4u75kdp4joz0xgjzafk0qvvyx
Mwidaqab
-----END Public KEY-----
(2). Create an encrypted RSA private key file Genrsak.pri, and then export the public key from this file to the file rsak.pub.
[email protected] tmp]# OpenSSL genrsa-out genrsak.pri-des3-passout pass:123456
You are prompted for a password to read the private key file.
[email protected] tmp]# OpenSSL rsa-in genrsak.pri-pubout-out rsak.pubenter pass phrase for Genrsak.pri:
You can use "-passin" to pass the decrypted password.
[email protected] tmp]# OpenSSL rsa-in genrsak.pri-pubout-out rsak.pub-passin pass:123456
(3). Remove the password from the private key file or public key file. Just print directly to the new file. Take the encrypted private key file Genrsak.pri as an example.
[email protected] tmp]# OpenSSL rsa-in genrsak.pri-out genrsank.pri
(4). Check check the consistency of the private key file to see if the private key file has been modified.
[[email protected] tmp]# OpenSSL rsa-in genrsak.pri-checkenter pass phrase for GenrsaK.pri:RSA key okwriting RSA Ke Y-----BEGIN RSA PRIVATE KEY-----miicxaibaakbgqdaxx2zwqctcjxir9xr7ljhslbybeao07q1jyk9it0atbj72jj+3eh5vbajf0r5gf+ lutbpgdhtvlt774oj+5m6zvkx785ypw9grgron9eglgvuu8ia9ny30uliotempi/tfsbvibl+ xbqz2pltr05t59rslkbcqd7hulq28todtwidaqabaogalhwvmnl933g0/b6vwfbntazncruacpwdif955xkgl+ Tgq1dvcvoguhpwwjvndigaochigxgaunasjshfuj+3emjn7sei25ndrasrdgh6xfk7ykg3ed5oh4zlmzexkezh91jbkawwm29/vv0kbbiv6zhh /zoxqkcyleareqou4vecqqdjk6crytak+lr+lbalgscweugmu3h2vwendmtbvwhbhjxe0incxrbgk9axsmstnfmcwh1gr/ b1hzdju7tnimxpakea2mcadnrprd0pexhkeslyx93m/vuxrikr7h8pfke2llmx8/hgvzhxerjj8v8sliigrc/ j0wpoy6hpf67yeeba9wjbanephvwckby6jkdaoub7x1m00khfqn7e/nv5ew/soix40jo2pwfyoe5fy6mj/ dgg6ggxxriisetztw3dyway1cecqfgzwikyjvi91ek3n1r/r/eppkvcwi7tpza4pkebz5joe9+y8+ m0sgqwstkjaaausqbthzrcek12v6w7vxuftykcqdoejwxvgsaxow8h5d0+8dcf0jvw5hwljcbuvdd0aej0r4tgo1twxzo1dwbbifjhhiot6w+ v1g5cxvps4qssdxu=-----END RSA PRIVATE KEY-----
Now casually modify the private key file, and then detect.
[[email protected] tmp]# OpenSSL rsa-in genrsak.pri-checkunable to load Private key139890935146400:error:0906d066:pem ro Utines:PEM_read_bio:bad End line:pem_lib.c:802:
In general, thecommon options for OpenSSL RSA are only "-in filename", "-out filename", "-pubout"
(4) OpenSSL Rsa/pkey