Currently using a Linux system, the OpenSSL software package has been installed as
First, use OpenSSL to generate the private key and public key
1. Execute command OpenSSL version-a Verify that OpenSSL is installed on the machine
Operation Result:
2. Generate private key: This command allows OpenSSL to randomly generate a private key, and the encryption length is 1024 bits. The length of encryption refers to the theoretical maximum allowable "encrypted information" length limit, that is, the length of the plaintext limit. As this parameter increases (say 2048), the allowable plaintext length increases, but it also results in a rapid increase in computational complexity. The usual recommended length is 2048-bit
1 |
openssl genrsa -out rsa_private_key.pem 2048 |
Operation Result:
Production private key file: Rsa_private_key.pem, the contents are standard ASCII characters, the first line and the end of a row have obvious marks, the real private key data is the middle of the irregular characters
3, according to the private key production public key: Rsa_public_key.pem
1 |
openssl rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout |
Operation Result:
Public Key content:
Note: The private key cannot be used directly at this time, PKCS#8 encoding is required:
4, Pkcs#8 code: Indicates the input private key file is Rsa_private_key.pem, the output private key file is Pkcs8_rsa_private_key.pem, do not use any two encryption (-nocrypt)
1 |
openssl pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt |
Now: The available key pair has been generated, the private key uses PKCS8_RSA_PRIVATE_KEY.PEM, the public key uses RSA_PUBLIC_KEY.PEM
Data encryption and decryption using the RSA public key generated by OpenSSL in Java