Installation configuration and usage method of OpenSSL under Linux

1. OpenSSL introduction

Find yourself on the Internet, I said it is not good!

2. Installation
1, download the address: http://www.openssl.org/source/the next latest version of the OpenSSL, version is: openssl-1.0.2-beta1.tar.gz

2, in the download directory, with the command to execute: TAR-XZF openssl-openssl-1.0.2-beta1.tar.gz

3, into the unpacked directory: Openssl-1.0.2-beta1 [...] #cd openssl-1.0.2-beta1

4, [... openssl-1.0.2-beta1]#./config--prefix=/usr/local/openssl

5, [.../openssl-1.0.2-beta1]#./config-t

6, [.../openssl-1.0.2-beta1]# make depend (long time)

7, [.../openssl-1.0.2-beta1]# make (long time, slowly waiting)

8, [.../openssl-1.0.2-beta1]# maketest

9, [.../openssl-1.0.2-beta1]# makeinstall

10, [.../openssl-1.0.2-beta1]# cd/usr/local

11. [/usr/local]# ln-s OpenSSL SSL

12, at the end of the/etc/ld.so.conf file, add the following:/usr/local/openssl/lib

13...]# Ldconfig

14 Add the OPESSL environment variable:

In the last line of etc/'s profile, add:

Export Openssl=/usr/local/openssl/bin

Export path= $OPENSSL: $PATH: $HOME/bin

15 exit the command interface, and then login again.

16, the above OpenSSL is installed, the following for some inspection.

17 is executed in turn as follows:

[Root@localhost/]# cd/usr/local

[Root@localhost local]# Ldd/usr/local/openssl/bin/openssl

A message similar to the following will appear:

Linux-vdso.so.1 => (0x00007fff3bc73000)
Libdl.so.2 =>/lib64/libdl.so.2 (0x00007fc5385d7000)
Libc.so.6 =>/lib64/libc.so.6 (0x00007fc538279000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc5387db000)
18 View Path

...] # which OpenSSL

/usr/local/openssl/bin/openssl

、...] # OpenSSL version

OpenSSL 1.0.2-beta1 Feb 2014

3. Error conditions
The program that you write appears this (fatal error:openssl/sha.h:no such fileor directory) or similar problem, at first thought is the problem of environment variable, reload several times, later on the network to know the problem lies, Are not installed Libssl-dev,libssl-dev contains libraries, header files and manpages, he is part of OpenSSL, and OpenSSL implements SSL. Solution: Use sudo apt-get install Libssl-dev to install Libssl-dev can note: part for online plagiarism!

Here's how to use the method to generate RSA

3.1 Public key pair generation

Command resolution: OpenSSL genrsa[-out filename] [-passout arg] [-des] [-DES3] [-idea] [-f4][-3] [-rand file (s)] [numbits]

OPTIONS

-out filename private key input file name, default to standard output.

-passout arg refer to the Passout parameter in the instruction DSA to explain what encryption algorithm-des|-des3|-idea uses to encrypt our key.   You are generally required to enter a password to protect. If none of the three is set, our key will not be encrypted and entered.

-f4|-3 uses a common component, one is 3, one is F4, and I don't understand what this option means.

-randfile (s) has used seed files when generating keys, and can separate multiple files with a colon for seed.

-numbits indicates the length of the resulting parameter. Must be the last parameter of this directive.   If not indicated, a 512bit long argument is generated. People who have studied the RSA algorithm must know that RSA's private key is actually three digits, two of which are prime numbers. These two are called prime numbers. The key to generating the RSA private key is to produce both. There are other parameters that guide the process of generating the entire private key. Because the process of generating a private key requires a lot of random numbers, the time of the process is not fixed.

Root@ubuntu:/mnt/hgfs/windows_linux/alipayex/study/opensslstudy/study#openssl Genrsa-out RSAPRIVATEKEY.PEM 1024

Root@ubuntu:/mnt/hgfs/windows_linux/alipayex/study/opensslstudy/study#openssl rsa-in Rsaprivatekey.pem-pubout- Out Rsapublickey.pem

3.2 Read key

Pem_read_rsaprivatekey

Pem_read_rsa_pubkey

Specific parameters to see the document GO!

3.3 Plus decryption

Public key encryption, private key decryption

Rsa_public_encrypt

Rsa_private_decrypt

Specific parameters to see the document GO!

3.4 Signature

Private key signature, public key verification

Shawithrsa

1.SHA1M (encapsulated by oneself)

2. Rsa_sign (/*sha1withrsa The first parameter is NID_SHA1, the second third parameter is the SHA1 summary and length of the plaintext sa_verify