Openssl pkcs12命令

標籤：

一、簡介

pkcs12命令能產生和分析pkcs12檔案

 

二、文法

openssl pkcs12 [-export] [-chain] [-inkey filename] [-certfile filename] [-CApath arg] [-CAfile arg] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-noiter] [-maciter] [-nomaciter] [-nomac] [-twopass] [-descert] [-certpbe alg] [-keypbe alg] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand file(s)] [-LMK] [-CSP name][-engine e] [-des] [-des3] [-aes128] [-aes192] [-aes256] [-idea] [-camellia128] [-camellia192] [-camellia256] [-nodes]

選項

-export       output PKCS12 file-chain        add certificate chain-inkey file   private key if not infile-certfile f   add all certs in f-CApath arg   - PEM format directory of CA‘s-CAfile arg   - PEM format file of CA‘s-name "name"  use name as friendly name-caname "nm"  use nm as CA friendly name (can be used more than once).-in  infile   input filename-out outfile  output filename-noout        don‘t output anything, just verify.-nomacver     don‘t verify MAC.-nocerts      don‘t output certificates.-clcerts      only output client certificates.-cacerts      only output CA certificates.-nokeys       don‘t output private keys.-info         give info about PKCS#12 structure.-des          encrypt private keys with DES-des3         encrypt private keys with triple DES (default)-idea         encrypt private keys with idea-seed         encrypt private keys with seed-aes128, -aes192, -aes256              encrypt PEM output with cbc aes-camellia128, -camellia192, -camellia256              encrypt PEM output with cbc camellia-nodes        don‘t encrypt private keys-noiter       don‘t use encryption iteration-nomaciter    don‘t use MAC iteration-maciter      use MAC iteration-nomac        don‘t generate MAC-twopass      separate MAC, encryption passwords-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)-certpbe alg  specify certificate PBE algorithm (default RC2-40)-keypbe alg   specify private key PBE algorithm (default 3DES)-macalg alg   digest algorithm used in MAC (default SHA1)-keyex        set MS key exchange type-keysig       set MS key signature type-password p   set import/export password source-passin p     input file pass phrase source-passout p    output file pass phrase source-engine e     use engine e, possibly a hardware device.-rand file:file:...              load the file (or the files in the directory) into              the random number generator-CSP name     Microsoft CSP name-LMK          Add local machine keyset attribute to private key

 

三、執行個體

1、PKCS與PEM格式互轉

1）PEM轉成PKCS12檔案（包含CA認證、不包含CA認證）

openssl pkcs12 -export -inkey serverprikey.pem -in server.pem -CAfile demoCA/cacert.pem -password pass:"123456" -out server.pfx

openssl pkcs12 -export -inkey serverprikey.pem -in server.pem -password pass:"123456" -out server_nocret.pfx

2）PKCS12轉成PEM檔案

openssl pkcs12 -in server_nocret.pfx -out server_nocret.pem -nodes -password pass:"123456"

2、查看pkcs12資訊

openssl pkcs12 -in server.pfx -password pass:"123456" -info -nocerts –nokeys

 

參考：http://blog.csdn.net/as3luyuan123/article/details/16105475

Openssl pkcs12命令