一、使用openssl rsautl 进行加密、解密、签名、验证
javascript
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl --help
Usage: rsautl [options]
-in file input file
-out file output file
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is an RSA public
-certin input is a certificate carrying an RSA public key
-ssl use SSL v2 padding
-raw use no padding
-pkcs use PKCS#1 v1.5 padding (default)
-oaep use PKCS#1 OAEP
-sign sign with private key
-verify verify with public key
-encrypt encrypt with public key
-decrypt decrypt with private key
-hexdump hex dump output
-engine e use engine e, possibly a hardware device.
-passin arg pass phrase source
[kyzjj@yyzc-zjjcs04 openssl]$二、使用私钥签名openssl rsautl -sign
javascript
[kyzjj@yyzc-zjjcs04 openssl]$ cat test
hello world
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -sign -inkey private.key -in test -out sign-test
[kyzjj@yyzc-zjjcs04 openssl]$三 、使用公钥验证openssl rsautl -verify
javascript
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -sign -inkey private.key -in test -out sign-test
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -verify -inkey public.key -pubin -in sign-test
hello world
[kyzjj@yyzc-zjjcs04 openssl]$上述方式可以确认身份,如果我用这个公钥能解密,那一定是你发送的,因为私钥只有你有
四、使用公钥加密
kyzjj@yyzc-zjjcs04 openssl$ openssl rsautl -encrypt -inkey public.key -pubin -in test -out en-test
kyzjj@yyzc-zjjcs04 openssl$
五、使用私钥解密
kyzjj@yyzc-zjjcs04 openssl$ openssl rsautl -decrypt -inkey private.key -in en-test
hello world
kyzjj@yyzc-zjjcs04 openssl$