Introduction of the command
The openssl command is a powerful socket layer password library. OpenSSL is an open source command-line tool that is commonly used to generate private keys, create CSRS, install SSL/TLS certificates, and identify certificate information.
OpenSSL operating mode
- Interactive mode
- Batch mode
Enter OpenSSL and press Enter to enter the interactive mode. Enter openSSL with command options to enter the batch mode.
[root@centos7 ~]# Openssl Openssl > version Openssl 1.0.2k-fips 26 Jan 2017Copy the codeThe OpenSSL package can be divided into three main functional parts: cryptography library, SSL protocol library, and applications.
Main usage of the openssl command
- Create and manage private keys, public keys, and parameters
- Public key encryption operation
- Create X.509 certificates, CSR and CRL
- Calculation of message digest
- Use passwords for encryption and decryption
- SSL/TLS client and server tests
- Process S/MIME signed or encrypted messages
- Timestamp request, generation and validation
Syntax format
openssl command [ command_opts ] [ command_args ]
openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands | list-cipher-algorithms | list-message-digest-algorithms | list-public-key-algorithms]
openssl no-XXX [ arbitrary options ]
Copy the codeOption to show
Readers can refer to the help document www.digicert.com/kb/s…
Application, for example,
Version information
[root@centos7 ~]# openssl version openSSL 1.0.2K -fips 26 Jan 2017 [root@centos7 ~]# Openssl version -a Openssl 1.0.2K-FIPS 26 Jan 2017 Built on: Reproducible Build, Date Unspecified Platform: Linux-X86_64 Options: Bn (64,64) md2(int) rc4(16x,int) des(idx, CISC,16,int) idea(int) blowfish(idx) compiler: GCC -i.. -I.. /include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: Rdrand Dynamic # Version number and release date (OpenSSL 1.0.2K, January 26, 2017) # Options to build with libraries # Directory to store certificates and private keys (OPENSSLDIR)Copy the codePassword generation function
[root@centos7 ~]# openssl rand -base64 15
DYmkj+RY9QUcb4m5aoNV
[root@centos7 ~]# openssl rand -base64 10
RpyTN5W7BLznjA==
[root@centos7 ~]# openssl rand -base64 5
AeQaaBE=
Copy the codeMessage digest algorithm application
[root@centos7 ~]# openssl DGST -sha1 openssl1.txt openssl1.txt No such file or directory [root@centos7 ~]# touch openssl1.txt [root@centos7 ~]# openssl dgst -sha1 openssl1.txt SHA1 (openssl1. TXT) = # da39a3ee5e6b4b0d3255bfef95601890afd80709 calculation file using the SHA1 algorithm openssl1. TXT, values, TXT [root@centos7 ~]# openssl sha1-out sha1. TXT [root@centos7 ~]# cat sha1.txt SHA1(openssl1.txt)= da39a3ee5e6b4b0d3255bfef95601890afd80709Copy the codeSymmetric encryption application
Use base64 encoding for openssl1.txt TXT [root@centos7 ~]# cat openssl1. TXT openssl [root@centos7 ~]# openssl base64 -in openssl1. TXT -out jiami.txt [root@centos7 ~]# cat jiami.txt b3BlbnNzbAo=Copy the codeDSA application
Generate 1024-bit DSA parameter set, Jm. pem [root@centos7 ~]# openssl dsaparam -out jm.pem 1024 Generating DSA parameters, 1024 bit long prime This could take some time ........ +... +... +... +... + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + *. +... +... +... +... +.. +... +... +... +... +... +... +... +... +... +... +... +. +... +... +... +... +... +. +... +... +... +... +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* [root@centos7 ~]# cat jm.pem -----BEGIN DSA PARAMETERS----- MIIBHgKBgQCR+2rHHnotQERnaw1i3PaeeGyhZHP7Mjih9RAnNRv3oe+HO2AgiLgr vWLbT/oRNZhdnvuW8u8b1dmm9xPwwAfkNt0cPyH+28HNJ6ImoO9qQCBVlgPnwmah WPtA9TXIw7kJVOCUImKKXkbQvKOvlXsTgFHhhQ9GAt9gbHxmWVhqjwIVANzDXsuC hXZDNAR6O0Dke4p/4H1XAoGAHzT3cByKaD0IN0zCXA0yXMNlyDtE8w7dlv37LcaR 7u0ZV1r4zof/g7Pf+GCHbkVUVPzTrrlkn1Wfqtl2QsmT73jMBwPl+z3Oj7DyFb8J Nm66epCO1uLaXoIubTZa4QFCuuTarWouizo4qDYQg/vYRDBQK8N5nIh8Wfnte9gq zTY= -----END DSA PARAMETERS-----Copy the codeRSA application
Generate 1024 bit RSA private key, encrypt it with 3DES, password is mingongge, Pem [root@centos7 ~]# openssl genrsa -out rsa.pem -passout pass:mingongge -des3 1024 Generating RSA private key, 1024 bit long modulus .................... + + + + + +... ++++++ e is 65537 (0x10001) [root@centos7 ~]# cat rsa.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,34B51F9BE30A3448 uvI8+9g2NGBS+t6VoxUW9JvjiSSnXAHVgJXFsiPtQRIQq3tUEv48QVXOXrLMSTei DOmScLCrU0X+il+Kl2HtTEqmqzxmP+HlbiahSMthTbXUEcqSnKt/80UxzsKFWsag lYj5yl+skQoMYLHt0JSc2MlWA6tAHPdEb4/BoEN0zerhgVcXDlLeFXm7ni1tUmVj mbHmM1TV03kxxzd8KQhFsQkwT/aDtm143rxVrD3NpSS4eXbzm8D4B2A3L0DMaUzk cAql+iggvH4vS3BCKOX6h5Zr9Vyo4CGjvYSyvkASbc+fVKgvmPM9KP0+hedUH2Hc 55K1ND5S0TWa2qFWk511tKbpBT9RM5P7ipcnr3tyya/RSpVZT7EpEUm+EokOrvHg SY6AgPSojYdDL3/WrQvJAkMQmuckpEW1lNYGSgFsQmRN8gFb8LXhr+uUf8psT3D9 +Cvo5ynkocW1P1sHpJHuA7WtW7SaRbBGwEoPKjzAfKaV41oz9Sknn1PE5LXpvtIA zn/vVbKVQvD3ho2I2RuX5vtI7Jvy/TeKDOO9fAuNKqlR7/MmqE7OiKZovuh2xHRk 3d3qif8uH6dCe7l6rElqgONNkYYJ/dBgJ+ZV15ahJFNK10JoBqFgF9dj+vFumWGt 7FuN2kk7Qe1YSn13ZZ7M10EWDPxaMXSnjynazC8MLnokRwf1SwqsZW250J9/dbvt BEE00IQWC+RmaRgJV+H+3gvCHyMZBRGaxUKiOftrM9Ir3w28wk2jwgSm6v6p/WUg 4JUMPAqjft82lv+MwfKn4OHnuIyfgrZGB6+oR52BToQ= -----END RSA PRIVATE KEY-----Copy the codeLearn one Linux command every day (103) : dstat
Learn one Linux command every day (104) : zcat
Learn a Linux command every day (105) : tee