Base64编解码
openssl命令
基本命令格式:
- BASE64编码:
– openssl base64 [-e] -in hello.txt ——这里的-e是缺省值,所以可以省略。
– openssl base64 -in hello.txt > hello.txt.base64
– openssl base64 -e -in hello.txt -out hello.base64.en - BASE64解码:
– openssl base64 -d -in hello.txt.base64
– openssl base64 -d -in hello.txt.base64 > hello.txt.base64.de
– openssl base64 -d -in hello.base64.en -out hello.base64.de
示例一:
$ echo -n Hello, world! > hello.txt
$ cat hello.txt
Hello, world!$
$
$ openssl base64 -in hello.txt
SGVsbG8sIHdvcmxkIQ==
$ openssl base64 -in hello.txt > hello.txt.base64
$ cat hello.txt.base64
SGVsbG8sIHdvcmxkIQ==
$ openssl base64 -d -in hello.txt.base64
Hello, world! $ openssl base64 -d -in hello.txt.base64 > hello.txt.base64.de
$ cat hello.txt.base64.de
$ diff hello.txt hello.txt.base64.de
$
示例二:
$ cat hello.txt
Hello, world!
$ openssl base64 -e -in hello.txt -out hello.base64.en
$ cat hello.base64.en
SGVsbG8sIHdvcmxkIQo=
$ openssl base64 -d -in hello.base64.en -out hello.base64.de
$ diff hello.txt hello.base64.de
$ cat hello.base64.de
Hello, world!
$
在线工具
BASE64在线编解码工具:http://www1.tc711.com/tool/BASE64.htm
Python
>>> import base64
>>> s = "hello, world!"
>>> enc = base64.b64encode(s)
>>> enc
'aGVsbG8sIHdvcmxkIQ=='
>>> t = base64.b64decode(enc)
>>> t
'hello, world!'
>>>
Others
在有些OS下面,base64解码需要对入参文件的格式进行调整:每行64个字符,然后加上一个换行符。——文件最后可以有一空行。
openssl base64 -d -in a.dat -out b.dat
AES
加密&解密的命令
openssl enc -aes-256-cbc -salt -in hello.txt -out hello.txt.aes
openssl enc -aes-256-cbc -d -salt -in hello.txt.aes -out hello.txt.out
这两条命令可以简化为:
openssl aes-256-cbc -salt -in hello.txt -out hello.txt.aes
openssl aes-256-cbc -d -salt -in hello.txt.aes -out hello.txt.out
Example1
$ echo hello > hello.txt
$ openssl enc -aes-128-cbc -in hello.txt -out hello.en -K 1234 -iv abcd
$ ls -l
total 16
-rw-r--r-- 1 user group 16 7 4 16:34 hello.en
-rw-r--r-- 1 user group 6 7 4 16:34 hello.txt
$ hexdump -C hello.en
00000000 06 b5 a2 18 b2 af d9 77 2b d2 12 03 49 0a ea 58 |.......w+...I..X|
00000010
$ openssl enc -aes-128-cbc -d -in hello.en -out hello.de -K 1234 -iv abcd
$ ls -l
total 24
-rw-r--r-- 1 user group 6 7 4 16:35 hello.de
-rw-r--r-- 1 user group 16 7 4 16:34 hello.en
-rw-r--r-- 1 user group 6 7 4 16:34 hello.txt
$ cat hello.de
hello
$
Example2
$ openssl enc -aes-256-cbc -salt -in hello.txt -out hello.txt.aes
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
$ hexdump -C hello.txt.aes
00000000 53 61 6c 74 65 64 5f 5f f4 1a 90 27 28 32 72 6d |Salted__...'(2rm|
00000010 e3 71 9e 99 79 22 15 07 a9 8f f6 a4 00 06 1b 96 |.q..y"..........|
00000020
$ openssl enc -aes-256-cbc -d -salt -in hello.txt.aes -out hello.txt.out
enter aes-256-cbc decryption password:
$ hexdump -C hello.txt.out
00000000 48 65 6c 6c 6f 2c 20 77 6f 72 6c 64 21 0a |Hello, world!.|
0000000e
$ diff hello.txt hello.txt.out
$
MD5
Openssl Command
计算一个文件的md5摘要,以下两个命令都可以。对于第二个命令,dgst的缺省算法是md5.
openssl md5 filename
openssl dgst filename
示例:
$ echo Hello, world! > hello.txt
$ openssl dgst hello.txt
MD5(hello.txt)= 746308829575e17c3331bbcb00c0898b
$ openssl md5 hello.txt
MD5(hello.txt)= 746308829575e17c3331bbcb00c0898b
$
Python
$ python
...
>>> import hashlib
>>> s = "hello"
>>> f = open("hello.txt", "wb")
>>> f.write(s)
>>> f.close()
>>> hashlib.md5(s)
<md5 HASH object @ 0x103ee99f0>
>>> hashlib.md5(s).hexdigest()
'5d41402abc4b2a76b9719d911017c592'
>>> exit()
$ openssl dgst hello.txt
MD5(hello.txt)= 5d41402abc4b2a76b9719d911017c592
$
RSA
Ref
Openssl Commands
生成一个秘钥
openssl genrsa -out test.key 2048
提取公钥
openssl rsa -in test.key -pubout -out test_pub.key
用公钥加密文件
openssl rsautl -encrypt -in hello.txt -inkey test_pub.key -pubin -out hello.en
解密文件
openssl rsautl -decrypt -in hello.en -inkey test.key -out hello.de
Example
$ openssl genrsa -out test.key 2048
Generating RSA private key, 2048 bit long modulus
..................+++
............+++
e is 65537 (0x10001)
$ openssl rsa -in test.key -pubout -out test_pub.key
writing RSA key
$ cat test_pub.key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY5sDVaWmSGDPDnit/bv
wqTo54wtWjnDYbc9Yc9ykYKiyoCFP9BSKpULPgU7jXom5LtIDY1KJkvNCJjkCHkn
7GuhPKrGoJOgUsAWs+AXki7ZcqIR9C1sN4SuVdZfLXYXZwsqKK+lQPQnjmp+m3/P
6v5fzQxj2nN8EdwVqU4WaMTr3hVNJD9ncYQ/QG4ikqGzWBmnbjMJewEPwJX+rajB
jAjRRGFE9uqhBNl7wlsfVw1upwapwo80Rc3XBewP6u5dq3j1deEAuVzebWzpbmke
P1N5kGOdnz8m2BiPYaQC3FQVWq4d27jFvssv/d8Rx/OIJLv9yfX/a62ITyD6RK/G
nQIDAQAB
-----END PUBLIC KEY-----
$ echo Hello, world! > hello.txt
$ openssl rsautl -encrypt -in hello.txt -inkey test_pub.key -pubin -out hello.en
$ hexdump -C hello.en
00000000 59 f2 ca 18 53 2d 9b 95 55 93 d9 90 48 b5 81 97 |Y...S-..U...H...|
00000010 fd 3f 28 1d f6 fe 3e 06 96 cc e7 b5 b8 a7 d7 96 |.?(...>.........|
00000020 9e 61 7b 84 67 6b 3c 48 dc 0c 06 da ae 3f 20 61 |.a{.gk<H.....? a|
00000030 42 bd 5e 4c aa 66 8c 92 09 00 b7 76 f5 75 4a 0d |B.^L.f.....v.uJ.|
00000040 7d af e1 38 21 57 a9 a0 09 58 00 75 11 9c 36 48 |}..8!W...X.u..6H|
00000050 54 9b 67 34 73 52 62 23 14 0c 05 b4 f0 c9 1a 54 |T.g4sRb#.......T|
00000060 32 1b 93 3c 38 f9 1c 24 72 9a 82 38 b7 61 d1 ed |2..<8..$r..8.a..|
00000070 ac c9 ee 1e 55 34 7a d3 fc 65 87 5e 7a 72 58 74 |....U4z..e.^zrXt|
00000080 c6 d3 cb df bc 44 f2 a1 4e 92 88 15 1f 6e ae b3 |.....D..N....n..|
00000090 5e e9 f1 19 27 42 f1 b9 0a 03 6a 49 d2 50 59 88 |^...'B....jI.PY.|
000000a0 d3 10 9c 43 6c 42 a3 68 1c 83 3e 7e 7b 10 b5 c6 |...ClB.h..>~{...|
000000b0 20 41 64 ff 23 ae 96 8b a1 02 8f 7e 18 68 bc b7 | Ad.#......~.h..|
000000c0 a4 f2 bc 52 a9 ee 22 51 a9 12 18 96 4b f7 a6 5d |...R.."Q....K..]|
000000d0 03 08 39 87 ce 3f c6 47 09 49 19 ef 89 f9 01 1f |..9..?.G.I......|
000000e0 d0 b5 8e 35 60 18 46 63 56 3c 6d 0d 5e e6 45 cc |...5`.FcV<m.^.E.|
000000f0 87 33 bd c2 c9 fb 7d 28 74 a2 16 ae d8 77 9d 00 |.3....}(t....w..|
00000100
$ openssl rsautl -decrypt -in hello.en -inkey test.key -out hello.de
$ hexdump -C hello.de
00000000 48 65 6c 6c 6f 2c 20 77 6f 72 6c 64 21 0a |Hello, world!.|
0000000e
$ diff hello.de hello.txt
$
X509
从证书中提取公钥(pubkey)
openssl x509 -in cert.pem -pubkey -noout > public_key.pem
SHA Signature
验证接收到的文件/数据是否正确:
openssl dgst -sha256 -verify public_key.pem -signature sig.dat test.dat
3个参数:
- public_key.pem: 公钥(接收方用公钥对文件签名进行验证)
- sig.dat: 接收方收到的签名
- test.dat: 接收到的文件