查看openssl的安装包:
[root@miner_k ~]# rpm -qa | grep openssl
openssl-1.0.1e-48.el6_8.3.x86_64
openssl的配置文件
[root@miner_k ~]# rpm -ql openssl
/etc/pki/CA #工作目录
/etc/pki/CA/certs #客户端证书
/etc/pki/CA/crl #证书吊销列表
/etc/pki/CA/newcerts #新签署的证书
/etc/pki/CA/private #私钥存放位置
/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/certs/Makefile #redhat提供的使用make命令生成CA、签署证书等
1.openssl下的子命令帮助:
[root@miner_k ~]# openssl -h
openssl:Error: '-h' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib
子命令的帮助手册查看:
- 子命令和系统命令不冲突:
[root@miner_k ~]# whatis ca
ca (1ssl) - sample minimal CA application
ca-legacy (8) - Manage the system configuration for legacy CA certificates
[root@miner_k ~]# man ca
- 子命令和系统命令冲突
[root@miner_k ~]# whatis passwd
passwd (1) - update user's authentication tokens
passwd [sslpasswd] (1ssl) - compute password hashes
[root@miner_k ~]# man sslpasswd
2. openssl 测试des的加密的速度
[root@miner_k ~]# openssl speed des
Doing des cbc for 3s on 16 size blocks: 9396926 des cbc's in 2.94s
Doing des cbc for 3s on 64 size blocks: 2420945 des cbc's in 2.96s
Doing des cbc for 3s on 256 size blocks: 607810 des cbc's in 2.96s
Doing des cbc for 3s on 1024 size blocks: 152797 des cbc's in 2.98s
Doing des cbc for 3s on 8192 size blocks: 18994 des cbc's in 2.95s
Doing des ede3 for 3s on 16 size blocks: 3537558 des ede3's in 2.92s
Doing des ede3 for 3s on 64 size blocks: 911650 des ede3's in 2.98s
Doing des ede3 for 3s on 256 size blocks: 227075 des ede3's in 2.96s
Doing des ede3 for 3s on 1024 size blocks: 56604 des ede3's in 2.95s
Doing des ede3 for 3s on 8192 size blocks: 7090 des ede3's in 2.96s
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Sep 27 12:27:19 UTC 2016
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
des cbc 51139.73k 52344.76k 52567.35k 52504.74k 52745.37k
des ede3 19383.88k 19579.06k 19638.92k 19648.30k 19622.05k
3. 对称加密与解密
加密:
[root@miner_k ~]# openssl enc -des3 -salt -a -in passwd -out passwd.dsc3
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
[root@miner_k ~]# ls passwd
passwd passwd.dsc3
解密:
[root@miner_k ~]# openssl enc -d -des3 -salt -a -in passwd.dsc3 -out passwd
参数:
enc 对称加密
-des3 加密算法
-salt 使用的加密的盐
-a base64 process the data
-in 需要加密的文件
-out 输出的文件
4.查看校验码(提取特征码)
[root@miner_k ~]# md5sum passwd
497a36ebc9cb278e74ffa07cc4a98ac1 passwd
[root@miner_k ~]# sha1sum passwd
2ee237104e448eac368e9e86fd69e298955b4a89 passwd
[root@miner_k ~]# openssl dgst -sha1 passwd
SHA1(passwd)= 2ee237104e448eac368e9e86fd69e298955b4a89
[root@miner_k ~]# openssl dgst -md5 passwd
MD5(passwd)= 497a36ebc9cb278e74ffa07cc4a98ac1
5.加密密码
[root@miner_k ~]# openssl passwd -1
Password:
Verifying - Password:
$1$S98LGqIe$jfx3pyQV41eM9Co4zEFle1
通过命令可以看出密码
[root@miner_k ~]# openssl passwd -1 -salt S98LGqIe
Password:
$1$S98LGqIe$jfx3pyQV41eM9Co4zEFle1
参数:
-1 MD5加密
-salt 加密的盐
6.生成随机数
[root@miner_k ~]# openssl rand -base64 16
hAEtkTbvKCZuk8LuESHq2g==
[root@miner_k ~]# openssl rand -base64 12
slWW8NfrEf5tYYcp