1、生成2048bit长度的私钥(或者长度在2048bit附近)
openssl genrsa -out rsa2048pem/rsa_priv_2048.pem 2048
2、生成相应的公钥
openssl rsa -in rsa2048pem/rsa_priv_2048.pem -pubout -out rsa2048pem/rsa_pub_2048.pem
3、生成sha256策略的hash
openssl dgst -sha256 -binary -out hello.sha256 hello.txt(二进制)
openssl dgst -sha256 -hex -out hello.sha256 hello.txt (十六进制)
4、公钥加密
openssl rsautl -encrypt -pubin -inkey ./rsa_pub_4096.pem -in 111.txt -out enc.txt
5、私钥解密
openssl rsautl -decrypt -inkey ./rsa_priv_4096.pem -in enc.txt -out 111dec.txt
6、hash并用私钥签名
openssl dgst -sha256 -sign …/rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out hello_sig.bin hello.txt
(对应程序的HI_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA256模式)
openssl dgst -sha256 -sign …/rsa2048pem/rsa_priv_2048.pem -keyform PEM -out hello.sig hello.txt
(对应程序的HI_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA256模式)
7、RSA验签
openssl dgst -sha256 -verify …/rsa2048pem/rsa_pub_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature hello_sig.bin hello.txt
openssl dgst -sha256 -verify …/rsa2048pem/rsa_pub_2048.pem -keyform PEM -signature hello.sig hello.txt
(对应程序的HI_UNF_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA256 模式)
openssl rsautl -in hello.sig -inkey …/rsa2048pem/rsa_pub_2048.pem -pubin -verify -hexdump -raw
8、提取公钥的N和E
openssl rsa -inform PEM -in …/rsa2048pem/rsa_pub_2048.pem -pubin -text -out rsa_pub_N_E.txt
9、提取私钥信息
openssl rsa -in …/rsa2048pem/rsa_priv_2048.pem -text -out rsa_priv_N_D.txt
10、查看二进制文件
od -v -An -t x1 hello.sig
网上的参考资料:
从rsa公钥中提取N和E:https://blog.csdn.net/weixin_42135087/article/details/105446886
openssl 摘要和签名验证指令dgst使用详解 :https://www.cnblogs.com/gordon0918/p/5382541.html
Openssl rsa命令:https://www.cnblogs.com/274914765qq/p/4668669.html
openssl rsa相关命令:https://blog.csdn.net/bobbypollo/article/details/79907029
openssl 非对称加密算法RSA命令详解:https://www.cnblogs.com/gordon0918/p/5363466.html
OpenSSL命令—rsautl:https://blog.csdn.net/xiaoxianerqq/article/details/76549374