OpenSSL和Python实现RSA Key数字签名和验证,基于非对称算法的RSA Key主要有两个用途,数字签名和验证(私钥签名,公钥验证),以及非对称加解密(公钥加密,私钥解密)。本文提供一个基于OpenSSL命令行和Python的数字签名和验证过程的例子,另外会另起一篇使用OpenSSL和Python进行非对称加解密的例子。
1. OpenSSL实现数字签名和验证
1.1 生成私钥
生成2048 bit的PEM格式的RSA Key:Key.pem
# 生成私钥文件Key.pem
$ openssl genrsa -out Key.pem -f4 2048
Generating RSA private key, 2048 bit long modulus
.+++
...................................................................+++
e is 65537 (0x10001)
# 查看私钥文件内容
$ cat Key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAoZZKNO89UcDkEgdulOtAK0d9dQ0xfnpt4QNUg16ISeNuAFYv
OeXn/ToGounX67+bkYpH92dXCnNpOsERLogenWQT533tsRU9KByeCz+PRgjc5cBn
wAA6z+F7JFUkY3GAaZDe7dmSIES/FH+9YKjRSe7+h2sF7va3tGPn8cLpDUoLLk2e
ugWvmuWgEpCE6Wyed7UV3Vzdf2R+9oya9jkAoHI14hrz3xDssg0wlHqbptwsmwAQ
1ZBDSB1MpqaLCaUvV8NvtSBLDsZlzwkOj7bPiFZJRFIqRRg0UNWkUBR+BJhWZ7Zc
Dud2kJcH0mX8/rfthfFa5Oy38Iz8UQOW0uZRlQIDAQABAoIBABTN+uPx4Z1DDppb
pps55tsrqzWE61hzfu43tYvsgfOxeppEfnQf68yoye3z2b8avnbwrO9nuMc5sNTF
wuaQ1BBDsGRfzFi+eU9Oz/J2zoWf4oEaUsFfxjK5v1cgNz0ugfAVnP5Wwv+wmkGT
aNinI7s3MEJTP0JTNbfeHSD9jXAOYhXH1M6/gq+TxLlsFISbQgmIbnDkDU/biXC+
b4r4/3xBieaeYOSV5s7pziXcxPmZCrWdcggtcxxJeDFtvQbSU4PXM7n7NgcsGQiX
kwlHF3TiSQpQRuthV1ioW4FFFtwKw38mwzYcexem5Pyv353xSfb4vGg2+mcUEaf9
oNYYasECgYEA0tpP8th2L1zVT4eyumE5KE95iH4Nr6RWkQpfWQ84MDmiK7cNFeBL
0l4kwUo4oQeNEfDHYlxZ/guaflDLOKJ7DampMEuc+Dl8hmwXhdhqeQzxNRnaoDV1
iIyyHUs9c/9ormjTsycas2VfH1sPm3SrwH2rQe4ttkVBS8mcouNlg3kCgYEAxC+G
qgsN+IifgVoeHIw2ak0MxTdt0LfGWcygx4hzXCpYrnqns080Z4vGDxClhqfdM9OJ
0Y6GkaNIHay/4bUIsBYFoV78vV80oQykHs6nwdJqLZJeQohBUlO2LlGzatPtWWuc
v3N9W/OjSd3q6UgApmFT4+cMmEUZjB7QsHhau/0CgYBRotDdd02a3NiB6Eocu1PD
9bFaVWO7I2eY1GlCNBBPK6FMR507YRI6KtUUOUZfomrODWlE/fih0aBJU8K69L2r
9opY9o2Z1bgO237oBXiD0az6ID5zVP9ilQbJLL5oUPUYweFlNbiyyIbhvwH18GAn
MQDDkBIGxh2X2EFbF6vQEQKBgHW5Bxe2dnWylfQqvXLn+CclgQo+zpi2DkIIdloF
WSPvDTP1yffhCVMxHnIfzRPWWvgkccjbu4hc8INOC/5GgaYYMNy6gPKp1IznZvxN
iYDW4HvkHsfRt1DNhr6YrA7oiL5lwrNne8vXkR5cGgBOAoXUVWCmXnpozIG2ZAfg
0KGJAoGANO46bePCNaVlP37hW3vjraW4gzKPS0xscG7pLnLrv+T628PnFS7j7D7a
6v6BBBSgBTFnuEOk2F4bfIRvE04m2S9vzg6Mt2aJHn6RQjQVZPZF+qFvrXxjzqRU
4R+06Hk2Zm2D3x/XJTu2QmzT1kqp6AtsnfOCz3M0a1oyd5eCVdk=
-----END RSA PRIVATE KEY-----
1.2 导出公钥
从私钥导出公钥:Key_pub.pem
# 从私钥导出公钥,很简单,使用参数-pubout就可以
$ openssl rsa -in Key.pem -pubout -out Key_pub.pem
writing RSA key
# 查看公钥文件内容
$ cat Key_pub.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZZKNO89UcDkEgdulOtA
K0d9dQ0xfnpt4QNUg16ISeNuAFYvOeXn/ToGounX67+bkYpH92dXCnNpOsERLoge
nWQT533tsRU9KByeCz+PRgjc5cBnwAA6z+F7JFUkY3GAaZDe7dmSIES/FH+9YKjR