(4) openssl rsa/pkey(查看私钥、从私钥中提取公钥、查看公钥)-白红宇

(4) openssl rsa/pkey(查看私钥、从私钥中提取公钥、查看公钥)

阅读量：5354 次

发布时间：2019-06-15

本文共 16178 字，大约阅读时间需要 53 分钟。

openssl rsa 是RSA对称密钥的处理工具

openssl pkey 是通用非对称密钥处理工具，它们用法基本一致，所以只举例说明openssl rsa。

它们的用法很简单，基本上就是输入和输出私钥或公钥的作用，或从私钥中提取出公钥，将文件中私钥或公钥的某部分内容输出到stdout

openssl rsa [-in filename] [-passin arg] [-passout arg] [-out filename] [-des|-des3|-idea] [-text] [-noout] [-pubin] [-pubout] [-check]

openssl pkey [-in filename] [-passin arg] [-passout arg] [-out filename] [-cipher] [-text] [-noout] [-pubin] [-pubout]

【openssl rsa选项说明：】

-in filename ：指定密钥输入文件。默认读取的是私钥，若指定"-pubin"选项将表示读取公钥。将从该文件读取密钥，不指定时将从stdin读取。 -pubin       ：读取公钥内容，即从"-in filename"的filename中读取公钥，所以filename必须为公钥文件。

：不指定该选项时，默认是从filename中读取私钥。公钥文件可以通过文件中的公钥标识符             ："-----BEGIN PUBLIC KEY-----"和"-----END PUBLIC KEY-----"来辨别。

-out filename：默认情况下，使用openssl rsa将文件中公钥或私钥读取出来显示到stdout，使用该选项将读取的内容输出到指定的文件中。              ：读取的是私钥输出的是私钥或公钥（若使用-putout选项从私钥中提取公钥），读取的是公钥输出的一定是公钥                若不指定该选项，默认输出到stdout -pubout      ：从私钥中提取公钥，即从"-in filename"指定的私钥中提取公钥并输出，此时-in filename中的filename必须是私钥文件。             ：当设置了"-pubin"时，默认也设置了"-pubout"。             ：私钥文件可以通过文件中的私钥标识符"-----BEGIN PRIVATE KEY-----"和"-----END PRIVATE KEY-----"来辨别。 -noout       ：控制不输出任何密钥信息。-text        ：转换输入和输出的密钥文件格式为纯文本格式。-check       ：检查RSA密钥是否完整未被修改过，只能检测私钥，因为公钥来源于私钥。因此选项"-in filename"的filename文件只能是私钥文件。 -des|-des3|-idea：加密输出文件，使得每次读取输出文件时都需要提供密码。-passin arg  ：传递解密密钥文件的密码。密码格式见https://www.cnblogs.com/liliyang/p/9738929.html -passout arg ：指定加密输出文件的密码。 【openssl pkey选项说明：】-cipher：等价于openssl rsa的"-des|-des3|-idea"，例如"-cipher des3"

示例：

(1).创建一个rsa私钥文件genrsa.pri，然后从中提取rsa公钥到rsa.pub文件中

[root@docker121 ssl]# openssl  genrsa -out private.pem 1024              #生成不加密的私钥Generating RSA private key, 1024 bit long modulus.........++++++....++++++e is 65537 (0x10001)[root@docker121 ssl]# lltotal 4-rw-r--r-- 1 root root 887 Oct  3 22:41 private.pem[root@docker121 ssl]# cat private.pem 　　　　　　　　　　　　　　　　　　　　　　#查看私钥内容-----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCqCN1/oUaWvjjMLeq7CqPMLoTOhGHRqgwYWUhUFTozP4q94Ut7uDfLVS0IO0qwdy4mpY6LS4+lLIQtVDUrbmKuF8+05vP5MG/qUqv8g574pi7n9yu+YeDGEAkLnDLRpGFUiwb1PlYsfFnJv460emT6bcZOVhF8j/TTdOeEUTHpFQIDAQABAoGAdd1hVRiBavr/OiHWJcOxWVchvloryH+clMBHD+oLBv1T+l2SyncfTfaEGcGn+30R4749ejdtomyiTx2hIbMJ+UwcC08++oIThQJCGGDLb+PgpVQqwya1ORLPRn2z1vIuHqrxdvW8mxfxJZxZFeCWflVZFEYVYqH5Kh25CpCoJX0CQQDfoSyV0fblHDeJodYUSQ6bnSzsHb69tN67D1fMZTCjKIl+pzEb0LBSMIXbAaiX4hEgcbNH6GaM7NSbtu59hSaHAkEAwqWsqYB9U5f06NxgspBue5uRh6uVkWG58jSzbbz6nuebsKZUi8+zfNg6d84jEGhgMwjTerT962MgfbDRR5G+gwJARfttNXFgfzBGXQbNNMnsDVyxey6Py1Q3w3g4tJkSEG0WIhF2N8sl8oKG0ROCzA0N6QZL4Xvj48QVgKlNlvA9LwJAE3f0tCN45ZKOWXgpZ9LQaiaeQL6lwBvROGuTAsfjHV+3D80jKbTFlBggiPkiQrLd5FzeoihWOWP5zPiRhiIKtwJBAJVpH4I0Iaxs+LgGtEbdeeSwCjIgzyFIOxv+NGCy9dmp4IojdEMuzAmZ3FTS3zpbxA2zS4iVqD+F2U/0zxZV2nw=-----END RSA PRIVATE KEY-----[root@docker121 ssl]# openssl  rsa -in private.pem  　　　　　　　　　　　　#读取私钥的内容writing RSA key-----BEGIN RSA PRIVATE KEY-----MIICXAIBAAKBgQCqCN1/oUaWvjjMLeq7CqPMLoTOhGHRqgwYWUhUFTozP4q94Ut7uDfLVS0IO0qwdy4mpY6LS4+lLIQtVDUrbmKuF8+05vP5MG/qUqv8g574pi7n9yu+YeDGEAkLnDLRpGFUiwb1PlYsfFnJv460emT6bcZOVhF8j/TTdOeEUTHpFQIDAQABAoGAdd1hVRiBavr/OiHWJcOxWVchvloryH+clMBHD+oLBv1T+l2SyncfTfaEGcGn+30R4749ejdtomyiTx2hIbMJ+UwcC08++oIThQJCGGDLb+PgpVQqwya1ORLPRn2z1vIuHqrxdvW8mxfxJZxZFeCWflVZFEYVYqH5Kh25CpCoJX0CQQDfoSyV0fblHDeJodYUSQ6bnSzsHb69tN67D1fMZTCjKIl+pzEb0LBSMIXbAaiX4hEgcbNH6GaM7NSbtu59hSaHAkEAwqWsqYB9U5f06NxgspBue5uRh6uVkWG58jSzbbz6nuebsKZUi8+zfNg6d84jEGhgMwjTerT962MgfbDRR5G+gwJARfttNXFgfzBGXQbNNMnsDVyxey6Py1Q3w3g4tJkSEG0WIhF2N8sl8oKG0ROCzA0N6QZL4Xvj48QVgKlNlvA9LwJAE3f0tCN45ZKOWXgpZ9LQaiaeQL6lwBvROGuTAsfjHV+3D80jKbTFlBggiPkiQrLd5FzeoihWOWP5zPiRhiIKtwJBAJVpH4I0Iaxs+LgGtEbdeeSwCjIgzyFIOxv+NGCy9dmp4IojdEMuzAmZ3FTS3zpbxA2zS4iVqD+F2U/0zxZV2nw=-----END RSA PRIVATE KEY-----

[root@docker121 ssl]# openssl rsa -in private.pem -text 　　　　　　　　　　　#以纯文本格式输出私钥内容

Private-Key: (1024 bit)

modulus:

00:aa:08:dd:7f:a1:46:96:be:38:cc:2d:ea:bb:0a:

a3:cc:2e:84:ce:84:61:d1:aa:0c:18:59:48:54:15:

3a:33:3f:8a:bd:e1:4b:7b:b8:37:cb:55:2d:08:3b:

4a:b0:77:2e:26:a5:8e:8b:4b:8f:a5:2c:84:2d:54:

35:2b:6e:62:ae:17:cf:b4:e6:f3:f9:30:6f:ea:52:

ab:fc:83:9e:f8:a6:2e:e7:f7:2b:be:61:e0:c6:10:

09:0b:9c:32:d1:a4:61:54:8b:06:f5:3e:56:2c:7c:

59:c9:bf:8e:b4:7a:64:fa:6d:c6:4e:56:11:7c:8f:

f4:d3:74:e7:84:51:31:e9:15

publicExponent: 65537 (0x10001)

privateExponent:

75:dd:61:55:18:81:6a:fa:ff:3a:21:d6:25:c3:b1:

59:57:21:be:5a:2b:c8:7f:9c:94:c0:47:0f:ea:0b:

06:fd:53:fa:5d:92:ca:77:1f:4d:f6:84:19:c1:a7:

fb:7d:11:e3:be:3d:7a:37:6d:a2:6c:a2:4f:1d:a1:

21:b3:09:f9:4c:1c:0b:4f:3e:fa:82:13:85:02:42:

18:60:cb:6f:e3:e0:a5:54:2a:c3:26:b5:39:12:cf:

46:7d:b3:d6:f2:2e:1e:aa:f1:76:f5:bc:9b:17:f1:

25:9c:59:15:e0:96:7e:55:59:14:46:15:62:a1:f9:

2a:1d:b9:0a:90:a8:25:7d

prime1:

00:df:a1:2c:95:d1:f6:e5:1c:37:89:a1:d6:14:49:

0e:9b:9d:2c:ec:1d:be:bd:b4:de:bb:0f:57:cc:65:

30:a3:28:89:7e:a7:31:1b:d0:b0:52:30:85:db:01:

a8:97:e2:11:20:71:b3:47:e8:66:8c:ec:d4:9b:b6:

ee:7d:85:26:87

prime2:

00:c2:a5:ac:a9:80:7d:53:97:f4:e8:dc:60:b2:90:

6e:7b:9b:91:87:ab:95:91:61:b9:f2:34:b3:6d:bc:

fa:9e:e7:9b:b0:a6:54:8b:cf:b3:7c:d8:3a:77:ce:

23:10:68:60:33:08:d3:7a:b4:fd:eb:63:20:7d:b0:

d1:47:91:be:83

exponent1:

45:fb:6d:35:71:60:7f:30:46:5d:06:cd:34:c9:ec:

0d:5c:b1:7b:2e:8f:cb:54:37:c3:78:38:b4:99:12:

10:6d:16:22:11:76:37:cb:25:f2:82:86:d1:13:82:

cc:0d:0d:e9:06:4b:e1:7b:e3:e3:c4:15:80:a9:4d:

96:f0:3d:2f

exponent2:

13:77:f4:b4:23:78:e5:92:8e:59:78:29:67:d2:d0:

6a:26:9e:40:be:a5:c0:1b:d1:38:6b:93:02:c7:e3:

1d:5f:b7:0f:cd:23:29:b4:c5:94:18:20:88:f9:22:

42:b2:dd:e4:5c:de:a2:28:56:39:63:f9:cc:f8:91:

86:22:0a:b7

coefficient:

00:95:69:1f:82:34:21:ac:6c:f8:b8:06:b4:46:dd:

79:e4:b0:0a:32:20:cf:21:48:3b:1b:fe:34:60:b2:

f5:d9:a9:e0:8a:23:74:43:2e:cc:09:99:dc:54:d2:

df:3a:5b:c4:0d:b3:4b:88:95:a8:3f:85:d9:4f:f4:

cf:16:55:da:7c

writing RSA key

-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQCqCN1/oUaWvjjMLeq7CqPMLoTOhGHRqgwYWUhUFTozP4q94Ut7

uDfLVS0IO0qwdy4mpY6LS4+lLIQtVDUrbmKuF8+05vP5MG/qUqv8g574pi7n9yu+

YeDGEAkLnDLRpGFUiwb1PlYsfFnJv460emT6bcZOVhF8j/TTdOeEUTHpFQIDAQAB

AoGAdd1hVRiBavr/OiHWJcOxWVchvloryH+clMBHD+oLBv1T+l2SyncfTfaEGcGn

+30R4749ejdtomyiTx2hIbMJ+UwcC08++oIThQJCGGDLb+PgpVQqwya1ORLPRn2z

1vIuHqrxdvW8mxfxJZxZFeCWflVZFEYVYqH5Kh25CpCoJX0CQQDfoSyV0fblHDeJ

odYUSQ6bnSzsHb69tN67D1fMZTCjKIl+pzEb0LBSMIXbAaiX4hEgcbNH6GaM7NSb

tu59hSaHAkEAwqWsqYB9U5f06NxgspBue5uRh6uVkWG58jSzbbz6nuebsKZUi8+z

fNg6d84jEGhgMwjTerT962MgfbDRR5G+gwJARfttNXFgfzBGXQbNNMnsDVyxey6P

y1Q3w3g4tJkSEG0WIhF2N8sl8oKG0ROCzA0N6QZL4Xvj48QVgKlNlvA9LwJAE3f0

tCN45ZKOWXgpZ9LQaiaeQL6lwBvROGuTAsfjHV+3D80jKbTFlBggiPkiQrLd5Fze

oihWOWP5zPiRhiIKtwJBAJVpH4I0Iaxs+LgGtEbdeeSwCjIgzyFIOxv+NGCy9dmp

4IojdEMuzAmZ3FTS3zpbxA2zS4iVqD+F2U/0zxZV2nw=

-----END RSA PRIVATE KEY-----

[root@docker121 ssl]# openssl rsa -in private.pem -text -noout #不输出私钥内容

Private-Key: (1024 bit)

modulus:

00:aa:08:dd:7f:a1:46:96:be:38:cc:2d:ea:bb:0a:

a3:cc:2e:84:ce:84:61:d1:aa:0c:18:59:48:54:15:

3a:33:3f:8a:bd:e1:4b:7b:b8:37:cb:55:2d:08:3b:

4a:b0:77:2e:26:a5:8e:8b:4b:8f:a5:2c:84:2d:54:

35:2b:6e:62:ae:17:cf:b4:e6:f3:f9:30:6f:ea:52:

ab:fc:83:9e:f8:a6:2e:e7:f7:2b:be:61:e0:c6:10:

09:0b:9c:32:d1:a4:61:54:8b:06:f5:3e:56:2c:7c:

59:c9:bf:8e:b4:7a:64:fa:6d:c6:4e:56:11:7c:8f:

f4:d3:74:e7:84:51:31:e9:15

publicExponent: 65537 (0x10001)

privateExponent:

75:dd:61:55:18:81:6a:fa:ff:3a:21:d6:25:c3:b1:

59:57:21:be:5a:2b:c8:7f:9c:94:c0:47:0f:ea:0b:

06:fd:53:fa:5d:92:ca:77:1f:4d:f6:84:19:c1:a7:

fb:7d:11:e3:be:3d:7a:37:6d:a2:6c:a2:4f:1d:a1:

21:b3:09:f9:4c:1c:0b:4f:3e:fa:82:13:85:02:42:

18:60:cb:6f:e3:e0:a5:54:2a:c3:26:b5:39:12:cf:

46:7d:b3:d6:f2:2e:1e:aa:f1:76:f5:bc:9b:17:f1:

25:9c:59:15:e0:96:7e:55:59:14:46:15:62:a1:f9:

2a:1d:b9:0a:90:a8:25:7d

prime1:

00:df:a1:2c:95:d1:f6:e5:1c:37:89:a1:d6:14:49:

0e:9b:9d:2c:ec:1d:be:bd:b4:de:bb:0f:57:cc:65:

30:a3:28:89:7e:a7:31:1b:d0:b0:52:30:85:db:01:

a8:97:e2:11:20:71:b3:47:e8:66:8c:ec:d4:9b:b6:

ee:7d:85:26:87

prime2:

00:c2:a5:ac:a9:80:7d:53:97:f4:e8:dc:60:b2:90:

6e:7b:9b:91:87:ab:95:91:61:b9:f2:34:b3:6d:bc:

fa:9e:e7:9b:b0:a6:54:8b:cf:b3:7c:d8:3a:77:ce:

23:10:68:60:33:08:d3:7a:b4:fd:eb:63:20:7d:b0:

d1:47:91:be:83

exponent1:

45:fb:6d:35:71:60:7f:30:46:5d:06:cd:34:c9:ec:

0d:5c:b1:7b:2e:8f:cb:54:37:c3:78:38:b4:99:12:

10:6d:16:22:11:76:37:cb:25:f2:82:86:d1:13:82:

cc:0d:0d:e9:06:4b:e1:7b:e3:e3:c4:15:80:a9:4d:

96:f0:3d:2f

exponent2:

13:77:f4:b4:23:78:e5:92:8e:59:78:29:67:d2:d0:

6a:26:9e:40:be:a5:c0:1b:d1:38:6b:93:02:c7:e3:

1d:5f:b7:0f:cd:23:29:b4:c5:94:18:20:88:f9:22:

42:b2:dd:e4:5c:de:a2:28:56:39:63:f9:cc:f8:91:

86:22:0a:b7

coefficient:

00:95:69:1f:82:34:21:ac:6c:f8:b8:06:b4:46:dd:

79:e4:b0:0a:32:20:cf:21:48:3b:1b:fe:34:60:b2:

f5:d9:a9:e0:8a:23:74:43:2e:cc:09:99:dc:54:d2:

df:3a:5b:c4:0d:b3:4b:88:95:a8:3f:85:d9:4f:f4:

cf:16:55:da:7c

[root@docker121 ssl]# openssl rsa -in private.pem -des3 -passout pass:123456 -out private_des.pem　　　　　#将生成私钥加密

writing RSA key

[root@docker121 ssl]# cat private_des.pem

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,8DC40333E1A9554A

T1xNHzp7eopY4GdTjH/hUpSP3S8FrW/bpe9gAaKkMedRQ2Y8TuAd2/zbj6w64C8s

qMfYgZ/xFfD3pOE9h65C9GRNRdsc6MUrtCwypqPiZJazEYs7c8CcQgTPMvXKo+rs

UhOoRT8E924G1qfWsfMYA7GTa/MoAs9g1gpfKPJCagsHgh+6Hfy650LdFO5zifG8

baYroQdCZXbFD/ena9pruC4da4UQIyguJdJ/Mz/Zf3T5FWo6spKZP0LflOHq7+jc

iBoVC4UleheFyZUxXvWcrt6mfuZ1RmPrwk1TMWRvXDPfw007QVlBWppihLoejmsc

ObMe5nfP77CsaLvYz0TwyzG9KQ8RjJCaVUxJmsLg4tb01jaCOUfkFLBa2O9K0Y/2

qMe6F0+ee8UBQgYslCIaOgV4jZBb1WKbbE4RispqXmn9NW0Wfxgxfa3Mr6/+0i6t

OboGexkiWPVSw3nT9UAaIFkme1wVYkQmaNTwZC6PHHiAn0q2azaRmDm6aJ/t1HN3

RAsMHEn/YWqMUOXaYZ9a5REE5RUFq1SMgfWFTTz/8LXq9dRaeA3dPdRw3eHE7rXd

gsrBRaX0jUPOfYovPCcLx10/O7bNjPf+Jl2dXIYq1mvIzcCzZssHSOoJiAaKcnVe

WAU5CCzutezlS1JwiKl6j8u05VNQjfKbgJAaX+/XAhJc3rZank0rJPWJgfw/Q8dz

fNM/iC6qTGELg+LR0p0t9ppAyOoyKoPxNXdhabh72FBQ7VTMTpIH2eyzH9DCW1AC

uO9//Z+NK2ETiIHF2qHXlkhVkjMd/6Je8eSb83gwTpt0aNVT4Ahojg==

-----END RSA PRIVATE KEY-----

[root@docker121 ssl]# openssl rsa -in private_des.pem -passin pass:123456　　　　　　#读取加密的私钥