- 無加密格式
- 産生私鑰(無加密)
➜ test openssl genrsa -out rsa_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
...............................+++++
...............+++++
e is 65537 (0x010001)
➜ test cat rsa_private_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC6JDteJKsAvHgLsNgpjhciwcu7HTQYSzz59McF5yNG2qi98G8K
ijNN4egK08gJWziAuZopBYuH1wBZXZgh8lSROcH0sBoIzoDV6JSAieQ7m6svkjYn
2gRghHKeAeGid8tjRGEbSiPG3RfUVvVcAL0eFJH889xOQkPFyG9LPopMOwIDAQAB
AoGBAIOLG1FahGZOyl8oqHolagAsCDfBWZFZikvySbvILkviNqGUCkTeiYcegIc2
RwUlq/Z8M4+N1Z83t41v8RT8Vfne1eK5pt9UQ5yYr0v3dhgTOFn1CavUq86e0NtR
Zy3G9hhnoShWANlrnQZf40oeBLtbVWgzkFYLyTKb2uT9FkExAkEA3AzjwRRs4FHV
TVeQpowDvms/vjXEunVU94CrARySgTRJfRkDA4qyjXgOTSZYFI/KWvu9Wwl1nxMK
J7nZfgj2JQJBANiNLqbpnMwmtNV/kqVvuUFk9ugc0NeMdlDokBTowJlMS5JR1Z5x
/f0NVBQf8uEvCHCyfxdjl1XGzU9V+uDBut8CQFZgJOJ8XwRqetziG2CUoz+Sn7HN
L0y1k8WXVwiXq5ZV7ObS85DnV5EaaBq2i2p+ysKOAFUE0IvBkIHpfMrxP5UCQQCU
VcFLHGMHhMwCIuz03d7saJioznRP8itpqKRpbjXfzF9Hzz6g1jzBBkw9rNTWYz1I
1TwxbUrQuukQGzlKk+nJAkATc437NEhLP6gRxPVJHYP8a0rO8GISKXLnQQIeMT1A
WvfxgB6721ucFOCr+lbsJu5sjRaa9RtcbiLn2JFV7nL6
-----END RSA PRIVATE KEY-----
➜ test
- 産生公鑰(無加密)
➜ test openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
➜ test cat rsa_public_key.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6JDteJKsAvHgLsNgpjhciwcu7
HTQYSzz59McF5yNG2qi98G8KijNN4egK08gJWziAuZopBYuH1wBZXZgh8lSROcH0
sBoIzoDV6JSAieQ7m6svkjYn2gRghHKeAeGid8tjRGEbSiPG3RfUVvVcAL0eFJH8
89xOQkPFyG9LPopMOwIDAQAB
-----END PUBLIC KEY-----
➜ test
- 加密方式
- 生成RSA私鑰(使用aes256加密)
➜ test openssl genrsa -aes256 -passout pass:123456 -out rsa_aes_private.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
............................................+++++
e is 65537 (0x010001)
➜ test cat rsa_aes_private.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,F92E056921B1891A901EF800F070A769
eDNzC7/6LTa7SLwXjOm8YMWiZcoEewGNHNIlTewKrdgFNTxN5cx49zTa30sRh1EF
B8Sj2l+iNI2Qulg4+lYuRBze3BzIXuQ4xHlxitfdy6q9h+9htu/oBvUP2U4pLIM3
nx45SWAkwWogLKoJYyGmZF7iz2V1qFO3LuzE6BBKSy9lFKf+NjsEAvfJfSe/gV4v
inu9lBaNld6XR4Dbk6GBnPrgMJ9qXvCDBomxhVak6MG39D/xgGGt29i087Iusib2
UxppUGG+bVURhoYJ7iWopNF227bbEeRqlqEErJhSmucReM4fKdQ9AfPRTr1dF84O
AzGO4N70zkeefOTlCZkJC4lr6tcBocgrvdYFY4w5knP9qpvW7LtVQTscD6LtYj7J
3PiQGVE4WLXwoDzWWJly2/bknYPb+2jcPgFYVxO5rNa2d6ZQu0+1x+OzLaJZ3T2p
8mmlQBVbFLpBbUM48hYqkCAycbPS6QGSuZ0gvy2t3Yo2Ay8meV9X5Xy0NwrlAnRb
bNCoCZgNSKbCiKo/+JgE3QtBnI8CBl3muM6xo0+EoJKVSP0acBd8T5QKCM7gQ2P0
eMDID7Uyn0PfaN7hd2R04hZACo1cKezFqVex72oc9FEq8mQYbSmVRivyUCAcXY91
TcJv4noccYJsAY5eBVa5wQ4qEu5Af/wXgQn6kMPVW5BnKgE2Xt13/jZsKlpQ3aW5
iu6XP6XjmFXMawtINVFn1FHzE/5q1bAaea/R8M/QK3/u1kp7WBLwRVWEAYjE2Dff
vjyn1acPUTKoxdQ691240Hmx8dGz5GbJDBhONKKuRJKVVKZYc0z+gzegHzNpSW04
Mag9vLQ6Cm31pD0Nz3gEJ9JTZ2H89nJHoaDGPqXry9+kRtdpoFpvPPHNKAtu3T/O
x1qkgcS/BPcSaLLubYfCdArN+58CuGYSmuCEw2KAqGw7NdzUd3blMaf6TnhNDsg/
6HtrMxYEPOwevSX6vdOA1WqAen+zazv2S70c+OhUkuFTDoIzW8Kngm+4Z+C5U1qZ
WYrc3Jh1bnc01M5SuTC000s/g5wIoNZzzBEOXwYNam+K1h8r7HdoZDM983TU/oAW
P2f/rzWfyZ3zAJ39sqm7pjZyH8eZhtPuzVcBZZ7g27IThb6vF3uWLbvaRy2rFaNi
L0lClwgfybnsY+Nxzq7Ixe+jdC1JDHAmohZbspCLRGNeLFQG52GA+hRZLImsDXj7
RxsDv2cq7i+40kqTOvPS6J+VtYYd/WFWtRcRu0PMEsdLQusyEyMEN/yvB0JCzPcj
8WtAoF+KTZ69KZybpoeccnQuuhJ/jBDFQP5+OsnipB8UShTAunIXNFsn1zlPoR0+
xchFHNYrb2gFUyCv9nYz9ulhVuk4dS84hKw1xqq1iQ5ZRRHxUbZxiVz5rvX1F3pp
1B5Dkhg713oFc8d+XvaU6XKQH0/pM/X2L02JjI+j44sX6m5U2NvXIbhSJuI5slb5
nhqpIDrfUF0bFdRl1L3y5OAqQVJ0jhAYS8Jlnd2IsUHPf8Wel5wzEiyBQ44UOgfj
tHy6q1S4mJiNRZZckSa9IK6QKM0t0IlKcvefsrZeWUwMAalqCsmz03xrRJaP3JO/
-----END RSA PRIVATE KEY-----
➜ test
其中,passout代替shell進行密碼輸入,否則會提示輸入密碼(即互動模式)。
- 導出RSA公鑰(需要提供密碼)
➜ test openssl rsa -in rsa_aes_private.key -pubout -out rsa_public.keya # 手動輸入密碼123456
Enter pass phrase for rsa_aes_private.key:
writing RSA key
➜ test openssl rsa -in rsa_aes_private.key -passin pass:123456 -pubout -out rsa_public.key
writing RSA key
➜ test cat rsa_public.key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbHDRMAnpTPxAuaoW+wU
iOV6jqo41Uga2D72ch5Pu4qcvBU3MJkRFO+ixdJeeNeYpH8J4cczOP49CffUWc4R
3a1PUXI8McrtC8DITh1I/sNxsNiuCb0ebzt8z8Fdp53IBtSKLAVGHVx/ZPXbmOJg
1QeDUhnau57MBE1YhyzW79qcZaMExVm7AAzIYCpRYnkDZg4boFIIDG2jns4ryVO+
Oqm1z/VjOQUTGHqq7ZBqgdOCfbRkO6Eof70wXpVjWmaQpso4PIQmD5dR8P4WcyMp
t52IK6q2dRC/8IFltQeZNwa28xWR22kMfe6/aLK053CTHgJfFKawUaFvS7j2MAu4
JQIDAQAB
-----END PUBLIC KEY-----
➜ test
- 轉換指令
- 去除密鑰保護
➜ test openssl rsa -in rsa_aes_private.key -passin pass:123456 -out rsa_private.key
writing RSA key
➜ test
- 增加密碼保護
➜ test openssl rsa -in rsa_private.key -aes256 -passout pass:654321 -out rsa_aes_private.key
writing RSA key
➜ test
- 檢視私鑰參數
➜ test openssl rsa -in rsa_private.key -noout -text
RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:c1:b1:c3:44:c0:27:a5:33:f1:02:e6:a8:5b:ec:
14:88:e5:7a:8e:aa:38:d5:48:1a:d8:3e:f6:72:1e:
4f:bb:8a:9c:bc:15:37:30:99:11:14:ef:a2:c5:d2:
5e:78:d7:98:a4:7f:09:e1:c7:33:38:fe:3d:09:f7:
d4:59:ce:11:dd:ad:4f:51:72:3c:31:ca:ed:0b:c0:
c8:4e:1d:48:fe:c3:71:b0:d8:ae:09:bd:1e:6f:3b:
7c:cf:c1:5d:a7:9d:c8:06:d4:8a:2c:05:46:1d:5c:
7f:64:f5:db:98:e2:60:d5:07:83:52:19:da:bb:9e:
cc:04:4d:58:87:2c:d6:ef:da:9c:65:a3:04:c5:59:
bb:00:0c:c8:60:2a:51:62:79:03:66:0e:1b:a0:52:
08:0c:6d:a3:9e:ce:2b:c9:53:be:3a:a9:b5:cf:f5:
63:39:05:13:18:7a:aa:ed:90:6a:81:d3:82:7d:b4:
64:3b:a1:28:7f:bd:30:5e:95:63:5a:66:90:a6:ca:
38:3c:84:26:0f:97:51:f0:fe:16:73:23:29:b7:9d:
88:2b:aa:b6:75:10:bf:f0:81:65:b5:07:99:37:06:
b6:f3:15:91:db:69:0c:7d:ee:bf:68:b2:b4:e7:70:
93:1e:02:5f:14:a6:b0:51:a1:6f:4b:b8:f6:30:0b:
b8:25
publicExponent: 65537 (0x10001)
privateExponent:
52:ae:d7:74:59:b2:92:cb:01:6f:03:97:8a:e5:d4:
3e:3b:f7:7d:3f:1c:d3:ae:dc:06:c3:99:e0:4d:20:
2c:26:97:91:92:5c:e4:d9:f2:78:c5:72:ee:8f:46:
d4:be:f3:e2:04:78:eb:70:65:65:46:e2:37:87:1b:
96:da:68:b6:00:6d:83:8f:08:33:19:34:e7:77:7c:
0a:1c:66:34:9a:a9:c5:9c:39:6e:de:d4:47:17:55:
c8:39:fb:08:ba:49:d0:e0:99:bb:00:e5:55:53:4e:
ee:82:25:23:b6:3f:2f:b0:ed:55:f6:c3:70:a3:f0:
e3:45:41:2d:32:ee:ed:a3:dd:f1:62:aa:c3:83:9b:
56:81:00:b1:33:62:1b:34:c7:24:ff:3d:fd:1d:5c:
f6:60:21:5d:81:51:1d:b3:f3:15:31:ea:be:3a:6d:
c9:9c:e5:07:a3:38:74:84:18:05:11:33:d4:42:db:
2b:ce:f1:dd:41:2d:e9:bd:9e:f2:6c:c2:c4:5c:4b:
36:8f:ac:66:02:e3:8a:b4:f8:29:04:73:3a:37:af:
a1:ff:53:0b:4a:7b:af:4d:87:e7:ab:1d:70:b8:82:
5b:38:1f:3c:bb:06:d0:38:a5:e0:4c:66:b0:ab:d6:
0d:85:1a:4e:e0:07:f2:03:b7:e8:0b:f0:87:4d:e2:
61
prime1:
00:ed:2c:94:94:28:96:8e:cf:19:d8:28:69:ec:04:
30:28:bd:b2:41:a8:97:ed:44:bd:71:7b:e5:55:ff:
1f:bb:53:02:29:93:01:77:44:41:88:1a:f7:43:02:
e5:1c:b1:b7:7c:9b:65:36:23:5b:4c:bb:84:3c:25:
4c:ba:cb:b0:4b:fa:9f:84:e8:e5:83:cc:35:50:10:
14:1d:0a:66:dd:c4:b2:84:fe:ce:44:c7:a7:4e:41:
1f:9f:6f:db:8b:b1:e4:d0:38:9b:03:27:dc:18:1d:
38:69:8d:e4:e0:4d:60:02:20:a3:4d:ee:7c:67:2b:
e9:93:11:4d:1b:b3:05:29:b7
prime2:
00:d1:11:aa:8c:aa:af:b5:df:23:7b:24:50:94:ac:
0a:05:af:b1:b1:bc:e9:85:d8:7a:9c:99:54:e6:32:
66:cf:10:9a:97:4a:72:d2:cf:42:0d:fc:a1:ee:8b:
50:57:51:ac:15:5a:86:61:dd:07:ba:6b:65:6f:1b:
f8:20:3f:8a:f4:cb:81:e4:6b:e5:c3:3a:17:9d:c1:
5b:90:28:6b:38:1f:53:c0:b0:6b:ce:c5:5f:6c:9e:
18:23:0c:1e:06:17:57:c0:a0:9d:4e:bf:9b:db:2a:
53:4e:3b:8f:9d:6e:7b:f8:7d:73:c9:26:cd:78:c9:
14:5f:e4:00:e5:12:d1:9d:03
exponent1:
25:e1:1f:dd:c5:d9:bd:f7:3f:b6:71:45:f1:86:fd:
b6:14:0d:fb:44:94:f7:35:2a:58:8c:a4:25:26:f9:
07:6f:0b:82:5e:53:36:9c:35:27:2a:bf:60:f9:7e:
64:25:d2:1b:59:aa:41:8a:46:13:ac:43:43:63:e5:
ac:53:c9:d5:68:b2:bf:84:7e:db:9c:ea:ca:dd:b6:
88:a8:d7:a3:05:be:49:55:74:d6:31:58:fc:3b:94:
74:5f:66:1e:1a:8c:63:e1:16:88:db:7d:e0:70:12:
49:71:7b:23:83:d8:18:9e:e3:d6:17:87:d0:e6:87:
88:90:93:d3:1f:b5:6c:63
exponent2:
17:48:02:57:fb:c1:e9:5c:d9:d4:a2:ac:9e:81:b1:
f4:04:26:a3:86:47:f2:f1:b2:65:b1:e5:74:64:f4:
71:e6:85:70:87:87:d5:d5:e2:a3:30:18:d0:39:8f:
4e:c9:f7:81:c1:3c:e9:b4:f5:61:5b:08:46:a1:34:
b6:52:9d:24:b9:6c:d3:84:f8:67:0f:17:06:28:3c:
0c:07:94:39:01:b4:0f:e7:15:7a:47:1c:63:3a:0f:
b2:07:6d:68:7c:3c:f7:64:6b:60:13:92:45:8b:a7:
0f:35:2e:be:f7:48:b2:d9:35:85:96:de:96:ae:bd:
a8:17:f9:c9:88:98:f3:05
coefficient:
00:d8:61:55:30:54:9b:58:13:ca:f6:c1:0e:4c:5e:
1f:53:cb:4d:23:17:b1:f4:d6:a4:04:8d:9d:48:02:
86:4d:c4:0b:1b:79:c5:b8:fc:f7:35:12:ad:26:3c:
59:5d:b4:10:32:0e:8f:66:ec:32:c1:ca:2d:7f:82:
78:e3:ba:c0:f6:e1:37:2a:57:88:53:3f:b2:5c:85:
97:c3:13:99:bc:d3:1d:6a:fe:24:9b:ec:9c:15:93:
e3:38:af:b7:98:0c:c1:99:d6:97:da:17:ee:c3:48:
64:df:69:33:84:51:ed:86:3d:7b:1e:9e:4b:34:5b:
a2:f7:48:5b:e4:46:d4:5e:15
➜ test
- PEM轉為DER
➜ test openssl rsa -in rsa_private.key -outform der -out rsa_aes_private.der
writing RSA key
➜ test
- 檢視公鑰參數
➜ test openssl rsa -pubin -in rsa_public_key.pem -noout -text
RSA Public-Key: (1024 bit)
Modulus:
00:ba:24:3b:5e:24:ab:00:bc:78:0b:b0:d8:29:8e:
17:22:c1:cb:bb:1d:34:18:4b:3c:f9:f4:c7:05:e7:
23:46:da:a8:bd:f0:6f:0a:8a:33:4d:e1:e8:0a:d3:
c8:09:5b:38:80:b9:9a:29:05:8b:87:d7:00:59:5d:
98:21:f2:54:91:39:c1:f4:b0:1a:08:ce:80:d5:e8:
94:80:89:e4:3b:9b:ab:2f:92:36:27:da:04:60:84:
72:9e:01:e1:a2:77:cb:63:44:61:1b:4a:23:c6:dd:
17:d4:56:f5:5c:00:bd:1e:14:91:fc:f3:dc:4e:42:
43:c5:c8:6f:4b:3e:8a:4c:3b
Exponent: 65537 (0x10001)
➜ test
-
對于密鑰格式的說明
RSA導出公鑰時,可以指定其格式。
- 導出PKCS#8格式
➜ test openssl rsa -pubin -in rsa_public_key.pem
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6JDteJKsAvHgLsNgpjhciwcu7
HTQYSzz59McF5yNG2qi98G8KijNN4egK08gJWziAuZopBYuH1wBZXZgh8lSROcH0
sBoIzoDV6JSAieQ7m6svkjYn2gRghHKeAeGid8tjRGEbSiPG3RfUVvVcAL0eFJH8
89xOQkPFyG9LPopMOwIDAQAB
-----END PUBLIC KEY-----
➜ test
- 導出PKCS#1格式
➜ test openssl rsa -pubin -in rsa_public_key.pem -RSAPublicKey_out
writing RSA key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALokO14kqwC8eAuw2CmOFyLBy7sdNBhLPPn0xwXnI0baqL3wbwqKM03h
6ArTyAlbOIC5mikFi4fXAFldmCHyVJE5wfSwGgjOgNXolICJ5Dubqy+SNifaBGCE
cp4B4aJ3y2NEYRtKI8bdF9RW9VwAvR4Ukfzz3E5CQ8XIb0s+ikw7AgMBAAE=
-----END RSA PUBLIC KEY-----
➜ test
兩種存在格式的差異是密鑰的辨別。可參考:
a. command line tool to export RSA private key to RSAPublicKey
b. Exporting RSA public key in PKCS#1 format
![Apache配置SSLApache配置SSL[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)