轻迅科技-数字签名和数字证书的原理解读
数字签名和数字证书的原理解读(图文)
数字签名和数字证书的区别是什么?数字证书是由权威机构CA证书授权中心发行的,能提供在Internet上进行身份验证的一种权威性电子文档。而数字签名是一种类似写在纸上的普通的物理签名,但是使用了公钥加密领域的技术实现,用于鉴别数字信息的方法。对于数字签名和数字证书的运用原理,相信有不少朋友还不清楚,下文将为大家解疑答惑。
数字签名和数字证书原理













应用






linux 需要使用 openssl来生成密钥对
2019年02月17日 星期日 14:52:25
命令
root@wyi:~# openssl version
OpenSSL 1.1.0g 2 Nov 2017
root@wyi:~# openssl list -cipher-commands
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb
rc2-ecb rc2-ofb rc4 rc4-40
seed seed-cbc seed-cfb seed-ecb
seed-ofb
root@wyi:~#
root@wyi:~/openssltest# openssl enc -aes-256-cbc -based64 -in msg
enc: Unknown cipher based64
enc: Use -help for summary.
root@wyi:~/openssltest# openssl enc -aes-256-cbc -base64 -in msg
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX184C/ePYMBKM+zGR1iZh5BKbMRGsJgJlZKcvw6zXEcrWSZS2Zjv3
root@wyi:~/openssltest#
[root:name]openssl genrsa -out keypai.pem 2048
Generating RSA private key, 2048 bit long modulus
.................................................................+++
.................+++
e is 65537 (0x010001)
[root:name]
keypai.pem不止有私钥,还包括公钥,但是使用cat还是vim,只能看到private.key
使用openssl rsa 命令就可以看到公钥和私钥了
[root:name]cat keypai.pem //只能看到私钥 private key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAs+2*******nmdceL3e+C5fmMVv9TmR NZ3eXKoCRmmyrFyr6kvu4y63wefojNM7Sqiw0WtckiWIi1AdWAfoHS65nZNnM7w/ Q5bc9wkLzEKyrXtY0/ZotUaTqSjtfZy7IORmqmdoZ/oCvhbfQ86Q1Cy261mvqBSh SWUu+o81qcqAHEO7apaoxRsvc0lLXQetO7RkbtfVvqfvdIxnG49RUQBVtJdTfvRN eM5mObMD6YDCy0udPSOtAM28wvadPxEBXmRrWpWm6DPeZTJstcOfebAR/o8nDJa5 iMvWESfEI/RLvzgqZZlKzjAvHHDDZ87Y5oDCpQIDAQABAoIBAFYzlLs7RZyZYGfu jI9X8WVWAMdawqjlUDIwlTBF11rzzG2qBN2xIqU2dhyR6x4Uz/BSLML+0N6/YnSF hrSAGSZbz1/dR4um+EgCkbvZdOf/hMQOfii9kGNyHAriMYRXwfja5tNiWsACcbVq b2SUyHL/U8/swX+cqZ5syoo8We5qnRy/R4IkmfgGdVtwaJxXNoTWtA0P9J8v5F/V myZVhpFvNEkF6+J5Ae8O/i9SbCJ61LKIxaaCH17xfwsU+vv8Q+XD4Hnv3ExIyE7a 0MjoGtDvvAE7lTvm+mWrrdgbyeO+4v0QffDP1II18H/IkVIEB7/j9eAwypZVPiyi wfJCOMECgYEA6PXOKkvzYJol1MjZ1rUQrlwsz5MQckPNprWcBDilrLvVadMVY3LH Lx2hELkVGFVce5VwBjTWE9y9J++oVILbZ5XM9iHBV1AsWDAMvMvMXuw0rok4UcuF 6mTGrDJVooxezB/rlel80s11PjcXwUuE9CcBTHTJz+cCjgAPcIihuxkCgYEAxbkj ID4h83P+GemVpzpsJnpnO2m+7nBdCfheFb74oX93MlbSBZIYJtICTKyXR9Vlq/RM wJgAKpDfw4LWovIqUdkLKcEGYI4gtQYezUp2OwcFoNg+PXe83L+YpryJZhsnQACd rYjKdeaVAInBrLEAo2tCpVROhmrWKP8uWq1RAW0CgYBZDP1ONdJG7yXe/RgodvZ1 cE7A2lrDEyAdxfZptq2+Jd8ioMngRhPV8uGK3vUtZBQCOdGkzbW3yf2UsowKIit0 oVLEE4swsTkCTPvRf6YT8v8AaPvaaI48V2GKmYMaq8XhCaKon6RTgK58pdqyzQd5 vR9F9q7ehlP3rBY60j/goQKBgBSwvPZAyji5qJt5kAmB2ZNlN6xF8o7s/y9t6BqK c2Yi+owv/aZLlW9qhocTgHkp4YvO8sEspsfNhTzmUiOXB8qs1bg21L4B4XZP/6Un 55thrrsYJds0znSjMAwyqoYezUqrRdTE/bq8uFboE3ZIx3JSZRT774OtZl+/5E/k 1xc5AoGBANXUvBBLXsbtTZ/DzC5ItEUTKBj7Fct4Nzq4FuKsXQj4NVhMP7o1JzNa x3b/A0rOl/HDw6Srh6s9MIIuHh6TpaJKdj/G1nisplaKI+gbROC6D+LGZoXwn7ZN h0AwYX6*******wQX0PAm4GNU0WQPFjSR2JMkvLrzE -----END RSA PRIVATE KEY----- [root:name]vim keypai.pem | |
[root:name]openssl rsa -in keypai.pem -text Private-Key: (2048 bit) modulus: 00:b3:ed:a1:3f:7b:77:27:0b:e5:55:31:c1:87:23: 68:74:8e:4f:6…… publicExponent: 65537 (0x10001)
privateExponent: 56:33:94:bb:3b:45:9c:99:60:67:ee:8c:8f:57:f1: 65:56:00:c7:5a…… prime1: 00:e8:f5:ce:2a:4b:f3:60:9a:25:d4:c8:d9:d6:b5: 10:ae:5c:2c:cf…… prime2: 00:c5:b9:23:20:3e:21:f3:73:fe:19:e9:95:a7:3a: 6c:2…… exponent1: 59:0c:fd:4e:35:d2:46:ef:25:de:fd:18:28:76:f6: 75:70:4…… exponent2: 14:b0:bc:f6:40:ca:38:b9:a8:9b:79:90:09:81:d9: 93:6…… coefficient: 00:d5:d4:XXXXXX:9f:c3:cc:2e:48: b4:45:1…… writing RSA key -----BEGIN RSA PRIVATE KEY----- …… -----END RSA PRIVATE KEY-----
|
|
[wyi]$openssl rsa -in XXXXXX.com.key -pubout -out public.pem
writing RSA key
[wyi]$ls
XXXXX.com.key enc msg public.pem
[wyi]$openssl rsa -in XXXXXX.com.key -out prvivate.pem //没有-pubout参数默认输出private key
writing RSA key
[wyi]$ls
XXXXXX.com.key enc msg prvivate.pem public.pem
[wyi]$
[wyi]$head -3 prvivate.pem
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAyzc23jn8RlSTqZdhj4U3f+fV6t3/+4yRkQO4tW53e5aY9kyX
L98aRNDsRWmVd1Wy5cxrL2F31TDPVXBhjH/XEpATWErpSC1NXOj1sSdggRo82uiU
[wyi]$
[wyi]$
[wyi]$head -3 public.pem
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyzc23jn8RlSTqZdhj4U3
f+fV6t3/+4yRkQO4tW53e5aY9kyXL98aRNDsRWmVd1Wy5cxrL2F31TDPVXBhjH/X
加密
[wyi]$ls
XXXXXX.com.key msg prvivate.pem public.pem
[wyi]$cat msg
i have two apple !
[wyi]$openssl rsautl -encrypt -in msg -out enc -inkey public.pem -pubin //使用公钥加密,私钥解密
-pubin:表明我们输入的是一个公钥文件,默认输入为私钥文件。
[wyi]$
[wyi]$ls
XXXXXX.com.key enc msg prvivate.pem public.pem
[wyi]$cat enc
'#.Kr?(6xɗ.nH)jBQs}}WpjJ*ɯ[
w@^j@^֊X|B2<bո22zdm8_r
YCS
3=V0ؖ| kZ]߮g-,!EU俇FpQg3!LyWۣDyqXVLҙf,T䊲nP3E;;@LN䝊֟*yK692Le=t@80UKvVD@uc:V
0ݱEh%00@ 8hXtf?7@Rꎇ+}MN"/C\'-v
IڌKHt?[bKQzPLNtY.v[H0ỦBI4PO&
o3ғz#c _Y邚5:
f0In'`q(C*<C[wyi]$
解密
[wyi]$openssl rsautl -decrypt -in enc -out den-msg -inkey public.pem 不能用公钥解密
unable to load Private Key
140389739999680:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: ANY PRIVATE KEY
[wyi]$
[wyi]$openssl rsautl -decrypt -in enc -out den-msg -inkey prvivate.pem //解密用私密解密
[wyi]$ls
XXXXXX.com.key den-msg enc msg prvivate.pem public.pem
[wyi]$
[wyi]$cat den-msg
i have two apple !
[wyi]$
签名和验证,使用 private key 签名,使用 public key 验证签名
[wyi]$openssl rsautl -sign -in msg -out singed -inkey XXXXXX.com.key 使用private key 签名
[wyi]$
[wyi]$ls
XXXXXX.com.key den-msg enc msg prvivate.pem public.pem singed
[wyi]$
[wyi]$head -1 singed
sy'bjk36H5@@CȚj%*hFm
~n4^
- f\>r!R3]"D}Ƽj`0MʻըgZjAϓ˖:X8U5yJ>OL߀
½3uD%@_ORܞwui$=ȇ6R-ʺbnQQ?@+t,1ra(/EyHa*5d`-漙X@|@j|I`#TI^f`I߽Pn?UgxV Ok|/c
-*BYϏ k\^25[.mb7=mT}*eAGp4
^=#0qu8y7oM*eIN[wyi]$ ܠ<|d#Axz|b4nRF~.
[wyi]$
[wyi]$openssl rsautl -verify -in singed -out verifiedFile -inkey public.pem //没有指定输入类型是public key那么默认是private 类型,所以出错
unable to load Private Key
140410636493248:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: ANY PRIVATE KEY
[wyi]$
[wyi]$openssl rsautl -verify -in singed -out verifiedFile -inkey public.pem -pubin //验证用公钥验证签名
[wyi]$ls
XXXXXX.com.key den-msg enc msg prvivate.pem public.pem singed verifiedFile
[wyi]$
[wyi]$cat verifiedFile
i have two apple !
[wyi]$
[wyi]$openssl rsautl -verify -in singed -out verifiedFile22 -inkey prvivate.pem -pubin
unable to load Public Key
[wyi]$