openssl命令行整理
openssl
传输层安全性/安全套接层及其加密库
项目地址:https://gitcode.com/gh_mirrors/ope/openssl
免费下载资源
·
文章目录
openssl命令行整理
概述
将资料上的openssl命令行整理一下
笔记
运行openssl命令行的环境脚本
@echo off
rem \file my_openssl_env_cmd.cmd
set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
cmd
openssl 帮助重定向到文件
openssl help > openssl_help.txt 2>&1
查看openssl版本的全部信息
D:\my_dev\my_local_git_prj\study\openSSL\certs>openssl version -a
OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023)
built on: Sun Jan 7 04:30:29 2024 UTC
platform: VC-WIN64A
options: bn(64,64)
compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"
OPENSSLDIR: "C:\openssl_3d2\common"
ENGINESDIR: "C:\openssl_3d2\lib\engines-3"
MODULESDIR: "C:\openssl_3d2\lib\ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x18c07fcef3bfa7eb
这个命令可以看到openssl编译时的全部选项, openssl运行时的环境变量, 非常有用.
openssl help
openssl提供了一组干活的功能, 用help查看, 可以大概能知道当前版本的openssl能干啥活.
D:\my_dev\my_local_git_prj\study\openSSL\certs>openssl help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
mdc2 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
可以看到openssl提供了3组命令
标准命令 - 53个
信息摘要命令 - 20个
加解密命令 - 84个
openssl list
openssl list -verbose -commands > openssl_commands.txt 2>&1
openssl list -verbose -standard-commands > openssl-standard-commands.txt 2>&1
openssl list -verbose -all-algorithms > openssl-all-algorithms.txt 2>&1
openssl list -verbose -digest-commands > openssl-digest-commands.txt 2>&1
openssl list -verbose -digest-algorithms > openssl-digest-algorithms.txt 2>&1
openssl list -verbose -kdf-algorithms > openssl-kdf-algorithms.txt 2>&1
openssl list -verbose -random-instances > openssl-random-instances.txt 2>&1
openssl list -verbose -random-generators > openssl-random-generators.txt 2>&1
openssl list -verbose -mac-algorithms > openssl-mac-algorithms.txt 2>&1
openssl list -verbose -cipher-commands > openssl-cipher-commands.txt 2>&1
openssl list -verbose -cipher-algorithms > openssl-cipher-algorithms.txt 2>&1
openssl list -verbose -encoders > openssl-encoders.txt 2>&1
openssl list -verbose -decoders > openssl-decoders.txt 2>&1
openssl list -verbose -key-managers > openssl-key-managers.txt 2>&1
openssl list -verbose -key-exchange-algorithms > openssl-key-exchange-algorithms.txt 2>&1
openssl list -verbose -kem-algorithms > openssl-kem-algorithms.txt 2>&1
openssl list -verbose -signature-algorithms > openssl-signature-algorithms.txt 2>&1
openssl list -verbose -asymcipher-algorithms > openssl-asymcipher-algorithms.txt 2>&1
openssl list -verbose -public-key-algorithms > openssl-public-key-algorithms.txt 2>&1
openssl list -verbose -public-key-methods > openssl-public-key-methods.txt 2>&1
openssl list -verbose -store-loaders > openssl-store-loaders.txt 2>&1
openssl list -verbose -providers > openssl-providers.txt 2>&1
openssl list -verbose -engines > openssl-engines.txt 2>&1
openssl list -verbose -disabled > openssl-disabled.txt 2>&1
openssl list -verbose -objects > openssl-objects.txt 2>&1
openssl pkey --help
Usage: pkey [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
-check Check key consistency
-pubcheck Check public key consistency
Input options:
-in val Input key
-inform format Key input format (ENGINE, other values ignored)
-passin val Key input pass phrase source
-pubin Read only public components from key input
Output options:
-out outfile Output file for encoded and/or text output
-outform PEM|DER Output encoding format (DER or PEM)
-* Any supported cipher to be used for encryption
-passout val Output PEM file pass phrase source
-traditional Use traditional format for private key PEM output
-pubout Restrict encoded output to public components
-noout Do not output the key in encoded form
-text Output key components in plaintext
-text_pub Output only public key components in text form
-ec_conv_form val Specifies the EC point conversion form in the encoding
-ec_param_enc val Specifies the way the EC parameters are encoded
openssl pkeyutl --help
Usage: pkeyutl [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-engine_impl Also use engine given by -engine for crypto operations
-sign Sign input data with private key
-verify Verify with public key
-encrypt Encrypt input data with public key
-decrypt Decrypt input data with private key
-derive Derive shared secret
-config infile Load a configuration file (this may load modules)
Input options:
-in infile Input file - default stdin
-rawin Indicate the input data is in raw form
-inkey val Input key, by default private key
-pubin Input key is a public key
-passin val Input file pass phrase source
-peerkey val Peer key file used in key derivation
-peerform PEM|DER|ENGINE Peer key format (DER/PEM/P12/ENGINE)
-certin Input is a cert with a public key
-rev Reverse the order of the input buffer
-sigfile infile Signature file (verify operation only)
-keyform PEM|DER|ENGINE Private key format (ENGINE, other values ignored)
Output options:
-out outfile Output file - default stdout
-asn1parse asn1parse the output data
-hexdump Hex dump output
-verifyrecover Verify with public key, recover original data
Signing/Derivation options:
-digest val Specify the digest algorithm when signing the raw input data
-pkeyopt val Public key options as opt:value
-pkeyopt_passin val Public key option that is read as a passphrase argument opt:passphrase
-kdf val Use KDF algorithm
-kdflen +int KDF algorithm output length
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
openssl prime --help
Usage: prime [options] [number...]
General options:
-help Display this summary
-bits +int Size of number in bits
-checks +int Number of checks
Output options:
-hex Hex output
-generate Generate a prime
-safe When used with -generate, generate a safe prime
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
number Number(s) to check for primality if not generating
对称加密
openssl enc -e -aes-256-cbc -pbkdf2 -in hello.txt -out hello.txt.enc -pass pass:111111
对称解密
openssl enc -d -aes-256-cbc -pbkdf2 -in hello.txt.enc -out hello.txt.enc.txt -pass pass:111111
PEM/DER之间的转换
openssl3.2 - exp - PEM <==> DER
命令行加解密文件 + 看摘要
cd /d D:\my_dev\my_local_git_prj\study\openSSL\exp_dcwo3d0\p2_38
// gen key
openssl rand -hex 32
84912243ceba6e5a8f39a3d65d7e24d0807d755c93021fb7296de724993e7732
// gen iv
openssl rand -hex 16
dbd48ea32866ad8f87665986f1117a66
// make some file to enc/dec
dir .\* > pt.txt 2>&1
// view enc help
openssl enc --help
// enc file
openssl enc ^
-aes-256-cbc ^
-K 84912243ceba6e5a8f39a3d65d7e24d0807d755c93021fb7296de724993e7732 ^
-iv dbd48ea32866ad8f87665986f1117a66 ^
-e ^
-in pt.txt ^
-out pt.txt.enc
// dec file
openssl enc ^
-aes-256-cbc ^
-K 84912243ceba6e5a8f39a3d65d7e24d0807d755c93021fb7296de724993e7732 ^
-iv dbd48ea32866ad8f87665986f1117a66 ^
-d ^
-in pt.txt.enc ^
-out pt.txt.enc.pt.txt
// view file hash
openssl dgst .\pt.*
SHA256(.\pt.txt)= 79237e9b8a59461b70eab0367de6f8f9244e8e20acc80376ba745e92b597dea8
SHA256(.\pt.txt.enc)= 952022336c6cf33eb02b2bba44beec0690396862df4a9fd919f5ac079f979860
SHA256(.\pt.txt.enc.pt.txt)= 79237e9b8a59461b70eab0367de6f8f9244e8e20acc80376ba745e92b597dea8
生成口令
openssl passwd 可以生成口令
下面的命令是生成不同长度的口令
最后不带-的参数是要生成的口令的名字, 给几个名字, 就生成几个口令
最后按照表格的方式显示出来.
D:\my_tmp>openssl passwd -6 -table -password pwd1 pwd2
pwd1 $6$E3NJqA8JZEDhiJK2$iG37JVv3Mt1CE5bTcG.QZPthydXH6XMZZ3tuwMMpAauURG79Vumqx6JUXcfCLIgqIuksg7fqowf34hMW0wgmJ0
pwd2 $6$EldVWE.mYSX26qla$0WxSGdygohLfZPyH3GR/k/ARF2h1OTHEGLkDhZNtEiKw9gL/ek3CJZN9hjXiGC0Zv/fYXXaRmBfaBNrdxbDzu/
D:\my_tmp>openssl passwd -5 -table -password pwd1 pwd2
pwd1 $5$6kWWvZkAhLZVbjf/$V93TIB9mX90qFfAKHDEePIlTfoTjZcyN0JvsJQLd2yC
pwd2 $5$E0XQQyBB8v9aGRbX$zyZpO2MiNO2WUQXDtIiX/r1JFjyYc5/6RDAn29plEC4
D:\my_tmp>openssl passwd -apr1 -table -password pwd1 pwd2
pwd1 $apr1$NkUPmCZD$ob7Y5pHPWAxhMm9eM/4280
pwd2 $apr1$kpxGLVv4$dd2KtDb2hjvAH9ctt1egf1
D:\my_tmp>openssl passwd -1 -table -password pwd1 pwd2
pwd1 $1$WcudEtnZ$k4ebzpnhVrh0FmugAWC641
pwd2 $1$Al9IYWcZ$RtkIwLeCXAsHsjtGnWK9k.
D:\my_tmp>openssl passwd -aixmd5 -table -password pwd1 pwd2
pwd1 qeJKFLte$2a5SY0jQypIbTcB8L5SC01
pwd2 ./gcARvI$soLQUGc0qLXVbdbbEcw4W.
D:\my_tmp>
END
GitHub 加速计划 / ope / openssl
20
1
下载
传输层安全性/安全套接层及其加密库
最近提交(Master分支:2 个月前 )
fd39d1c8
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
4 个月前
ae87c488
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25095)
4 个月前
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
9
0- 0
已为社区贡献24条内容
所有评论(0)