SSブログ

opensslコマンド(まとめ) [openssl]

今回はすぐに忘れてしまうopensslのコマンドをまとめました。

(1)バージョン表示
openssl version
OpenSSL 0.9.8r 8 Feb 2011

(2)使用可能な暗号アルゴリズム
openssl ciphers -v
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
(省略)

(3)RSA秘密鍵の作成(パスフレーズ有り、鍵長1,024bit)
openssl genrsa -des3 -out private.key.pem 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for private.key.pem:********
Verifying - Enter pass phrase for private.key.pem:********

(4)RSA秘密鍵の作成(パスフレーズ無し、鍵長1,024bit)
openssl genrsa -out private.key.pem 1024
Generating RSA private key, 1024 bit long modulus

(5)RSA秘密鍵のテキスト表示(PEM形式)
openssl rsa -in private.key.pem -text
Enter pass phrase for private.key.pem:********
Private-Key: (1024 bit)
modulus:
00:c3:07:43:02:2c:5b:44:42:56:ba:28:60:5c:d7:
62:09:76:e5:54:ad:2d:12:86:e6:0c:22:1a:50:22:
(省略)

(6)RSA秘密鍵のテキスト表示(DER形式)
openssl rsa -in private.key.der -inform DER -text
Private-Key: (1024 bit)
modulus:
00:c3:07:43:02:2c:5b:44:42:56:ba:28:60:5c:d7:
62:09:76:e5:54:ad:2d:12:86:e6:0c:22:1a:50:22:
(省略)

(7)RSA秘密鍵のパスフレーズ削除
openssl rsa -in private.key.pem -out private_nopass.key.pem
Enter pass phrase for private.key.pem:
writing RSA key

(8)公開鍵の作成生成
openssl rsa -in private.key.pem -pubout -out public.key.pem
Enter pass phrase for private.key.pem:********
writing RSA key

(9)CSRの作成
openssl req -new -key private.key.pem -out cert.csr.pem
Enter pass phrase for private.key.pem:********
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:Technical section
Common Name (eg, YOUR name) []:www.tech.mycomp.localdomain
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

(10)CSRのテキスト表示(PEM形式)
openssl req -in cert.csr.pem -text
Certificate Request:
Data:
Version: 0 (0x0)
(省略)

(11)CSRのテキスト表示(DER形式)
openssl req -in cert.csr.der -inform DER -text
Certificate Request:
Data:
Version: 0 (0x0)

(12)証明書の作成(自己署名)
openssl req -new -x509 -key private.key.pem -out cert.crt.pem -days 365
Enter pass phrase for private.key.pem:********
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:Technical section
Common Name (eg, YOUR name) []:www.tech.mycomp.localdomain
Email Address []:

(13)証明書のテキスト表示
openssl x509 -in cert.crt.pem -text
Certificate:
Data:
Version: 3 (0x2)
(省略)

(14)RSA秘密鍵のPEM→DER変換
openssl rsa -inform PEM -outform DER -in private.key.pem -out private.key.der
Enter pass phrase for private.key.pem:********
writing RSA key

(15)RSA秘密鍵のDER→PEM変換
openssl rsa -inform DER -outform PEM -in private.key.der -out private.key.pem
writing RSA key

(16)CSRのPEM→DER変換
openssl req -in cert.csr.pem -inform PEM -outform DER -out cert.csr.der

(17)CSRのDER→PEM変換
openssl req -in cert.csr.der -inform DER -outform PEM -out cert.csr.pem

(18)証明書のPEM 形式からDER 形式へ変換
openssl x509 -inform PEM -outform DER -in cert.crt.pem -out cert.crt.der

(19)証明書のDER 形式を PEM 形式に変換
openssl x509 -inform DER -outform PEM -in cert.crt.der -out cert.crt.pem

(20)秘密鍵と証明書をPKCS#12 式へ変換
openssl pkcs12 -export -inkey private.key.pem -in cert.crt.pem -out cert.der.pfx
Enter Export Password:********
Verifying - Enter Export Password:********

(21)PKCS#12形式をPEM形式へ変換
openssl pkcs12 -in cert.der.pfx -out cert.pem.pfx
Enter Import Password:********
MAC verified OK
Enter PEM pass phrase:********
Verifying - Enter PEM pass phrase:********

(22)PKCS#12形式から秘密鍵を取り出す
openssl pkcs12 -nocerts -in cert.der.pfx -out private.key.pem
Enter Import Password:********
MAC verified OK
Enter PEM pass phrase:********
Verifying - Enter PEM pass phrase:********

(23)PKCS#12形式から証明書を取り出す
openssl pkcs12 -nokeys -in cert.der.pfx -out cert.crt.pem
Enter Import Password:********
MAC verified OK

(24)証明書失効リストのテキスト表示
openssl crl -in cert.crl.pem -text

(25)ハッシュ値の求め方
openssl dgst -md5 private.key.pem
MD5(private.key.pem)= 66079f30dea987d7ad748fb46b3c38dd
openssl dgst -sha1 private.key.pem
SHA1(private.key.pem)= 68a7dd8561f93395016bef1bc50693262babecbe

(26)AESで暗号化(256bits CBCモード 共通鍵暗号方式)
openssl aes-256-cbc -e -in original.txt -out encrypted.txt
enter aes-256-cbc encryption password:********
Verifying - enter aes-256-cbc encryption password:********

(27)AESで復号化(256bits CBCモード 共通鍵暗号方式)
openssl aes-256-cbc -d -in encrypted.txt -out original.txt
enter aes-256-cbc decryption password:********

次回もお楽しみに!!

この広告は前回の更新から一定期間経過したブログに表示されています。更新すると自動で解除されます。