1. 产生私钥 (private key)
$ openssl genrsa -out key.pem 1024
结果是生成一个私钥文件: key.pem
$ file key.pem
key.pem: PEM RSA private key
2. 产生对应的公钥 (public key)
$ openssl rsa -in key.pem -pubout -out pub.pem
结果是生成一个公钥文件: pub.pem
$ file pub.pem
pub.pem: ASCII text
3. 使用公钥来加密字符串
因为openssl加密的是字节流, 为了便于观察, 我们的例子把所有的输入输出变成可读字符串,对于密文使用base64进行编码
$ echo -n "abcd" | openssl rsautl -encrypt -oaep -pubin -inkey pub.pem | openssl enc -A -base64
V6OdcZsflfYmQw0hMmf1Vg/X3N92JU7uIg2DxXQCJLoybo1TYvP+Nh944MuoVy+Z9BxE5h1sea8TIS81RXYAhif3rIy0FPNThNZcy1ryVu5odNLX/P01WdMYzYZvj5opoWka23cw5s5DnQJBklh9hLDiPcFR+8vuf0oEj+RsB24=
4. 使用私钥来解密前面生成的加密串
$ export CIPHER="V6OdcZsflfYmQw0hMmf1Vg/X3N92JU7uIg2DxXQCJLoybo1TYvP+Nh944MuoVy+Z9BxE5h1sea8TIS81RXYAhif3rIy0FPNThNZcy1ryVu5odNLX/P01WdMYzYZvj5opoWka23cw5s5DnQJBklh9hLDiPcFR+8vuf0oEj+RsB24="
$ echo -n ${CIPHER} | openssl enc -A -base64 -d | openssl rsautl -decrypt -oaep -inkey key.pem
abcd
5. 参数说明
- -inkey file
the input key file, by default it should be an RSA private key. - -pubin
the input file is an RSA public key. - -encrypt
encrypt the input data using an RSA public key. - -decrypt
decrypt the input data using an RSA private key. - -oaep
the padding algorithm is used, optimal asymmetric encryption padding (OAEP)
