Chinaunix首页 | 论坛 | 博客
  • 博客访问: 566466
  • 博文数量: 375
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 15
  • 用 户 组: 普通用户
  • 注册时间: 2013-09-20 10:21
文章分类

全部博文(375)

文章存档

2015年(1)

2014年(374)

分类: LINUX

2014-08-18 13:37:15

原文地址:[手册] OpenSSL 之 rsa 命令 作者:ailms

RSA(1)       OpenSSL          RSA(1)
 
 
 
NAME
       rsa - RSA key processing tool
 
# 注释 :rsa 是 RSA key 处理工具
 
SYNOPSIS
       openssl rsa [-inform PEM│NET│DER] [-outform PEM│NET│DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-des]
                   [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pub-out] [-engine id]
 
DESCRIPTION
       The rsa command processes RSA keys. They can be converted between var-
       ious forms and their components printed out. Note this command uses
       the traditional SSLeay compatible format for private key encryption:
       newer applications should use the more secure PKCS#8 format using the
       pkcs8 utility.
 
# 注释 :rsa 命令处理 RSA private key 。可以打印一个 key 的信息,转换格式
 
# 要注意,该命令使用传统的 SSLeay 兼容格式来用于 private key 加密,新的应用程序应该使用更加安全的 PKCS#8 格式(pkcs8 命令)
 
COMMAND OPTIONS
       -inform DER│NET│PEM

    This specifies the input format. The DER option uses an ASN1 DER
    encoded form compatible with the PKCS#1 RSAPrivateKey or Subject-
    PublicKeyInfo format.  The PEM form is the default format: it con-
    sists of the DER format base64 encoded with additional header and
    footer lines. On input PKCS#8 format private keys are also
    accepted. The NET form is a format is described in the NOTES sec-
    tion.
        
        # 注释 :-inform 指出输入的 private key 的格式。 DER 使用 ASN1 DER 编码格式,兼容 PKCS#1  RSA private key
 
        # 或者 Subject-PublicKeyInfo 格式。而 PEM 格式是默认的格式 :它由 DER 格式经过 base64 编码,再加上 header 和 footer 行
 
        # 组成。该命令还接受 PKCS#8 格式
 
       -outform DER│NET│PEM
    This specifies the output format, the options have the same mean-
    ing as the -inform option.
 
        # 注释 :-outform 用于指定输出的格式。
 
       -in filename
    This specifies the input filename to read a key from or standard
    input if this option is not specified. If the key is encrypted a
    pass phrase will be prompted for.
 
        # 注释 :-in 指定输入的 key 文件名,默认是从 stdin 读取输入。
 
        # 如果 key 被加密,则会提示输入口令句,也可以通过 -passin 指定口令句
 
       -passin arg
    the input file password source. For more information about the
    format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
 
        # 注释 :-passin 指定输入的口令句来源
 
       -out filename
    This specifies the output filename to write a key to or standard
    output if this option is not specified. If any encryption options
    are set then a pass phrase will be prompted for. The output file-
    name should not be the same as the input filename.
 
        # 注释 :-out 指定输出的文件名。默认是输出到 stdout
 
        # 如果指定了加密选项,则会提示口令句,或者用 -passout
 
       -passout password
    the output file password source. For more information about the
    format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
 
       -sgckey
    use the modified NET algorithm used with some versions of
    Microsoft IIS and SGC keys.
 
       -des│-des3│-idea
    These options encrypt the private key with the DES, triple DES, or
    the IDEA ciphers respectively before outputting it. A pass phrase
    is prompted for.  If none of these options is specified the key is
    written in plain text. This means that using the rsa utility to
    read in an encrypted key with no encryption option can be used to
    remove the pass phrase from a key, or by setting the encryption
    options it can be use to add or change the pass phrase.  These
    options can only be used with PEM format output files.
 
        # 注释 :选择加密算法
 
       -text
    prints out the various public or private key components in plain
    text in addition to the encoded version.
 
        # 注释 :-text 打印 public key 或者 private key 的信息
 
       -noout
    this option prevents output of the encoded version of the key.
 
        # 注释 :-noout 防止输出 key 的编码版本,也就是不输出被解码的原来的 private key
 
       -modulus
    this option prints out the value of the modulus of the key.
 
        # 注释 :-modulus 打印key 的 modulus 值,同时输出解密后的 private key
 
       -check
    this option checks the consistency of an RSA private key.
 
        # 注释 :-check 检查一个 RSA private key 的一致性
 
       -pubin
    by default a private key is read from the input file: with this
    option a public key is read instead.
 
        # 注释 :-pubin 表示把输入的文件当成 public key 而不是 private key
 
       -pubout
    by default a private key is output: with this option a public key
    will be output instead. This option is automatically set if the
    input is a public key.
 
        # 注释 :-pubout 表示输出一个 public key ,
 
       -engine id
    specifying an engine (by it’s unique id string) will cause req to
    attempt to obtain a functional reference to the specified engine,
    thus initialising it if needed. The engine will then be set as the
    default for all available algorithms.
 
NOTES
       The PEM private key format uses the header and footer lines:
 
 -----BEGIN RSA PRIVATE KEY-----
 -----END RSA PRIVATE KEY-----
 
       The PEM public key format uses the header and footer lines:
 
 -----BEGIN PUBLIC KEY-----
 -----END PUBLIC KEY-----
 
       The NET form is a format compatible with older Netscape servers and
       Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
       It is not very secure and so should only be used when necessary.
 
       Some newer version of IIS have additional data in the exported .key
       files. To use these with the utility, view the file with a binary edi-
       tor and look for the string "private-key", then trace back to the byte
       sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data from
       this point onwards to another file and use that as the input to the
       rsa utility with the -inform NET option. If you get an error after
       entering the password try the -sgckey option.
 
EXAMPLES
       To remove the pass phrase on an RSA private key:
 
# 注释 :要去掉一个 rsa private key 的口令句,用下面的命令
 
     openssl rsa -in key.pem -out keyout.pem
 
       To encrypt a private key using triple DES:
 
# 注释 :要加密一个 private key(用 DES-3)用下面的命令
 
 openssl rsa -in key.pem -des3 -out keyout.pem
 
       To convert a private key from PEM to DER format:
 
# 注释 :把一个 PEM 格式的 private key 转成 DER 格式的
 
 openssl rsa -in key.pem -outform DER -out keyout.der
 
       To print out the components of a private key to standard output:
 
# 注释 :打印一个 private key 的信息到 stdout,用下面的命令
 
 openssl rsa -in key.pem -text -noout
 
       To just output the public part of a private key:
 
# 注释 :要输出一个 private key 对应的 public key,用下面的命令
 
 openssl rsa -in key.pem -pubout -out pubkey.pem
 
BUGS
       The command line password arguments don’t currently work with NET for-
       mat.
 
       There should be an option that automatically handles .key files, with-
       out having to manually edit them.
 
SEE ALSO
       pkcs8(1), dsa(1), genrsa(1), gendsa(1)
 
 
 
0.9.7a      2003-01-30          RSA(1)
 
阅读(690) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~