1、PKCS1私钥生成
# openssl genrsa -out private.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.................................................+++++
..........+++++
e is 65537 (0x010001)
private.pem 的内容如下:
# cat private.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEApr+dbhDYMKV9JbsezuZ2j+CJtl5Ww34K253FX6BRuQNxnaQd
UnXvDIEdyd96f58/xwTcSi9U9lzJgQ7ROCXLm7fcZ1DNGPNYcQfFBjNFy34mDdEF
GRbn6+bOahb/NCpI9lC8dkwoCTfiq58r+VzFlR+X/Jq0g5J4Uyi24EO9KL1dfwrk
mgdaCau6/gATom+2UYyIMmzgdZ2rrJoALWjv/cIducsBTfgS+oTV30bmoMMg1EWh
fQzbPG1Axqej1K0LJroxFF5VFsfx57ggxwyhbWxbXiYmbckD5QayRd5WDsO8T9ZU
Ab2Z/Tn6Mn3OnsLwgWBq4nij2W8OA6n3TkctYwIDAQABAoIBADMxMIvR8A0/QSSM
RfEPH+cb8Ctk2w45a+vwi9/HwE8kl4TmFXpzamhUW2jWiy0THulivJ6p2VOpONO+
UM0EDXZJBAlT7SNz0fshf4NfylWm7NfhC8egGKN7wHMhjEffk3bLYpCO4NuzpIs7
2qw7pw0ZHfgXJsQd+4LMRRikszYGLgF/CDRQ8H0n+RPceSrw4P0GYtOaNDaMwXEN
ov48L+QaYXEB9411YPmnpQsB+DZKI22J4LLRUMLP1gxLROsl3nMjSDT94Lx/TCp8
KFtgmnkdIEvKVzHIfv9c2HtNqpiQoe/88N9kN9+gV0ZN+t253TCJv7VU+S4KJoj7
EciAKkECgYEA00QhG08Ot4DQyJjQX72WcSppfnp9QrrRREFGpsUuYvOG9gwLHYSx
GAX9+889UduHQNxNODAhFJt4vh6jmrfVRLJnc9qP4qXDjU2VzeqX0vwPDU8xGK4M
NC71wDQjJEIBofhDB0XiKuIijQ9SbyfG51djEeLJZKwcEDdxUHYufsUCgYEAyg5e
Agx1Q/8g5gesVKBrl9UaSTWu+3fPDPTax35t4GbUlSktNE8RQWfYmutn5hjF4Rep
PeDln304MHW3EUakjgziHiAuDlo3R3e5pe1XUJwE7xPPQH1F6V0nv5Rzw+PSw7Ym
4hr3IUo3mw/DOkO5bbOFO7H1tDJE/PGOuvP2PgcCgYB6GC6V7LuRm5WNyJrsKdIu
9pbfLIUFspfMPXlKWjxznVALFGy8E3qRaq0dAOjsTNW+y1KpPU9w7GT8YxKkEMfl
GsGk99Qd5TS9jfAcgA5cNaWxSGoUXEnbQqRt/vOsOaVd6O873cxWgjf7k7ZNXQyb
mCo+JPXFA554VMJdAN/gDQKBgHIVWJjZheBljaKzlGaXyQgKR3Qsfmb3h40uNtTK
mqlIBiFOBXryZbDDPHaEEb7GH/vuix0n/R5m6jHaVQnJFCIsPgN6ceaio3GTtNtt
vY4C+XoveiZUVQPlGAtAe3iQCrF8CEpDpWNDb0/6v2UHVgwNf11sJmmetHsIvGjs
VA1DAoGAdTXolXfHeoF6Wuaqo+u0INgtq3qxx+L2cVqcNZL3Uyv00N+0f1ZNd555
FprUA3PaivGsuO3eAHT4EXT0Iz7606az49tkGrbKQNBNdfs2dinGBEmbU0W1xroX
PzUQbnXskicn6N3GAJJgOtccSFcjwSRPBbOlyVCZzc9pYDH36yk=
-----END RSA PRIVATE KEY-----
2、PKCS1私钥转换为PKCS8
# openssl pkcs8 -topk8 -inform PEM -in private.pem -outform pem -nocrypt -out pkcs8.pem
pkcs8.pem文件内容
# cat pkcs8.pem
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCmv51uENgwpX0l
ux7O5naP4Im2XlbDfgrbncVfoFG5A3GdpB1Sde8MgR3J33p/nz/HBNxKL1T2XMmB
DtE4Jcubt9xnUM0Y81hxB8UGM0XLfiYN0QUZFufr5s5qFv80Kkj2ULx2TCgJN+Kr
nyv5XMWVH5f8mrSDknhTKLbgQ70ovV1/CuSaB1oJq7r+ABOib7ZRjIgybOB1naus
mgAtaO/9wh25ywFN+BL6hNXfRuagwyDURaF9DNs8bUDGp6PUrQsmujEUXlUWx/Hn
uCDHDKFtbFteJiZtyQPlBrJF3lYOw7xP1lQBvZn9Ofoyfc6ewvCBYGrieKPZbw4D
qfdORy1jAgMBAAECggEAMzEwi9HwDT9BJIxF8Q8f5xvwK2TbDjlr6/CL38fATySX
hOYVenNqaFRbaNaLLRMe6WK8nqnZU6k4075QzQQNdkkECVPtI3PR+yF/g1/KVabs
1+ELx6AYo3vAcyGMR9+TdstikI7g27OkizvarDunDRkd+BcmxB37gsxFGKSzNgYu
AX8INFDwfSf5E9x5KvDg/QZi05o0NozBcQ2i/jwv5BphcQH3jXVg+aelCwH4Nkoj
bYngstFQws/WDEtE6yXecyNINP3gvH9MKnwoW2CaeR0gS8pXMch+/1zYe02qmJCh
7/zw32Q336BXRk363bndMIm/tVT5LgomiPsRyIAqQQKBgQDTRCEbTw63gNDImNBf
vZZxKml+en1CutFEQUamxS5i84b2DAsdhLEYBf37zz1R24dA3E04MCEUm3i+HqOa
t9VEsmdz2o/ipcONTZXN6pfS/A8NTzEYrgw0LvXANCMkQgGh+EMHReIq4iKND1Jv
J8bnV2MR4slkrBwQN3FQdi5+xQKBgQDKDl4CDHVD/yDmB6xUoGuX1RpJNa77d88M
9NrHfm3gZtSVKS00TxFBZ9ia62fmGMXhF6k94OWffTgwdbcRRqSODOIeIC4OWjdH
d7ml7VdQnATvE89AfUXpXSe/lHPD49LDtibiGvchSjebD8M6Q7lts4U7sfW0MkT8
8Y668/Y+BwKBgHoYLpXsu5GblY3Imuwp0i72lt8shQWyl8w9eUpaPHOdUAsUbLwT
epFqrR0A6OxM1b7LUqk9T3DsZPxjEqQQx+UawaT31B3lNL2N8ByADlw1pbFIahRc
SdtCpG3+86w5pV3o7zvdzFaCN/uTtk1dDJuYKj4k9cUDnnhUwl0A3+ANAoGAchVY
mNmF4GWNorOUZpfJCApHdCx+ZveHjS421MqaqUgGIU4FevJlsMM8doQRvsYf++6L
HSf9HmbqMdpVCckUIiw+A3px5qKjcZO02229jgL5ei96JlRVA+UYC0B7eJAKsXwI
SkOlY0NvT/q/ZQdWDA1/XWwmaZ60ewi8aOxUDUMCgYB1NeiVd8d6gXpa5qqj67Qg
2C2rerHH4vZxWpw1kvdTK/TQ37R/Vk13nnkWmtQDc9qK8ay47d4AdPgRdPQjPvrT
prPj22QatspA0E11+zZ2KcYESZtTRbXGuhc/NRBudeySJyfo3cYAkmA61xxIVyPB
JE8Fs6XJUJnNz2lgMffrKQ==
-----END PRIVATE KEY-----
3、PKCS8格式私钥转换为PKCS1(传统私钥格式)
# openssl rsa -in pkcs8.pem -out pkcs1.pem
writing RSA key
pkcs1.pem文件内容如下:
cat pkcs1.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEApr+dbhDYMKV9JbsezuZ2j+CJtl5Ww34K253FX6BRuQNxnaQd
UnXvDIEdyd96f58/xwTcSi9U9lzJgQ7ROCXLm7fcZ1DNGPNYcQfFBjNFy34mDdEF
GRbn6+bOahb/NCpI9lC8dkwoCTfiq58r+VzFlR+X/Jq0g5J4Uyi24EO9KL1dfwrk
mgdaCau6/gATom+2UYyIMmzgdZ2rrJoALWjv/cIducsBTfgS+oTV30bmoMMg1EWh
fQzbPG1Axqej1K0LJroxFF5VFsfx57ggxwyhbWxbXiYmbckD5QayRd5WDsO8T9ZU
Ab2Z/Tn6Mn3OnsLwgWBq4nij2W8OA6n3TkctYwIDAQABAoIBADMxMIvR8A0/QSSM
RfEPH+cb8Ctk2w45a+vwi9/HwE8kl4TmFXpzamhUW2jWiy0THulivJ6p2VOpONO+
UM0EDXZJBAlT7SNz0fshf4NfylWm7NfhC8egGKN7wHMhjEffk3bLYpCO4NuzpIs7
2qw7pw0ZHfgXJsQd+4LMRRikszYGLgF/CDRQ8H0n+RPceSrw4P0GYtOaNDaMwXEN
ov48L+QaYXEB9411YPmnpQsB+DZKI22J4LLRUMLP1gxLROsl3nMjSDT94Lx/TCp8
KFtgmnkdIEvKVzHIfv9c2HtNqpiQoe/88N9kN9+gV0ZN+t253TCJv7VU+S4KJoj7
EciAKkECgYEA00QhG08Ot4DQyJjQX72WcSppfnp9QrrRREFGpsUuYvOG9gwLHYSx
GAX9+889UduHQNxNODAhFJt4vh6jmrfVRLJnc9qP4qXDjU2VzeqX0vwPDU8xGK4M
NC71wDQjJEIBofhDB0XiKuIijQ9SbyfG51djEeLJZKwcEDdxUHYufsUCgYEAyg5e
Agx1Q/8g5gesVKBrl9UaSTWu+3fPDPTax35t4GbUlSktNE8RQWfYmutn5hjF4Rep
PeDln304MHW3EUakjgziHiAuDlo3R3e5pe1XUJwE7xPPQH1F6V0nv5Rzw+PSw7Ym
4hr3IUo3mw/DOkO5bbOFO7H1tDJE/PGOuvP2PgcCgYB6GC6V7LuRm5WNyJrsKdIu
9pbfLIUFspfMPXlKWjxznVALFGy8E3qRaq0dAOjsTNW+y1KpPU9w7GT8YxKkEMfl
GsGk99Qd5TS9jfAcgA5cNaWxSGoUXEnbQqRt/vOsOaVd6O873cxWgjf7k7ZNXQyb
mCo+JPXFA554VMJdAN/gDQKBgHIVWJjZheBljaKzlGaXyQgKR3Qsfmb3h40uNtTK
mqlIBiFOBXryZbDDPHaEEb7GH/vuix0n/R5m6jHaVQnJFCIsPgN6ceaio3GTtNtt
vY4C+XoveiZUVQPlGAtAe3iQCrF8CEpDpWNDb0/6v2UHVgwNf11sJmmetHsIvGjs
VA1DAoGAdTXolXfHeoF6Wuaqo+u0INgtq3qxx+L2cVqcNZL3Uyv00N+0f1ZNd555
FprUA3PaivGsuO3eAHT4EXT0Iz7606az49tkGrbKQNBNdfs2dinGBEmbU0W1xroX
PzUQbnXskicn6N3GAJJgOtccSFcjwSRPBbOlyVCZzc9pYDH36yk=
-----END RSA PRIVATE KEY-----
4、生成自签名证书
# openssl req -x509 -newkey rsa:2048 -keyout privatekey.pem -out publickey.pem -days 99999 -nodesGenerating a RSA private key
............................+++++
...............+++++
writing new private key to 'privatekey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:aqwu.net
Organizational Unit Name (eg, section) []:aqwu.net
Common Name (eg, your name or your server's hostname) []:aqwu.net
Email Address []:support@aqwu.net
显示 privatekey.pem 内容# cat privatekey.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUzggyx69cTG2n
3itcnWMYY1JSGd+kQ4eNrQKyHu5nIXfsca4qAOqfucX+qTzMsXGgiYcXpgAHTwIl
HHAkFnBZSTPhv9761OfILvdyvjkhE3D0AUbI/6mU/LYFxA6NxG4/ljev3MxY8wcV
TRLLPIjbLaPxKnoZZ3YPI/Z4IXNsoEScEUJeEzpIjkuNU1Bf6r/1WzAAdHKnaaks
Kk3WwJcZJyIPwX5NgM5unMUkIqx4ri0v8g+ONI3VSjne3E/NCqpp7dNqvMDqakF6
YOrMZZ1PJmBz+Y7qKLq8sWjQATeKqdqxPcveItTXaXaJiKamVRAq5pyzWCIpr+bN
+yRM124LAgMBAAECggEBAMosf992lOS0e81rJnkT0cyet9vmVvGhcowoHZKKDmcO
hfetvRCM1FsxTKj3shqqTlB9uEnAXPCUoG4PiX7PjqdVA6Rq/HYDhb1K2a46iN4i
sUIwYEaflkZEnM33iPgo8bEZjwhWVhH/ufADzGInvcG1p7Z8a4ntIF2cBhH1fcpo
8MaoTRUL0NCzVCIjVFPlcJj+3rx6i5FSIYuHWgk3CdOBqrVY6UbqT34irbJYoPnE
Ypz5Vqxj41By1b81PlK6PY47n0VjaK3NWUL8Xc1zsKBNIs5h56nm13+ft5VAtb26
S3biarwfSs07wPCt5dieRoz9dOoTPMAGeKpB6Fwh8NECgYEA+IkQKmTRHMrHzaP4
ILHTb9du9NIZj1jHKYxqn35ZEs6z2VneJHBYJpBXIDDacOIBK2LJWUNNMku/ggLp
RxJBo4Rj4VQuKXSM6RCiGaw21wEEyQcTmSeIXSN5NW4M9XvUNZZ9LXxkkSmSsGrH
1QaLEGpCbtjEx4UdkMZYr5inm4MCgYEA2zI+a0oeAwsecptbfy9ZHe/uxfMwJdIo
Vu/miZCX0txwRgFIrbqOruWxWSDcptNR/tK44u/3IoyauUxNf89FYHH1CcdwYBKC
BtNMt41ntR92Jml8ohgjIQdcJcLUio9Yptr1G9ts91hfhlO3G/WpytCOqNElqFSO
Fw2/BUq6NNkCgYEA2lVmaye4AIgvsHq8TtSJP3ZNViuAIsrF470kKcsQKxKFMord
OLus5OvmbjQcohAZIOkeoxkZpvaeXXN7RWFHYoO6Tsfp6acm5tQi41TDtGuDrapW
0DPHerLgF0z/e2R2D0GN5DikDFYuNGcJ+B1Qa3I9vC0X6YMKbxWf8Vq020sCgYB8
PTw336inHPRDDV+M9S9T0pzJwg82QKnwrMVEj5oeQCe65htlrOoWo8YjuIaYYAqH
nrSAnHa9NGi2QlNi7/5ore6vfkVpjtP4PmerWhDADncPSpcD4R54KA3IsWd6qckb
udtX0MUwZPyvzF9rD5EPjapucS0g/dwToQz2WOa18QKBgEknuoKPeykoIQuuP8+p
d/yedt6lW7aNvdwdjhxfm1/pe3udXXcrABBhjA3S7NBW09k29YJ+eCFhx9TRG/A6
cyTb2JAqEJ++JQSfkzPJkOk4PUUFgT89eQgVE15hNvpBJb2S+VQXEX8vnbWPtTTB
wyjzzaxVGobHeZ+MpwAO03c5
-----END PRIVATE KEY-----
显示 publickey.pem 内容
# cat publickey.pem
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIUCq+AqxgwC97wRDgqNnrvbOANswQwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdC
ZWlqaW5nMREwDwYDVQQKDAhhcXd1Lm5ldDERMA8GA1UECwwIYXF3dS5uZXQxETAP
BgNVBAMMCGFxd3UubmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QGFxd3UubmV0
MCAXDTIyMTEyMTEwMjczN1oYDzIyOTYwOTA0MTAyNzM3WjCBizELMAkGA1UEBhMC
Q04xEDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0JlaWppbmcxETAPBgNVBAoM
CGFxd3UubmV0MREwDwYDVQQLDAhhcXd1Lm5ldDERMA8GA1UEAwwIYXF3dS5uZXQx
HzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAYXF3dS5uZXQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDUzggyx69cTG2n3itcnWMYY1JSGd+kQ4eNrQKyHu5n
IXfsca4qAOqfucX+qTzMsXGgiYcXpgAHTwIlHHAkFnBZSTPhv9761OfILvdyvjkh
E3D0AUbI/6mU/LYFxA6NxG4/ljev3MxY8wcVTRLLPIjbLaPxKnoZZ3YPI/Z4IXNs
oEScEUJeEzpIjkuNU1Bf6r/1WzAAdHKnaaksKk3WwJcZJyIPwX5NgM5unMUkIqx4
ri0v8g+ONI3VSjne3E/NCqpp7dNqvMDqakF6YOrMZZ1PJmBz+Y7qKLq8sWjQATeK
qdqxPcveItTXaXaJiKamVRAq5pyzWCIpr+bN+yRM124LAgMBAAGjUzBRMB0GA1Ud
DgQWBBQuOdzBzuHeuIoNllhqyqIQPyjQODAfBgNVHSMEGDAWgBQuOdzBzuHeuIoN
llhqyqIQPyjQODAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB2
ohECjyzZZNWYxBO1qFFmc6jDgSDRirZJnbwEO1UOXZ223NTdvFhjIkx6n8RAb14H
cbRzJzgkHJvBiTkwSnMzcIkJGs16h2H5ZmXyUK3tnvribi3kIKa8tVL119J1MxkO
8l9/mk6Hc3dTYoxwjb5nlFZxj5E1X/5he9XrZ8ms8lIXChFmFLtk1W23+MPE7iVE
6HOsUZzCyJwADanRl0tbBmen5rBhbTVDkFB70IYnnQmTTXAd+HE5PTI2vQYE8mZN
DY8XMg6XC+S2L6ytj1l/DrxKAOEJgi7/0DhvFRhhH3rXgUL7gcibZ8pfN4r23QId
g8DZOZJqKcizWkziVzeN
-----END CERTIFICATE-----
5、计算文件md5值
# openssl md5 pkcs1.pem
MD5(pkcs1.pem)= e935f6f3d17569bea7eafc979ef7deae
6、计算文件sha1值
# openssl sha1 pkcs1.pem
SHA1(pkcs1.pem)= bed2d51c2de51b8ee6ae8524fe9bb53dd0bee2e6
7、计算文件sha256值
# openssl sha256 pkcs1.pem
SHA256(pkcs1.pem)= 77bda6152892c2df3e9774fe84462aad6dff2a4161fa4acb9bd64a3aa5bf4f3a
8、计算文件sha512值
# openssl sha512 pkcs1.pem
SHA512(pkcs1.pem)= fbbce7cae85eae9983c15854bc16ea2b765961ae1f5841307942b1111c9cfc238eb773efac6b7f09cad69eff722b134f5ac048ca38317192a1ee4404e846868e9、openssl 帮助
# openssl help
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dhparam
dsa dsaparam ec ecparam
enc engine errstr gendsa
genpkey genrsa help list
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand rehash
req rsa rsautl s_client
s_server s_time sess_id smime
speed spkac srp storeutl
ts verify version x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 gost md2
md4 md5 rmd160 sha1
sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512
sha512-224 sha512-256 shake128 shake256
sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 rc5 rc5-cbc
rc5-cfb rc5-ecb rc5-ofb seed
seed-cbc seed-cfb seed-ecb seed-ofb
zlib