在终端输入命令
openssl version,即可查看已安装的OpenSSL版本。如需使用其他功能,请查阅相关文档。
在Ubuntu上安装并使用OpenSSL,可以按照以下步骤进行:
1、更新系统软件包列表:
sudo aptget update
2、安装OpenSSL:
sudo aptget install openssl
3、查看OpenSSL版本:
openssl version
4、生成自签名证书:
创建一个私钥:
openssl genrsa out private_key.pem 2048
从私钥中提取公钥:
openssl rsa in private_key.pem pubout out public_key.pem
生成自签名证书:
openssl req new x509 key private_key.pem out certificate.crt days 365 subj "/CN=example.com"
/CN=example.com表示证书的Common Name,可以根据实际情况进行修改。
5、使用OpenSSL进行加密和解密操作:
使用公钥加密文件:
openssl rsautl encrypt inkey public_key.pem pubin in plaintext.txt out encrypted.bin
使用私钥解密文件:
openssl rsautl decrypt inkey private_key.pem in encrypted.bin out decrypted.txt
plaintext.txt是待加密的明文文件,encrypted.bin是加密后的文件,decrypted.txt是解密后的明文文件。
6、使用OpenSSL进行握手和通信测试:
生成CA证书(可选):
openssl req x509 new nodes keyout ca_key.pem out ca_cert.pem days 365 subj "/CN=CA"
生成服务器证书:
openssl req new nodes keyout server_key.pem out server_req.pem days 365 subj "/CN=example.com"
生成客户端证书:
openssl req newkey rsa:2048 nodes keyout client_key.pem out client_req.pem days 365 subj "/CN=client"
签署服务器证书:
openssl x509 req in server_req.pem CA ca_cert.pem CAkey ca_key.pem CAcreateserial out server_cert.pem days 365 extfile server_ext.cnf
server_ext.cnf是一个包含扩展字段的文件,
```
[ v3_ca ]
basicConstraints = CA:TRUE, pathlen:0
```
签署客户端证书:
openssl x509 req in client_req.pem CA ca_cert.pem CAkey ca_key.pem CAcreateserial out client_cert.pem days 365 extfile client_ext.cnf
生成服务器私钥:
openssl rsa in server_key.pem out server_private_key.pem
生成客户端私钥:
openssl rsa in client_key.pem out client_private_key.pem
使用服务器私钥和证书进行握手和通信测试(以Python为例):
import socket, ssl, os, sys, select, errno, time, pty, signal, atexit, string, struct, binascii, array, cStringIO as StringIO, threading, fcntl, termios, tty, pty, struct, select, math, time, copy, base64, binascii, zlib, urllib2, urllib2 as urllib, hashlib, hmac, random, getpass, mimetools, netrc, tempfile, grp, pwd, os, platform, urandom, re, optparse, getopt, readline, codecs, tokenize, stringprep, io as iolib, pipes as pipelib, queue as queuelib, itertools as itertoolslib; from OpenSSL import crypto; import OpenSSL; from OpenSSL import PKey; from OpenSSL import X509; from OpenSSL import ASN1; from OpenSSL import DER; from OpenSSL import Cryptography; from OpenSSL import Encryption; from OpenSSL import Error as e; from OpenSSL import BIO; from OpenSSL import RAND; from OpenSSL import OID; from OpenSSL import X509V3_EXT; from OpenSSL import X509StoreContext; from OpenSSL import X509Store; from OpenSSL import X509Req; from OpenSSL import X509Extension; from OpenSSL import X509CertInfo; from OpenSSL import X509Util; from OpenSSL import X509Name; from OpenSSL import X509PublicKey; from OpenSSL import X509CrlInfo; from OpenSSL import X509CRLSet; from OpenSSL import X509RevokedInfo; from OpenSSL import X509SubjectKeyIdentifier; from OpenSSL import X509Extensions; from OpenSSL import X509ObjectIdentifier; from OpenSSL import X509Asn1Encoding; from OpenSSL import X509Asn1Parser; from OpenSSL import X509Asn1Node; from OpenSSL import X509Version; from OpenSSL import X509SerialNumber; from OpenSSL import X509TextStringType; from OpenSSL import X509Time; from OpenSSL import X509AlarmTime; from OpenSSL import X509AuthorityKeyIdentifier; from OpenSSL import X509BasicConstraintsExtension; from OpenSSL import X509ExtendedKeyUsageExtension; from OpenSSL import X509KeyUsageExtension; from OpenSSL import X509NSPathSANExtension; from OpenSSL import NPN_free; from OpenSSL import NPN_URLSearchArgFree; from OpenSSL import NPN_UTF8Free; from OpenSSL import NPN_RefFree; from OpenSSL import NPN_MemFree; from OpenSSL import NPN_FreeDebugData; from OpenSSL import NPN_Destructor; from OpenSSL import NPN_NewContext; from OpenSSL import NPN_DestroyContext; from OpenSSL import NPN_EncodeUrl; from OpenSSL import NPN_DecodeUrl; from OpenSSL import NPN_PostURLNotifyRequestUIThreadSafetyProcHooks; from OpenSSL import NPN_GetValueCallbackClientDataProcHooks; from OpenSSL import NPN_GetValueCallbackClientDataProcHooksEx; from OpenSSL import NPN_SetValueCallbackClientDataProcHooksEx; from OpenSSL import NPN_EnumJsObjectsProcHooksEx; from OpenSSL import NPN_EnumJsObjectsProcHooksEx2; from OpenSSL import NPN_DestroyJavaGlueProcHooksEx2; from OpenSSL import NPN_DestroyJavaGlueProcHooksEx2WithFlags; from OpenSSL import NPN_ResetGlobalStateProcHooksEx2WithFlags; from OpenSSL import NPN_ShutdownGlobalStateProcHooksEx2WithFlags; from OpenSSL import NPN_IsReadyForShutdownProcHooksEx2WithFlags;from httplib2clients.packages.urllib3clientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclassclientconnectionpoolmanagerimplbaseclass
原创文章,作者:K-seo,如若转载,请注明出处:https://www.kdun.cn/ask/506651.html
微信扫一扫 