Last active
August 6, 2018 02:06
-
-
Save jorben/4bfbb57955f3a654193a833233bcdb02 to your computer and use it in GitHub Desktop.
RSA加解密,签名、验签文件
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) Generate RSA key: | |
| $ openssl genrsa -out key.pem 1024 | |
| $ openssl rsa -in key.pem -text -noout | |
| 2) Save public key in pub.pem file: | |
| $ openssl rsa -in key.pem -pubout -out pub.pem | |
| $ openssl rsa -in pub.pem -pubin -text -noout | |
| 3) Encrypt some data: | |
| $ echo test test test > file.txt | |
| $ openssl rsautl -encrypt -inkey pub.pem -pubin -in file.txt -out file.bin | |
| 4) Decrypt encrypted data: | |
| $ openssl rsautl -decrypt -inkey key.pem -in file.bin | |
| It works like a charm | |
| 私钥生成签名 | |
| $openssl rsautl -sign -inkey key.pem -in md.txt -out sign.bin | |
| 公钥验证签名 | |
| $openssl rsautl -verify -inkey pub.pem -pubin -in sign.bin -out sign.txt | |
| cer证书中提取公钥 | |
| openssl x509 -outform PEM -in gzcb_1.cer -pubkey -out gzcb_1.pem | |
| 从pfx提取密钥信息,并转换为key格式(pfx使用pkcs12模式补足) | |
| 1、提取密钥对(如果pfx证书已加密,会提示输入密码。) | |
| openssl pkcs12 -in 1.pfx -nocerts -nodes -out 1.key | |
| 2、从密钥对提取私钥 | |
| openssl rsa -in 1.key -out 1_pri.key | |
| 3、从密钥对提取公钥 | |
| openssl rsa -in 1.key -pubout -out 1_pub.key | |
| 4、因为RSA算法使用的是pkcs8模式补足,需要对提取的私钥进一步处理 | |
| openssl pkcs8 -in 1_pri.key -out 1_pri.p8 -outform der -nocrypt -topk8 | |
| #shell openssl 签名验签 | |
| #!/bin/bash | |
| PRE_MD5='3020300c06082a864886f70d020505000410' | |
| PUB_KEY='./gzcb_3000000001_pub.key' | |
| REPORT_FILE='./report.txt' | |
| TMP_SIGNN_FILE='./signn.txt' | |
| TMP_SIGNN_BIN_FILE='./signn.bin' | |
| TMP_REPORT_MD5_FILE='./md5check.txt' | |
| TMP_REPORT_MD5_BIN_FILE='./md5check.bin' | |
| TMP_DATA_FILE='./report.data.csv' | |
| VERIFY_RESULT_FILE='./verifyresult.txt' | |
| tail -1 $REPORT_FILE |awk -F"," '{print $6}' |base64 -d > $TMP_SIGNN_BIN_FILE | |
| grep '^R\|^T' $REPORT_FILE > $TMP_DATA_FILE | |
| openssl rsautl -verify -pubin -inkey $PUB_KEY -in $TMP_SIGNN_BIN_FILE |xxd -p | tr -d '\n' > $VERIFY_RESULT_FILE | |
| openssl dgst -md5 $TMP_DATA_FILE > $TMP_REPORT_MD5_FILE | |
| read dirty1 BUF dirty2 < $TMP_REPORT_MD5_FILE | |
| echo $PRE_MD5$BUF | tr -d '\n' > $TMP_REPORT_MD5_FILE | |
| diff $TMP_REPORT_MD5_FILE $VERIFY_RESULT_FILE | |
| if [[ $? = 0 ]];then | |
| echo "check pass!" | |
| else | |
| echo "not match!" | |
| fi | |
| #PRI_KEY='./gzcb_3000000001_pri.key' | |
| #cat $TMP_REPORT_MD5_FILE |xxd -r -p > $TMP_REPORT_MD5_BIN_FILE | |
| #openssl rsautl -sign -inkey $PRI_KEY -in $TMP_REPORT_MD5_BIN_FILE -out $TMP_SIGNN_BIN_FILE | |
| #base64 $TMP_SIGNN_BIN_FILE > $TMP_SIGNN_FILE | |
| # python 签名 | |
| from Crypto.Signature import PKCS1_v1_5 as pk | |
| from Crypto.PublicKey import RSA | |
| # from Crypto.Hash import SHA # 使用SHA或MD5签名 | |
| from Crypto.Hash import MD5 | |
| prikey= RSA.importKey(open('./pri.key','r').read()) | |
| content = "hello world!" | |
| hash = MD5.new(content) | |
| signer = pk.new(prikey) | |
| signn=signer.sign(hash) | |
| signn=base64.b64encode(signn) | |
| # python 验签 | |
| from Crypto.Signature import PKCS1_v1_5 as pk | |
| from Crypto.PublicKey import RSA | |
| # from Crypto.Hash import SHA # 使用SHA或MD5签名 | |
| from Crypto.Hash import MD5 | |
| import base64 | |
| pubkey= RSA.importKey(open('./pub.pem','r').read()) | |
| signn=base64.b64decode("XXxxXX==") | |
| verifier = pk.new(pubkey) | |
| verifier.verify(SHA.new("source string"), signn) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment