嵌入式开发基础

实验一 嵌入式开发基础

1-3 学时实践要求(30 分)

  1. 参考云班课相关教学视频,在 Ubuntu或openEuler中(推荐 openEuler)中实践课程思维导图中OpenSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(5分)

openssl cmd

tongshijia@Sodom:~/test1$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

openssl list -help

tongshijia@Sodom:~/test1$ openssl list -help
Usage: list [options]

General options:
 -help                     Display this summary

Output options:
 -1                        List in one column
 -verbose                  Verbose listing
 -select val               Select a single algorithm
 -commands                 List of standard commands
 -standard-commands        List of standard commands
 -digest-commands          List of message digest commands (deprecated)
 -digest-algorithms        List of message digest algorithms
 -kdf-algorithms           List of key derivation and pseudo random function algorithms
 -random-instances         List the primary, public and private random number generator details
 -random-generators        List of random number generators
 -mac-algorithms           List of message authentication code algorithms
 -cipher-commands          List of cipher commands (deprecated)
 -cipher-algorithms        List of cipher algorithms
 -encoders                 List of encoding methods
 -decoders                 List of decoding methods
 -key-managers             List of key managers
 -key-exchange-algorithms  List of key exchange algorithms
 -kem-algorithms           List of key encapsulation mechanism algorithms
 -signature-algorithms     List of signature algorithms
 -asymcipher-algorithms    List of asymmetric cipher algorithms
 -public-key-algorithms    List of public key algorithms
 -public-key-methods       List of public key methods
 -store-loaders            List of store loaders
 -providers                List of provider information
 -engines                  List of loaded engines
 -disabled                 List of disabled features
 -options val              List options for specified command
 -objects                  List built in objects (OID<->name mappings)

Provider options:
 -provider-path val        Provider load path (must be before 'provider' argument if required)
 -provider val             Provider to load (can be specified multiple times)
 -propquery val            Property query used when fetching algorithms

openssl <==>openssl help

tongshijia@Sodom:~/test1$ openssl -help
help:

Standard commands
asn1parse         ca                ciphers           cmp
cms               crl               crl2pkcs7         dgst
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
fipsinstall       gendsa            genpkey           genrsa
help              info              kdf               list
mac               nseq              ocsp              passwd
pkcs12            pkcs7             pkcs8             pkey
pkeyparam         pkeyutl           prime             rand
rehash            req               rsa               rsautl
s_client          s_server          s_time            sess_id
smime             speed             spkac             srp
storeutl          ts                verify            version
x509

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        md4               md5
rmd160            sha1              sha224            sha256
sha3-224          sha3-256          sha3-384          sha3-512
sha384            sha512            sha512-224        sha512-256
shake128          shake256          sm3

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64
bf                bf-cbc            bf-cfb            bf-ecb
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb
cast5-ofb         des               des-cbc           des-cfb
des-ecb           des-ede           des-ede-cbc       des-ede-cfb
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb
des-ede3-ofb      des-ofb           des3              desx
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            seed              seed-cbc          seed-cfb
seed-ecb          seed-ofb          sm4-cbc           sm4-cfb
sm4-ctr           sm4-ecb           sm4-ofb

数据输入输出 文本

tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo 123 | od -tx1 -tc
0000000  31  32  33  0a
          1   2   3  \n
0000004
tongshijia@Sodom:~/test1$  echo -n 123 | od -tx1 -tc
0000000  31  32  33
          1   2   3
0000003
tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo -n 123 | openssl sm3
SM3(stdin)= 6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
tongshijia@Sodom:~/test1$ echo 123 > 123.txt
tongshijia@Sodom:~/test1$ openssl sm3 -file 123.txt
SM3(123.txt)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
tongshijia@Sodom:~/test1$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

数据输入输出 二进制

tongshijia@Sodom:~/test1$ echo "obase=16;123" | bc
7B
tongshijia@Sodom:~/test1$ echo -n -e "\x7B" > 123.bin
tongshijia@Sodom:~/test1$ od -tx1 123.bin
0000000 7b
0000001
tongshijia@Sodom:~/test1$ openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
tongshijia@Sodom:~/test1$ echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344

常用命令 prime

tongshijia@Sodom:~/test1$ openssl prime -help
Usage: prime [options] [number...]

General options:
 -help               Display this summary
 -bits +int          Size of number in bits
 -checks +int        Number of checks

Output options:
 -hex                Hex output
 -generate           Generate a prime
 -safe               When used with -generate, generate a safe prime

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 number              Number(s) to check for primality if not generating

素性检查

tongshijia@Sodom:~/test1$ openssl prime 3
3 (3) is prime
tongshijia@Sodom:~/test1$ openssl prime 33
21 (33) is not prime
tongshijia@Sodom:~/test1$ openssl prime -checks 10 33
21 (33) is not prime
tongshijia@Sodom:~/test1$ openssl prime -hex 4F
4F (4F) is prime

素数产生

tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10
773
tongshijia@Sodom:~/test1$ openssl prime 773
305 (773) is prime
tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10
787
tongshijia@Sodom:~/test1$ openssl prime 787
313 (787) is prime
tongshijia@Sodom:~/test1$ openssl prime -generate -bits 10 -hex
03F5
tongshijia@Sodom:~/test1$ openssl prime -hex 03F5
3F5 (03F5) is prime

常用命令 rand

tongshijia@Sodom:~/test1$ openssl rand -help
Usage: rand [options] num

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device

Output options:
 -out outfile        Output file
 -base64             Base64 encode output
 -hex                Hex encode output

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 num                 Number of bytes to generate

随机数产生

tongshijia@Sodom:~/test1$ openssl rand 10
��[�e�TVE  
tongshijia@Sodom:~/test1$ openssl rand 10 | od -tx1
0000000 33 bf a5 aa c5 5f fe ba 34 c7
0000012
tongshijia@Sodom:~/test1$ openssl rand 10 | xxd -p
fe40389a89ff96c9d76a
tongshijia@Sodom:~/test1$ openssl rand -hex 10
44e60c1d076e46f658e6
tongshijia@Sodom:~/test1$ openssl rand -base64 10
+mj3jyNaV7q4tw==

随机数文件

tongshijia@Sodom:~/test1$ openssl rand -out r1.bin 10
tongshijia@Sodom:~/test1$ od -tx1 r1.bin
0000000 28 32 ba 62 5c 2b 6d 82 8e 0a
0000012
tongshijia@Sodom:~/test1$ openssl rand 10 > r2.bin
tongshijia@Sodom:~/test1$ cat r2.bin | xxd -p
0947837109c9f70ad378

常用指令 base

tongshijia@Sodom:~/test1$ openssl base64 -help
Usage: base64 [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

编码解码

tongshijia@Sodom:~/test1$ echo tsj | openssl base64
dHNqCg==
tongshijia@Sodom:~/test1$ echo tsj | openssl base64 -e
dHNqCg==
tongshijia@Sodom:~/test1$ echo dHNqCg== | openssl base64 -d
tsj
tongshijia@Sodom:~/test1$ echo -ne "\x11\x22\x33" | openssl base64
ESIz
tongshijia@Sodom:~/test1$ echo ESIz | openssl base64 -d | xxd -p
112233
tongshijia@Sodom:~/test1$ echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
tongshijia@Sodom:~/test1$ echo ESIzRA== | openssl base64 -d | xxd -p
11223344

文件编码解码

tongshijia@Sodom:~/test1$ echo tsj > tsj.txt
tongshijia@Sodom:~/test1$ openssl base64 -in tsj.txt -out tsj.b64
tongshijia@Sodom:~/test1$ cat tsj.b64
dHNqCg==
tongshijia@Sodom:~/test1$ openssl base64 -d -in tsj.b64 -out tsj2.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsj2.txt
tongshijia@Sodom:~/test1$ cat tsj2.txt
tsj

常用命令 asn1parse

tongshijia@Sodom:~/test1$ openssl asn1parse -help
Usage: asn1parse [options]

General options:
 -help            Display this summary
 -oid infile      file of extra oid definitions

I/O options:
 -inform PEM|DER  input format - one of DER PEM
 -in infile       input file
 -out outfile     output file (output format is always DER)
 -noout           do not produce any output
 -offset +int     offset into file
 -length +int     length of section in file
 -strparse +int   offset; a series of these can be used to 'dig'
 -genstr val      string to generate ASN1 structure from
                  into multiple ASN1 blob wrappings
 -genconf val     file to generate ASN1 structure from
 -strictpem       do not attempt base64 decode outside PEM markers
 -item val        item to parse and print
                  (-inform  will be ignored)

Formatting options:
 -i               indents the output
 -dump            unknown data in hex form
 -dlimit +int     dump the first arg bytes of unknown data in hex form

密码工程中的格式

tongshijia@Sodom:~/test1$ echo -ne "\x03\x02\x04\x90" >bitstring.der
tongshijia@Sodom:~/test1$ openssl asn1parse -inform der -i -in bitstring.der
    0:d=0  hl=2 l=   2 prim: BIT STRING
tongshijia@Sodom:~/test1$ openssl base64 -in bitstring.der -out bitstring.pem
tongshijia@Sodom:~/test1$ ls bitstring.pem
bitstring.pem
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in bitstring.pem
    0:d=0  hl=2 l=   2 prim: BIT STRING

Hash与HMAC:dgst

tongshijia@Sodom:~/test1$ openssl dgst -help
Usage: dgst [options] [file...]

General options:
 -help               Display this summary
 -list               List digests
 -engine val         Use engine e, possibly a hardware device
 -engine_impl        Also use engine given by -engine for digest operations
 -passin val         Input file pass phrase source

Output options:
 -c                  Print the digest with separating colons
 -r                  Print the digest in coreutils format
 -out outfile        Output to filename rather than stdout
 -keyform format     Key file format (ENGINE, other values ignored)
 -hex                Print as hex dump
 -binary             Print in binary form
 -xoflen +int        Output length for XOF algorithms
 -d                  Print debug info
 -debug              Print debug info

Signing options:
 -sign val           Sign digest using private key
 -verify val         Verify a signature using public key
 -prverify val       Verify a signature using private key
 -sigopt val         Signature parameter in n:v form
 -signature infile   File with signature to verify
 -hmac val           Create hashed MAC with key
 -mac val            Create MAC (not necessarily HMAC)
 -macopt val         MAC algorithm parameters in n:v form or key
 -*                  Any supported digest
 -fips-fingerprint   Compute HMAC with the key used in OpenSSL-FIPS fingerprint

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 file                Files to digest (optional; default is stdin)
tongshijia@Sodom:~/test1$ openssl dgst -list
Supported digests:
-blake2b512                -blake2s256                -md4
-md5                       -md5-sha1                  -ripemd
-ripemd160                 -rmd160                    -sha1
-sha224                    -sha256                    -sha3-224
-sha3-256                  -sha3-384                  -sha3-512
-sha384                    -sha512                    -sha512-224
-sha512-256                -shake128                  -shake256
-sm3                       -ssl3-md5                  -ssl3-sha1
-whirlpool
tongshijia@Sodom:~/test1$ echo tsj | openssl dgst -sm3
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -hex
SM3(stdin)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -binary
       {��<��9,�w�~Rt�L
tongshijia@Sodom:~/test1$ echo tsj | openssl sm3 -binary | xxd -p
0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274
a14c
tongshijia@Sodom:~/test1$ echo tsj > tsj.txt
tongshijia@Sodom:~/test1$ openssl sm3 tsj.txt
SM3(tsj.txt)= 0932a1baef8d3b48bd86ce40580d16097b97c23ca494392cb977fb7e5274a14c
tongshijia@Sodom:~/test1$ ~/diocs/sh/openssl$ echo tsj | openssl sm3
SM3(stdin)= 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b

对称算法:enc

tongshijia@Sodom:~/test1$ openssl enc -help
Usage: enc [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
tongshijia@Sodom:~/test1$ openssl enc -list
Supported ciphers:
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb
-aes-128-ofb               -aes-192-cbc               -aes-192-cfb
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr
-aes-192-ecb               -aes-192-ofb               -aes-256-cbc
-aes-256-cfb               -aes-256-cfb1              -aes-256-cfb8
-aes-256-ctr               -aes-256-ecb               -aes-256-ofb
-aes128                    -aes128-wrap               -aes192
-aes192-wrap               -aes256                    -aes256-wrap
-aria-128-cbc              -aria-128-cfb              -aria-128-cfb1
-aria-128-cfb8             -aria-128-ctr              -aria-128-ecb
-aria-128-ofb              -aria-192-cbc              -aria-192-cfb
-aria-192-cfb1             -aria-192-cfb8             -aria-192-ctr
-aria-192-ecb              -aria-192-ofb              -aria-256-cbc
-aria-256-cfb              -aria-256-cfb1             -aria-256-cfb8
-aria-256-ctr              -aria-256-ecb              -aria-256-ofb
-aria128                   -aria192                   -aria256
-bf                        -bf-cbc                    -bf-cfb
-bf-ecb                    -bf-ofb                    -blowfish
-camellia-128-cbc          -camellia-128-cfb          -camellia-128-cfb1
-camellia-128-cfb8         -camellia-128-ctr          -camellia-128-ecb
-camellia-128-ofb          -camellia-192-cbc          -camellia-192-cfb
-camellia-192-cfb1         -camellia-192-cfb8         -camellia-192-ctr
-camellia-192-ecb          -camellia-192-ofb          -camellia-256-cbc
-camellia-256-cfb          -camellia-256-cfb1         -camellia-256-cfb8
-camellia-256-ctr          -camellia-256-ecb          -camellia-256-ofb
-camellia128               -camellia192               -camellia256
-cast                      -cast-cbc                  -cast5-cbc
-cast5-cfb                 -cast5-ecb                 -cast5-ofb
-chacha20                  -des                       -des-cbc
-des-cfb                   -des-cfb1                  -des-cfb8
-des-ecb                   -des-ede                   -des-ede-cbc
-des-ede-cfb               -des-ede-ecb               -des-ede-ofb
-des-ede3                  -des-ede3-cbc              -des-ede3-cfb
-des-ede3-cfb1             -des-ede3-cfb8             -des-ede3-ecb
-des-ede3-ofb              -des-ofb                   -des3
-des3-wrap                 -desx                      -desx-cbc
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap
-id-aes192-wrap-pad        -id-aes256-wrap            -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap  -rc2                       -rc2-128
-rc2-40                    -rc2-40-cbc                -rc2-64
-rc2-64-cbc                -rc2-cbc                   -rc2-cfb
-rc2-ecb                   -rc2-ofb                   -rc4
-rc4-40                    -seed                      -seed-cbc
-seed-cfb                  -seed-ecb                  -seed-ofb
-sm4                       -sm4-cbc                   -sm4-cfb
-sm4-ctr                   -sm4-ecb                   -sm4-ofb

加密解密

tongshijia@Sodom:~/test1$ openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in tsj.txt -out tsj.enc
tongshijia@Sodom:~/test1$ openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in tsj.enc -out tsj2.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsj2.txt

RSA

tongshijia@Sodom:~/test1$ openssl genpkey -help
Usage: genpkey [options]

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device
 -paramfile infile   Parameters file
 -algorithm val      The public key algorithm
 -quiet              Do not output status while generating keys
 -pkeyopt val        Set the public key algorithm option as opt:value
 -config infile      Load a configuration file (this may load modules)

Output options:
 -out outfile        Output file
 -outform PEM|DER    output format (DER or PEM)
 -pass val           Output file pass phrase source
 -genparam           Generate parameters, not key
 -text               Print the in text
 -*                  Cipher to use to encrypt the key

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
Order of options may be important!  See the documentation.

产生公私钥对

tongshijia@Sodom:~/test1$ openssl genpkey -algorithm RSA -out private_key.pem
.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+.+.....................+...+......+...+........+...+.........+...+...+.+.....+.+.........+......+............+...+.....+...+...............+......+....+..+.......+.....+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+...+.........+..+.+.....+.........+...+.+.........+...+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+......+.+...............+...+.................+.........+....+..+.+.................+......+.+........+.+..+.............+...........+......+.......+...+............+...........+......+.+..+.+..+............+.+......+......+............+..+...+.+...........+...+...+...+....+..+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tongshijia@Sodom:~/test1$ ls private_key.pem
private_key.pem
tongshijia@Sodom:~/test1$ cat private_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDziHFKDnOK/thm
O1Hu6pa0YEw5CCvZWBwOHDQdSF/Z8cWvfgnodSouKWLVFQ9jH0UXzc+wG0UbP9OD
xtwzp+wy1i3Cfmv58LsL0gi3cHH+sZ1wtjveXBfDdzC/Ol1/GhkxEIHjqFIdJ2et
tyunxK9mZmxyqWVfu9tEu0bGSZgCVx3rPQRGQQn9l+A43Fc1xQKu3AmXg5VAwzJs
IdhsB2CEhQafbBBObwkK8dPEhIAZve088hZ7kVTtGVTrOY1Kv8Pw2hi7gZTcajPw
Bc1xKKwtVoGAuH6VQbOCKMiI0a4VpIGg8UvCwK2ama4A2BzKDKGWL7DcZT70QTvQ
0a/qaTQ3AgMBAAECggEASlKsyH4qkxP9tQ2Ljs+3WKs+9/TfdQBn54KCASHSZvBb
dZiQq4n+aoIk8ITx4j1r17zvEn7wE0XiZogtMfKgqk8lPgNZLrliTFQ4ZsuBbsqE
Ex76nH0cn4Hjtai5Wg37/DZefb0j+lPJV4HcZ+Il6al+lWvPTW1GmO5Sxjc1lhip
0Cf6pb4APfUeGTlPJM9u7wgp01SyDTwQ4uXykIYAo5a9S2F31Uaqjr0PMfJIwDy7
h0WDh+zcJP1Jl1uSuYv7hoGXwI2ofCnwM+u8s7LJ7+woPo/6VTvr6gq8mkyNOW8T
QdKcDUecBYqxTUcyWpt5L3jxKoO9OxhRcTmHMY7N0QKBgQD0tqbSf3I1NDJn8DFd
+yDpH4bcu0BwdcNfP/CMXyMj5t0xpFvFMhR4Z7ms7PNN6yQ7Jr1w1AOjKXBLB2rF
AGXTraxxBi/BJbxz4wE4asMZDkcLZ3gnb+FFCu6x58sye5S3m1KVFguz0NM/RP+y
IBpFGwTQJo6pxf8wTt8jRxee2QKBgQD+w9pDkj7WrnmGltQOBsiOQi1LVFBIpRYL
BEYDaHAoRSSnHnuGEWDaAtkn3a3bj+UZhLBupmjK/mdiHtLQKRbrjw0qwlGLgHsV
7G52mGfVANpKZ7vx9t+UFWFZPIXUaq/6ItRvIKxouylzTbNULYoGBarwo8EBmy+y
U9gz8zmhjwKBgQDO9J3XDcOHrVInxuHpSlYF8gy7Jn2T3nRRXKDSBi+Q0FEnB4o5
FmZrgcVssqP9tKxafiPehN9ioMwAGBC69OApCgr5NzMx1PkwxL2medvvl7yLr4DV
UXAhVOKTgKW/VvZp5SkNPqy88RGGw5K/kRjGctg6NTGX8QQlVb6udhRK2QKBgDX/
x0yZO+5/Ds0jPRE4CNx2VGlqFpY/P5vYLQrd4R/3/9vYTzBMkK3E+shDaW1nY5T0
Ff1uEjoskDcw91gdzXjiWlUc2PHrqqsr8QH8Lc3tH1e0Axc3T45wtbCXbnpmnqQz
K7neQAz21sNUzdTiziWWn/PfkbJIdWSj9uiT/jwrAoGBAO/6r2ew9yWslhgOxR8S
LS/yFyc0rY8QXwwJQ4qoNoJdJ3J/ZsqteB6laZzwJN6EAfEl//VuukSNCUcgN6NQ
lH8JrkSOwPDpsovBZSSjMKTG0oiJikBGUn8zZtPSQdFfLWbJ5OTy9tgb6ci5Xk+G
oJInrWarKWrf/Drx8ZyT5g83
-----END PRIVATE KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in private_key.pem
    0:d=0  hl=4 l=1214 cons: SEQUENCE
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim: NULL
   22:d=1  hl=4 l=1192 prim: OCTET STRING      [HEX DUMP]:308204A40201000282010100F388714A0E738AFED8663B51EEEA96B4604C39082BD9581C0E1C341D485FD9F1C5AF7E09E8752A2E2962D5150F631F4517CDCFB01B451B3FD383C6DC33A7EC32D62DC27E6BF9F0BB0BD208B77071FEB19D70B63BDE5C17C37730BF3A5D7F1A19311081E3A8521D2767ADB72BA7C4AF66666C72A9655FBBDB44BB46C6499802571DEB3D04464109FD97E038DC5735C502AEDC0997839540C3326C21D86C07608485069F6C104E6F090AF1D3C4848019BDED3CF2167B9154ED1954EB398D4ABFC3F0DA18BB8194DC6A33F005CD7128AC2D568180B87E9541B38228C888D1AE15A481A0F14BC2C0AD9A99AE00D81CCA0CA1962FB0DC653EF4413BD0D1AFEA6934370203010001028201004A52ACC87E2A9313FDB50D8B8ECFB758AB3EF7F4DF750067E782820121D266F05B759890AB89FE6A8224F084F1E23D6BD7BCEF127EF01345E266882D31F2A0AA4F253E03592EB9624C543866CB816ECA84131EFA9C7D1C9F81E3B5A8B95A0DFBFC365E7DBD23FA53C95781DC67E225E9A97E956BCF4D6D4698EE52C637359618A9D027FAA5BE003DF51E19394F24CF6EEF0829D354B20D3C10E2E5F2908600A396BD4B6177D546AA8EBD0F31F248C03CBB87458387ECDC24FD49975B92B98BFB868197C08DA87C29F033EBBCB3B2C9EFEC283E8FFA553BEBEA0ABC9A4C8D396F1341D29C0D479C058AB14D47325A9B792F78F12A83BD3B1851713987318ECDD102818100F4B6A6D27F7235343267F0315DFB20E91F86DCBB407075C35F3FF08C5F2323E6DD31A45BC532147867B9ACECF34DEB243B26BD70D403A329704B076AC50065D3ADAC71062FC125BC73E301386AC3190E470B6778276FE1450AEEB1E7CB327B94B79B5295160BB3D0D33F44FFB2201A451B04D0268EA9C5FF304EDF2347179ED902818100FEC3DA43923ED6AE798696D40E06C88E422D4B545048A5160B0446036870284524A71E7B861160DA02D927DDADDB8FE51984B06EA668CAFE67621ED2D02916EB8F0D2AC2518B807B15EC6E769867D500DA4A67BBF1F6DF941561593C85D46AAFFA22D46F20AC68BB29734DB3542D8A0605AAF0A3C1019B2FB253D833F339A18F02818100CEF49DD70DC387AD5227C6E1E94A5605F20CBB267D93DE74515CA0D2062F90D05127078A3916666B81C56CB2A3FDB4AC5A7E23DE84DF62A0CC001810BAF4E0290A0AF9373331D4F930C4BDA679DBEF97BC8BAF80D551702154E29380A5BF56F669E5290D3EACBCF11186C392BF9118C672D83A353197F1042555BEAE76144AD902818035FFC74C993BEE7F0ECD233D113808DC7654696A16963F3F9BD82D0ADDE11FF7FFDBD84F304C90ADC4FAC843696D676394F415FD6E123A2C903730F7581DCD78E25A551CD8F1EBAAAB2BF101FC2DCDED1F57B40317374F8E70B5B0976E7A669EA4332BB9DE400CF6D6C354CDD4E2CE25969FF3DF91B2487564A3F6E893FE3C2B02818100EFFAAF67B0F725AC96180EC51F122D2FF2172734AD8F105F0C09438AA836825D27727F66CAAD781EA5699CF024DE8401F125FFF56EBA448D09472037A350947F09AE448EC0F0E9B28BC16524A330A4C6D288898A4046527F3366D3D241D15F2D66C9E4E4F2F6D81BE9C8B95E4F86A09227AD66AB296ADFFC3AF1F19C93E60F37

提取公钥

tongshijia@Sodom:~/test1$ openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key
tongshijia@Sodom:~/test1$  ls public_key.pem
public_key.pem
tongshijia@Sodom:~/test1$ cat public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84hxSg5ziv7YZjtR7uqW
tGBMOQgr2VgcDhw0HUhf2fHFr34J6HUqLili1RUPYx9FF83PsBtFGz/Tg8bcM6fs
MtYtwn5r+fC7C9IIt3Bx/rGdcLY73lwXw3cwvzpdfxoZMRCB46hSHSdnrbcrp8Sv
ZmZscqllX7vbRLtGxkmYAlcd6z0ERkEJ/ZfgONxXNcUCrtwJl4OVQMMybCHYbAdg
hIUGn2wQTm8JCvHTxISAGb3tPPIWe5FU7RlU6zmNSr/D8NoYu4GU3Goz8AXNcSis
LVaBgLh+lUGzgijIiNGuFaSBoPFLwsCtmpmuANgcygyhli+w3GU+9EE70NGv6mk0
NwIDAQAB
-----END PUBLIC KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in public_key.pem
    0:d=0  hl=4 l= 290 cons: SEQUENCE
    4:d=1  hl=2 l=  13 cons: SEQUENCE
    6:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   17:d=2  hl=2 l=   0 prim: NULL
   19:d=1  hl=4 l= 271 prim: BIT STRING

RSA加密解密

tongshijia@Sodom:~/test1$ openssl genpkey -help
Usage: genpkey [options]

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device
 -paramfile infile   Parameters file
 -algorithm val      The public key algorithm
 -quiet              Do not output status while generating keys
 -pkeyopt val        Set the public key algorithm option as opt:value
 -config infile      Load a configuration file (this may load modules)

Output options:
 -out outfile        Output file
 -outform PEM|DER    output format (DER or PEM)
 -pass val           Output file pass phrase source
 -genparam           Generate parameters, not key
 -text               Print the in text
 -*                  Cipher to use to encrypt the key

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
Order of options may be important!  See the documentation.
tongshijia@Sodom:~/test1$ openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in tsj.txt -out tsjrsaenc.bin
tongshijia@Sodom:~/test1$ openssl pkeyutl -decrypt -inkey private_key.pem -in tsjrsaenc.bin -out tsjrsadec.txt
tongshijia@Sodom:~/test1$ ls
1.c      bitstring.der        private_key.pem  r2.bin            tsj.b64  tsj2.txt
123.bin  bitstring.pem        public_key.pem   random_data.bin   tsj.enc  tsjrsadec.txt
123.txt  new_random_data.bin  r1.bin           random_state.bin  tsj.txt  tsjrsaenc.bin
tongshijia@Sodom:~/test1$ diff tsj.txt tsjrsadec.txt

RSA签名验签

tongshijia@Sodom:~/test1$ openssl dgst -sha256 -sign private_key.pem -out tsj.sig tsj.txt
tongshijia@Sodom:~/test1$ openssl dgst -sha256 -verify public_key.pem -signature tsj.sig tsj.txt
Verified OK
tongshijia@Sodom:~/test1$ openssl pkeyutl -sign -inkey private_key.pem -in tsj.txt -out tsjrsa.sig
tongshijia@Sodom:~/test1$ openssl pkeyutl -verify -in tsj.txt -sigfile tsjrsa.sig -inkey private_key.pem
Signature Verified Successfully

SM2

tongshijia@Sodom:~/test1$ openssl ecparam -help
Usage: ecparam [options]

General options:
 -help               Display this summary
 -list_curves        Prints a list of all curve 'short names'
 -engine val         Use engine, possibly a hardware device
 -genkey             Generate ec key
 -in infile          Input file  - default stdin
 -inform PEM|DER     Input format - default PEM (DER or PEM)
 -out outfile        Output file - default stdout
 -outform PEM|DER    Output format - default PEM

Output options:
 -text               Print the ec parameters in text form
 -noout              Do not print the ec parameter
 -param_enc val      Specifies the way the ec parameters are encoded

Parameter options:
 -check              Validate the ec parameters
 -check_named        Check that named EC curve parameters have not been modified
 -no_seed            If 'explicit' parameters are chosen do not use the seed
 -name val           Use the ec parameters with specified 'short name'
 -conv_form val      Specifies the point conversion form

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
tongshijia@Sodom:~/test1$ openssl ec -help
Usage: ec [options]

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device

Input options:
 -in val             Input file
 -inform format      Input format (DER/PEM/P12/ENGINE)
 -pubin              Expect a public key in input file
 -passin val         Input file pass phrase source
 -check              check key consistency
 -*                  Any supported cipher
 -param_enc val      Specifies the way the ec parameters are encoded
 -conv_form val      Specifies the point conversion form

Output options:
 -out outfile        Output file
 -outform PEM|DER    Output format - DER or PEM
 -noout              Don't print key out
 -text               Print the key
 -param_out          Print the elliptic curve parameters
 -pubout             Output public key, not private
 -no_public          exclude public key from private key
 -passout val        Output file pass phrase source

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

SM2产生密钥对

tongshijia@Sodom:~/test1$ openssl ecparam -genkey -name SM2 -out sm2private_key.pem
tongshijia@Sodom:~/test1$ cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIP6hU3Y5b2qjbh6R
0abbjdqOBuESnfvW+OSWUa6obouboUQDQgAEYkkLkS0E8L2JrJPl2VMfhktELPyi
9Jeue0uKIOn21EnXOooH9Fc9xp42CKirmHZ2TFqiq7/ihqj7q1wsbqw1nA==
-----END PRIVATE KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in sm2private_key.pem
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
tongshijia@Sodom:~/test1$  openssl base64 -d -in sm2privatekey.pem -out sm2privatekey.der
Can't open "sm2privatekey.pem" for reading, No such file or directory
4087B0FCA87F0000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(sm2privatekey.pem, r)
4087B0FCA87F0000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
tongshijia@Sodom:~/test1$ openssl base64 -d -in sm2private_key.pem -out sm2private_key.der
tongshijia@Sodom:~/test1$ openssl asn1parse -inform DER -in sm2private_key.der
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
tongshijia@Sodom:~/test1$ od -tx1 sm2private_key.der
0000000 06 08 2a 81 1c cf 55 01 82 2d
0000012
tongshijia@Sodom:~/test1$ openssl pkey -in sm2private_key.pem -text -noout
Private-Key: (256 bit)
priv:
    fe:a1:53:76:39:6f:6a:a3:6e:1e:91:d1:a6:db:8d:
    da:8e:06:e1:12:9d:fb:d6:f8:e4:96:51:ae:a8:6e:
    8b:9b
pub:
    04:62:49:0b:91:2d:04:f0:bd:89:ac:93:e5:d9:53:
    1f:86:4b:44:2c:fc:a2:f4:97:ae:7b:4b:8a:20:e9:
    f6:d4:49:d7:3a:8a:07:f4:57:3d:c6:9e:36:08:a8:
    ab:98:76:76:4c:5a:a2:ab:bf:e2:86:a8:fb:ab:5c:
    2c:6e:ac:35:9c
ASN1 OID: SM2

SM2提取公钥

tongshijia@Sodom:~/test1$ openssl ec -in sm2private_key.pem -pubout -out sm2public_key.pem
read EC key
writing EC key
tongshijia@Sodom:~/test1$ cat sm2public_key.pem
-----BEGIN PUBLIC KEY-----
MFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABGJJC5EtBPC9iayT5dlTH4ZLRCz8
ovSXrntLiiDp9tRJ1zqKB/RXPcaeNgioq5h2dkxaoqu/4oao+6tcLG6sNZw=
-----END PUBLIC KEY-----
tongshijia@Sodom:~/test1$ openssl asn1parse -inform PEM -in sm2public_key.pem
    0:d=0  hl=2 l=  90 cons: SEQUENCE
    2:d=1  hl=2 l=  20 cons: SEQUENCE
    4:d=2  hl=2 l=   8 prim: OBJECT            :sm2
   14:d=2  hl=2 l=   8 prim: OBJECT            :sm2
   24:d=1  hl=2 l=  66 prim: BIT STRING

SM2加密解密

tongshijia@Sodom:~/test1$ openssl pkeyutl -encrypt -pubin -inkey sm2public_key.pem -in tsj.txt -out tsjsm2enc.bin
tongshijia@Sodom:~/test1$ openssl pkeyutl -decrypt -inkey sm2private_key.pem -in tsjsm2enc.bin -out tsjsm2dec.txt
tongshijia@Sodom:~/test1$ diff tsj.txt tsjsm2dec.txt

SM2签名验签

tongshijia@Sodom:~/test1$ openssl sm3 -sign sm2private_key.pem -out tsjsm2.sig tsj.txt
tongshijia@Sodom:~/test1$ openssl sm3 -verify sm2public_key.pem -signature tsjsm2.sig tsj.txt
Verified OK
tongshijia@Sodom:~/test1$ openssl pkeyutl -sign -in tsj.txt -inkey sm2private_key.pem -out tsjsm2.sig -rawin -digest sm3
tongshijia@Sodom:~/test1$ od -tx1 tsjsm2.sig
0000000 30 45 02 20 78 d8 60 51 4b 5b a4 04 bd 1f c7 b8
0000020 9b b3 71 1d 3e d8 0d a6 ac a2 e3 f3 d0 34 db 47
0000040 b3 28 9e b2 02 21 00 b9 8b 6a a7 6b 28 c0 51 dd
0000060 01 23 7d 86 20 f2 5f 68 71 a9 c9 71 94 68 a8 18
0000100 38 e3 44 71 b7 45 05
0000107
tongshijia@Sodom:~/test1$ openssl pkeyutl -verify -in tsj.txt -inkey sm2private_key.pem -sigfile tsjsm2.sig -rawin -dige
st sm3
Signature Verified Successfully
posted @ 2024-10-13 02:28  童诗嘉20221409  阅读(174)  评论(0)    收藏  举报