openssl工具使用

openssl

简介

1. openssl是一个安全套接字层密码库,囊括主要的密码算法、常用密钥、证书封装管理功能及实现ssl协议。OpenSSL整个软件包大概可以分成三个主要的功能部分:SSL协议库libssl、应用程序命令工具以及密码算法库libcrypto。

2. SSL:Secure Socket Layer,安全套接字层协议,分为SSLv2和SSLv3两个版本,TSL在SSL3.0基础之上提出的安全通信标准化版。主要是为了加密传输数据而产生的协议,能使用户/服务器应用之间的通信不被攻击者窃听,并且始终对服务器进行认证,还可选择对用户进行认证。

3.软件包信息:

点击查看代码 
[root@jumpserver ~]#rpm -qi openssl
Name        : openssl
Epoch       : 1
Version     : 1.1.1k
Release     : 6.el8_5
Architecture: x86_64
Install Date: Fri 04 Nov 2022 10:41:25 AM CST
Group       : Unspecified
Size        : 1185155
License     : OpenSSL and ASL 2.0
Signature   : RSA/SHA256, Mon 28 Mar 2022 10:23:27 PM CST, Key ID 15af5dac6d745a60
Source RPM  : openssl-1.1.1k-6.el8_5.src.rpm
Build Date  : Mon 28 Mar 2022 10:17:39 PM CST
Build Host  : ord1-prod-x86build003.svc.aws.rockylinux.org
Relocations : (not relocatable)
Packager    : infrastructure@rockylinux.org
Vendor      : Rocky
URL         : http://www.openssl.org/
Summary     : Utilities from the general purpose cryptography library with TLS implementation

基本使用

单向哈希加密

可用来校验文件完整性

点击查看代码 
[root@jumpserver ~]#openssl md5 /etc/issue
MD5(/etc/issue)= f078fe086dfc22f64b5dca2e1b95de2c
[root@jumpserver ~]#md5sum /etc/issue
f078fe086dfc22f64b5dca2e1b95de2c  /etc/issue
[root@jumpserver ~]#openssl sha512 /etc/issue
SHA512(/etc/issue)= 88c9342e4c2a23e61af218b9b66808925de9d2b0bd6eeb3413ff9829d8295b29c588aed4bad50e2625fb1ab610b1b1745684a3a63f0ec1d41d497a5b0668b472
[root@jumpserver ~]#sha512sum /etc/issue
88c9342e4c2a23e61af218b9b66808925de9d2b0bd6eeb3413ff9829d8295b29c588aed4bad50e2625fb1ab610b1b1745684a3a63f0ec1d41d497a5b0668b472  /etc/issue

生成用户密码

[root@jumpserver ~]#openssl passwd --help
Usage: passwd [options]

  • Valid options are:
  • -help Display this summary
  • -in infile Read passwords from file
  • -noverify Never verify when reading password from terminal
  • -quiet No warnings
  • -table Format output as table
  • -reverse Switch table columns
  • -salt val Use provided salt
  • -stdin Read passwords from stdin
  • -6 SHA512-based password algorithm
  • -5 SHA256-based password algorithm
  • -apr1 MD5-based password algorithm, Apache variant
  • -1 MD5-based password algorithm
  • -aixmd5 AIX MD5-based password algorithm
  • -crypt Standard Unix password algorithm (default)
  • -rand val Load the file(s) into the random number generator
  • -writerand outfile Write random data to the specified file

[root@jumpserver ~]#getent shadow zhou
zhou:$6$H9P/K8CQy.FgIxeA$tiIguWSQhkTJeQoGERca.iY.4X6x2HU5zNl5RcHErDgy0CSXzNzAQ5IOc72jXpWej6Uo40T7QOcwHf3977hZd.:19464:0:99999:7:::
[root@jumpserver ~]#echo zhou |openssl passwd -6 -salt H9P/K8CQy.FgIxeA 123
$6$H9P/K8CQy.FgIxeA$tiIguWSQhkTJeQoGERca.iY.4X6x2HU5zNl5RcHErDgy0CSXzNzAQ5IOc72jXpWej6Uo40T7QOcwHf3977hZd.
用户zhou的密码为123,系统存放用户密码的文件为/etc/shadow,使用sha512算计进行加密,可以用openssl passwd模拟一样的hash值
其中盐(Salt),在密码学中,是指通过在密码任意固定位置插入特定的字符串,让散列后的结果和使用原始密码的散列结果不相符,这种过程称之为“加盐”。这样即使密码一样,得到的hash值也不一样,提高安全性。

生成随机数

[root@jumpserver ~]#openssl rand --help
Usage: rand [flags] num
Valid options are:
-help Display this summary
-out outfile Output file
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-base64 Base64 encode output
-hex Hex encode output
-engine val Use engine, possibly a hardware device
生成10位随机密码:
[root@jumpserver ~]#openssl rand -base64 9|head -c10

posted @ 2023-04-17 20:23  阿伟爱吃田田圈  阅读(438)  评论(0编辑  收藏  举报