签名、证书、非对称加密
2020-05-15 本文已影响0人
_invincible_
问题来源
私钥加密的内容公钥可以解,而公钥又是公开的,那岂不是加密无效?
概述
1.非对称加密有公钥和私钥
2.公钥发布,私钥保存在自己这里
3.通过公钥加密的内容,只有自己可以用私钥解密查看
4.通过私钥加密的内容,只能用公钥才能解密
回到问题:私钥加密的内容公钥可以解,而公钥又是公开的,那岂不是加密无效?
所以,私钥加密,通常只用来认证这个加密的信息是私钥拥有者发布的,通常它会和明文的内容一起发布。用于验证消息的完整性。
而证书、签名就是这个原理,通过私钥签名,公钥认证。
RSA
http://www.ruanyifeng.com/blog/2013/07/rsa_algorithm_part_two.html
typedef struct {
MPI n; /* public modulus */
MPI e; /* public exponent */
MPI d; /* exponent */
MPI p; /* prime p. */
MPI q; /* prime q. */
MPI u; /* inverse of p mod q. */
} RSA_secret_key;
typedef struct {
MPI n; /* modulus */
MPI e; /* exponent */
} RSA_public_key;
openssl
DESCRIPTION
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) network protocols and related cryptography standards required by them.
The openssl program is a command line tool for using the various cryptography functions of
OpenSSL's crypto library from the shell. It can be used for
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
o Time Stamp requests, generation and verification
生成RSA密钥对
Creation and management of private keys, public keys and parameters
genrsa:
Generation of RSA Private Key. Superseded by genpkey(1).
$ openssl genrsa -help
Usage: genrsa [options]
Valid options are:
...
-out outfile Output the key to specified file
...
$ openssl genrsa -out private_key.key
$ openssl rsa -in private_key.key -pubout -out public_key.key
$ openssl rsa -in private_key.key -text -noout
公钥加密私钥解密
Public key cryptographic operations
echo some secret > a.txt
openssl pkeyutl -encrypt -in a.txt -pubin -inkey public_key.key -out a.txt.enc
openssl pkeyutl -decrypt -in a.txt.enc -inkey private_key.key
生成摘要(Digests)
Calculation of Message Digests
$ openssl dgst -sha512 a.c -out a.c.dgst
SHA512(a.c)= 970dc7b37290123a78d4af7cbaf11103f5ce30064bda6b27dc8cc8993f746f9056ae1564dcc8400dd40f7713cb2e02e97b3d949d576b5022dd065ffa2ae3d952
$ openssl dgst -sha512 -binary -out a.c.dgst a.c
$ hd a.c.dgst
00000000 97 0d c7 b3 72 90 12 3a 78 d4 af 7c ba f1 11 03 |....r..:x..|....|
00000010 f5 ce 30 06 4b da 6b 27 dc 8c c8 99 3f 74 6f 90 |..0.K.k'....?to.|
00000020 56 ae 15 64 dc c8 40 0d d4 0f 77 13 cb 2e 02 e9 |V..d..@...w.....|
00000030 7b 3d 94 9d 57 6b 50 22 dd 06 5f fa 2a e3 d9 52 |{=..WkP".._.*..R|
00000040
私钥签名公钥验证
# 测试效果
$ echo some secret > a.txt
$ openssl pkeyutl -sign -in a.txt -inkey private_key.key -out a.txt.sig
$ openssl pkeyutl -verify -in a.txt -sigfile a.txt.sig -pubin -inkey public_key.key
Signature Verified Successfully
$ openssl pkeyutl -verifyrecover -in a.txt.sig -pubin -inkey public_key.key
some secret
echo some secret > a.txt
openssl pkeyutl -sign -in a.txt -inkey private_key.key -out a.txt.sig
openssl pkeyutl -verify -in a.txt -sigfile a.txt.sig -pubin -inkey public_key.key
# 公钥解密出私钥加密的内容
openssl pkeyutl -verifyrecover -in a.txt.sig -pubin -inkey public_key.key
相关概念
SSL has been around for long enough you'd think that there would be agreed upon container formats. And you're right, there are. Too many standards as it happens. So this is what I know, and I'm sure others will chime in.
.csr - This is a Certificate Signing Request. Some applications can generate these for submission to certificate-authorities. The actual format is PKCS10 which is defined in RFC 2986. It includes some/all of the key details of the requested certificate such as subject, organization, state, whatnot, as well as the public key of the certificate to get signed. These get signed by the CA and a certificate is returned. The returned certificate is the public certificate (which includes the public key but not the private key), which itself can be in a couple of formats.
.pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
.key - This is a PEM formatted file containing just the private-key of a specific certificate and is merely a conventional name and not a standardized one. In Apache installs, this frequently resides in /etc/ssl/private. The rights on these files are very important, and some programs will refuse to load these certificates if they are set wrong.
.pkcs12 .pfx .p12 - Originally defined by RSA in the Public-Key Cryptography Standards (abbreviated PKCS), the "12" variant was originally enhanced by Microsoft, and later submitted as RFC 7292. This is a passworded container format that contains both public and private certificate pairs. Unlike .pem files, this container is fully encrypted. Openssl can turn this into a .pem file with both public and private keys: openssl pkcs12 -in file-to-convert.p12 -out converted-file.pem -nodes
A few other formats that show up from time to time:
.der - A way to encode ASN.1 syntax in binary, a .pem file is just a Base64 encoded .der file. OpenSSL can convert these to .pem (openssl x509 -inform der -in to-convert.der -out converted.pem). Windows sees these as Certificate files. By default, Windows will export certificates as .DER formatted files with a different extension. Like...
.cert .cer .crt - A .pem (or rarely .der) formatted file with a different extension, one that is recognized by Windows Explorer as a certificate, which .pem is not.
.p7b .keystore - Defined in RFC 2315 as PKCS number 7, this is a format used by Windows for certificate interchange. Java understands these natively, and often uses .keystore as an extension instead. Unlike .pem style certificates, this format has a defined way to include certification-path certificates.
.crl - A certificate revocation list. Certificate Authorities produce these as a way to de-authorize certificates before expiration. You can sometimes download them from CA websites.
In summary, there are four different ways to present certificates and their components:
PEM - Governed by RFCs, its used preferentially by open-source software. It can have a variety of extensions (.pem, .key, .cer, .cert, more)
PKCS7 - An open standard used by Java and supported by Windows. Does not contain private key material.
PKCS12 - A Microsoft private standard that was later defined in an RFC that provides enhanced security versus the plain-text PEM format. This can contain private key material. Its used preferentially by Windows systems, and can be freely converted to PEM format through use of openssl.
DER - The parent format of PEM. It's useful to think of it as a binary version of the base64-encoded PEM file. Not routinely used very much outside of Windows.
I hope this helps.