So-net無料ブログ作成

opensslコマンド(まとめ) [openssl]

今回はすぐに忘れてしまうopensslのコマンドをまとめました。

(1)バージョン表示
openssl version
OpenSSL 0.9.8r 8 Feb 2011

(2)使用可能な暗号アルゴリズム
openssl ciphers -v
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
(省略)

(3)RSA秘密鍵の作成(パスフレーズ有り、鍵長1,024bit)
openssl genrsa -des3 -out private.key.pem 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for private.key.pem:********
Verifying - Enter pass phrase for private.key.pem:********

(4)RSA秘密鍵の作成(パスフレーズ無し、鍵長1,024bit)
openssl genrsa -out private.key.pem 1024
Generating RSA private key, 1024 bit long modulus

(5)RSA秘密鍵のテキスト表示(PEM形式)
openssl rsa -in private.key.pem -text
Enter pass phrase for private.key.pem:********
Private-Key: (1024 bit)
modulus:
00:c3:07:43:02:2c:5b:44:42:56:ba:28:60:5c:d7:
62:09:76:e5:54:ad:2d:12:86:e6:0c:22:1a:50:22:
(省略)

(6)RSA秘密鍵のテキスト表示(DER形式)
openssl rsa -in private.key.der -inform DER -text
Private-Key: (1024 bit)
modulus:
00:c3:07:43:02:2c:5b:44:42:56:ba:28:60:5c:d7:
62:09:76:e5:54:ad:2d:12:86:e6:0c:22:1a:50:22:
(省略)

(7)RSA秘密鍵のパスフレーズ削除
openssl rsa -in private.key.pem -out private_nopass.key.pem
Enter pass phrase for private.key.pem:
writing RSA key

(8)公開鍵の作成生成
openssl rsa -in private.key.pem -pubout -out public.key.pem
Enter pass phrase for private.key.pem:********
writing RSA key

(9)CSRの作成
openssl req -new -key private.key.pem -out cert.csr.pem
Enter pass phrase for private.key.pem:********
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:Technical section
Common Name (eg, YOUR name) []:www.tech.mycomp.localdomain
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

(10)CSRのテキスト表示(PEM形式)
openssl req -in cert.csr.pem -text
Certificate Request:
Data:
Version: 0 (0x0)
(省略)

(11)CSRのテキスト表示(DER形式)
openssl req -in cert.csr.der -inform DER -text
Certificate Request:
Data:
Version: 0 (0x0)

(12)証明書の作成(自己署名)
openssl req -new -x509 -key private.key.pem -out cert.crt.pem -days 365
Enter pass phrase for private.key.pem:********
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:Technical section
Common Name (eg, YOUR name) []:www.tech.mycomp.localdomain
Email Address []:

(13)証明書のテキスト表示
openssl x509 -in cert.crt.pem -text
Certificate:
Data:
Version: 3 (0x2)
(省略)

(14)RSA秘密鍵のPEM→DER変換
openssl rsa -inform PEM -outform DER -in private.key.pem -out private.key.der
Enter pass phrase for private.key.pem:********
writing RSA key

(15)RSA秘密鍵のDER→PEM変換
openssl rsa -inform DER -outform PEM -in private.key.der -out private.key.pem
writing RSA key

(16)CSRのPEM→DER変換
openssl req -in cert.csr.pem -inform PEM -outform DER -out cert.csr.der

(17)CSRのDER→PEM変換
openssl req -in cert.csr.der -inform DER -outform PEM -out cert.csr.pem

(18)証明書のPEM 形式からDER 形式へ変換
openssl x509 -inform PEM -outform DER -in cert.crt.pem -out cert.crt.der

(19)証明書のDER 形式を PEM 形式に変換
openssl x509 -inform DER -outform PEM -in cert.crt.der -out cert.crt.pem

(20)秘密鍵と証明書をPKCS#12 式へ変換
openssl pkcs12 -export -inkey private.key.pem -in cert.crt.pem -out cert.der.pfx
Enter Export Password:********
Verifying - Enter Export Password:********

(21)PKCS#12形式をPEM形式へ変換
openssl pkcs12 -in cert.der.pfx -out cert.pem.pfx
Enter Import Password:********
MAC verified OK
Enter PEM pass phrase:********
Verifying - Enter PEM pass phrase:********

(22)PKCS#12形式から秘密鍵を取り出す
openssl pkcs12 -nocerts -in cert.der.pfx -out private.key.pem
Enter Import Password:********
MAC verified OK
Enter PEM pass phrase:********
Verifying - Enter PEM pass phrase:********

(23)PKCS#12形式から証明書を取り出す
openssl pkcs12 -nokeys -in cert.der.pfx -out cert.crt.pem
Enter Import Password:********
MAC verified OK

(24)証明書失効リストのテキスト表示
openssl crl -in cert.crl.pem -text

(25)ハッシュ値の求め方
openssl dgst -md5 private.key.pem
MD5(private.key.pem)= 66079f30dea987d7ad748fb46b3c38dd
openssl dgst -sha1 private.key.pem
SHA1(private.key.pem)= 68a7dd8561f93395016bef1bc50693262babecbe

(26)AESで暗号化(256bits CBCモード 共通鍵暗号方式)
openssl aes-256-cbc -e -in original.txt -out encrypted.txt
enter aes-256-cbc encryption password:********
Verifying - enter aes-256-cbc encryption password:********

(27)AESで復号化(256bits CBCモード 共通鍵暗号方式)
openssl aes-256-cbc -d -in encrypted.txt -out original.txt
enter aes-256-cbc decryption password:********

次回もお楽しみに!!