Skip to content

Instantly share code, notes, and snippets.

@jorben
Last active August 6, 2018 02:06
Show Gist options
  • Save jorben/4bfbb57955f3a654193a833233bcdb02 to your computer and use it in GitHub Desktop.
Save jorben/4bfbb57955f3a654193a833233bcdb02 to your computer and use it in GitHub Desktop.
RSA加解密,签名、验签文件
1) Generate RSA key:
$ openssl genrsa -out key.pem 1024
$ openssl rsa -in key.pem -text -noout
2) Save public key in pub.pem file:
$ openssl rsa -in key.pem -pubout -out pub.pem
$ openssl rsa -in pub.pem -pubin -text -noout
3) Encrypt some data:
$ echo test test test > file.txt
$ openssl rsautl -encrypt -inkey pub.pem -pubin -in file.txt -out file.bin
4) Decrypt encrypted data:
$ openssl rsautl -decrypt -inkey key.pem -in file.bin
It works like a charm
私钥生成签名
$openssl rsautl -sign -inkey key.pem -in md.txt -out sign.bin
公钥验证签名
$openssl rsautl -verify -inkey pub.pem -pubin -in sign.bin -out sign.txt
cer证书中提取公钥
openssl x509 -outform PEM -in gzcb_1.cer -pubkey -out gzcb_1.pem
从pfx提取密钥信息,并转换为key格式(pfx使用pkcs12模式补足)
1、提取密钥对(如果pfx证书已加密,会提示输入密码。)
openssl pkcs12 -in 1.pfx -nocerts -nodes -out 1.key
2、从密钥对提取私钥
openssl rsa -in 1.key -out 1_pri.key
3、从密钥对提取公钥
openssl rsa -in 1.key -pubout -out 1_pub.key
4、因为RSA算法使用的是pkcs8模式补足,需要对提取的私钥进一步处理
openssl pkcs8 -in 1_pri.key -out 1_pri.p8 -outform der -nocrypt -topk8
#shell openssl 签名验签
#!/bin/bash
PRE_MD5='3020300c06082a864886f70d020505000410'
PUB_KEY='./gzcb_3000000001_pub.key'
REPORT_FILE='./report.txt'
TMP_SIGNN_FILE='./signn.txt'
TMP_SIGNN_BIN_FILE='./signn.bin'
TMP_REPORT_MD5_FILE='./md5check.txt'
TMP_REPORT_MD5_BIN_FILE='./md5check.bin'
TMP_DATA_FILE='./report.data.csv'
VERIFY_RESULT_FILE='./verifyresult.txt'
tail -1 $REPORT_FILE |awk -F"," '{print $6}' |base64 -d > $TMP_SIGNN_BIN_FILE
grep '^R\|^T' $REPORT_FILE > $TMP_DATA_FILE
openssl rsautl -verify -pubin -inkey $PUB_KEY -in $TMP_SIGNN_BIN_FILE |xxd -p | tr -d '\n' > $VERIFY_RESULT_FILE
openssl dgst -md5 $TMP_DATA_FILE > $TMP_REPORT_MD5_FILE
read dirty1 BUF dirty2 < $TMP_REPORT_MD5_FILE
echo $PRE_MD5$BUF | tr -d '\n' > $TMP_REPORT_MD5_FILE
diff $TMP_REPORT_MD5_FILE $VERIFY_RESULT_FILE
if [[ $? = 0 ]];then
echo "check pass!"
else
echo "not match!"
fi
#PRI_KEY='./gzcb_3000000001_pri.key'
#cat $TMP_REPORT_MD5_FILE |xxd -r -p > $TMP_REPORT_MD5_BIN_FILE
#openssl rsautl -sign -inkey $PRI_KEY -in $TMP_REPORT_MD5_BIN_FILE -out $TMP_SIGNN_BIN_FILE
#base64 $TMP_SIGNN_BIN_FILE > $TMP_SIGNN_FILE
# python 签名
from Crypto.Signature import PKCS1_v1_5 as pk
from Crypto.PublicKey import RSA
# from Crypto.Hash import SHA # 使用SHA或MD5签名
from Crypto.Hash import MD5
prikey= RSA.importKey(open('./pri.key','r').read())
content = "hello world!"
hash = MD5.new(content)
signer = pk.new(prikey)
signn=signer.sign(hash)
signn=base64.b64encode(signn)
# python 验签
from Crypto.Signature import PKCS1_v1_5 as pk
from Crypto.PublicKey import RSA
# from Crypto.Hash import SHA # 使用SHA或MD5签名
from Crypto.Hash import MD5
import base64
pubkey= RSA.importKey(open('./pub.pem','r').read())
signn=base64.b64decode("XXxxXX==")
verifier = pk.new(pubkey)
verifier.verify(SHA.new("source string"), signn)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment