Intro
OpenBSD manual page server - SSH-KEYGEN
私鑰產生公鑰
SSH-Key
$ ssh-keygen
# 指定路徑與檔名
$ ssh-keygen -f $HOME/.ssh/id_rsa
Key Type
$ ssh-keygen -t [ dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa ]
$ ssh-keygen -t dsa
PEM格式
$ openssl rsa -in private-key.pem -pubout -out public-key.pem
加解密實作
OpenSSL command
簡易產生公私鑰:
$ openssl genrsa -out private.key
$ openssl rsa -in private.key -pubout -out public.key
加密 (使用public key):
$ openssl rsautl -encrypt -pubin -inkey public.key -in plaintext.txt -out encrypted.txt
解密 (使用private key):
$ openssl rsautl -decrypt -inkey private.key -in encrypted.txt -out plaintext.txt
利用數位簽章反向加解密
加密 (使用private key):
$ openssl rsautl -sign -inkey private.key -in plaintext.txt -out plaintext.txt.sign
解密 (使用public key):
$ openssl rsautl -verify -pubin -inkey public.key -in plaintext.txt.sign -out plaintext.txt
數位簽名簽署與驗證
$ openssl dgst -sha512 -sign private.key -out digest.sha512 plaintext.txt
$ openssl dgst -sha512 -verify public.key -signature digest.sha512 plaintext.txt
Verified OK
Programing Lanuage
公私鑰皆可以非對稱的加解密,例如PHP functions:
- openssl_private_decrypt
- openssl_private_encrypt
- openssl_public_decrypt
- openssl_public_encrypt