[Encrypt] 公開金鑰加密 – Public-key cryptography

Intro

Public-key cryptography

OpenBSD manual page server - SSH-KEYGEN


私鑰產生公鑰

SSH-Key

$ ssh-keygen

# 指定路徑與檔名
$ ssh-keygen -f $HOME/.ssh/id_rsa

Key Type

$ ssh-keygen -t [ dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa ]
$ ssh-keygen -t dsa

PEM格式

$ openssl rsa -in private-key.pem -pubout -out public-key.pem

加解密實作

OpenSSL command

簡易產生公私鑰:

$ openssl genrsa -out private.key
$ openssl rsa -in private.key -pubout -out public.key

加密 (使用public key):

$ openssl rsautl -encrypt -pubin -inkey public.key -in plaintext.txt -out encrypted.txt

解密 (使用private key):

$ openssl rsautl -decrypt -inkey private.key -in encrypted.txt -out plaintext.txt

利用數位簽章反向加解密

加密 (使用private key):

$ openssl rsautl -sign -inkey private.key -in plaintext.txt -out plaintext.txt.sign

解密 (使用public key):

$ openssl rsautl -verify -pubin -inkey public.key -in plaintext.txt.sign -out plaintext.txt

數位簽名簽署與驗證

$ openssl dgst -sha512 -sign private.key -out digest.sha512 plaintext.txt
$ openssl dgst -sha512 -verify public.key -signature digest.sha512 plaintext.txt
Verified OK

Programing Lanuage

公私鑰皆可以非對稱的加解密,例如PHP functions:
- openssl_private_decrypt
- openssl_private_encrypt
- openssl_public_decrypt
- openssl_public_encrypt

Leave a Reply

Your email address will not be published. Required fields are marked *