1.¼ò½é
OpenSSLÊÇÒ»¿î¹¦ÄÜÇ¿´óµÄ¼ÓÃܹ¤¾ß°ü¡£ÎÒÃǵ±ÖÐÐí¶àÈËÒѾÔÚʹÓÃOpenSSL£¬ÓÃÓÚ´´½¨RSA˽³×»òÖ¤ÊéÇ©ÃûÇëÇó£¨CSR£©¡£²»¹ý£¬Äã¿ÉÔøÖªµÀ¿ÉÒÔʹÓÃOpenSSLÀ´²âÊÔ¼ÆËã»úËٶȣ¿»òÕß»¹¿ÉÒÔÓÃËüÀ´¶ÔÎļþ»òÏûÏ¢½øÐмÓÃÜ£¿±¾ÎĽ«½éÉܼ¸¸ö¼òµ¥Ò×ѧµÄ¼¼ÇÉ£¬½ÌÄãÈçºÎʹÓÃOpenSSL¶ÔÏûÏ¢ºÍÎļþ½øÐмÓÃÜ¡£
2.¶ÔÏûÏ¢½øÐмÓÃܺͽâÃÜ
Ê×ÏÈ£¬ÎÒÃDz»·Á¶Ô¼òµ¥µÄÏûÏ¢½øÐмÓÃÜ¡£ÏÂÃæÕâ¸öÃüÁʹÓÃBase64±àÂë·½·¨£¨Base64 Encoding£©£¬¶Ô"Welcome to LinuxCareer.com"£¨»¶Ó·ÃÎÊLinuxCaeer.com£©Õâ¸öÏûÏ¢½øÐмÓÃÜ£º
$ echo "Welcome to LinuxCareer.com" | openssl enc -base64
V2VsY29tZSB0byBMaW51eENhcmVlci5jb20K
ÉÏÊöÕâ¸öÃüÁîµÄÊä³öÊÇÒ»¸ö¾¹ý¼ÓÃܵÄ×Ö·û´®£¬º¬ÓÐÒѾ¹ý±àÂëµÄÏûÏ¢"Welcome to LinuxCareer.com"¡£Ïë¶Ô¾¹ý±àÂëµÄ×Ö·û´®½øÐнâÃÜ£¬»Ö¸´³ÉÔʼÏûÏ¢£¬ÎÒÃǾÍÒªµßµ¹Ë³Ðò£¬¼ÓÉÏ-dÑ¡Ï½øÐнâÃÜ£º
$ echo "V2VsY29tZSB0byBMaW51eENhcmVlci5jb20K" | openssl enc -base64 -d
Welcome to LinuxCareer.com
ÉÏÊö¼ÓÃÜÒ×ÓÚʹÓ㬲»¹ýËüȱÉÙÃÜÂëµÄÒ»¸öÖØÒªÌØÐÔ£¬Õâ¸öÖØÒªÌØÐÔÓ¦¸Ã¿ÉÓÃÓÚ¼ÓÃÜ¡£±ÈÈç˵£¬ÊÔ×ÅÓÃÃÜÂë"pass"¶ÔÏÂÁÐ×Ö·û´®½øÐнâÃÜ£º
U2FsdGVkX181xscMhkpIA6J0qd76N/nSjjTc9NrDUC0CBSLpZQxQ2Db7ipd7kexj
Ϊ´Ë£¬¾ÍÒªÔÙ´ÎʹÓÃOpenSSL£¬Õâ»Ø´ø-dÑ¡ÏîºÍ±àÂë·½·¨aes-256-cbc£º
echo "U2FsdGVkX181xscMhkpIA6J0qd76N/nSjjTc9NrDUC0CBSLpZQxQ2Db7ipd7kexj" | openssl
enc -aes-256-cbc -d -a
Äã¿ÖÅÂÒѾ²ÂÏëµ½ÁË£¬ÒªÏñÉÏÃæÄÇÑùÓÃÃÜÂë´´½¨¾¹ý¼ÓÃܵÄÏûÏ¢£¬¿ÉÒÔʹÓÃÏÂÃæÕâ¸öÃüÁ
$ echo "OpenSSL" | openssl enc -aes-256-cbc -a enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX185E3H2me2D+qmCfkEsXDTn8nCn/4sblr8=
Èç¹ûÄãÏë°ÑOpenSSLµÄÊä³ö´æ´¢µ½ÎļþÖУ¬¶ø²»ÊÇ´æ´¢µ½STDOUT£¬Ö»ÒªÊ¹ÓÃSTDOUTÖض¨Ïò">"¡£½«¾¹ý¼ÓÃܵÄÊä³ö´æ´¢µ½ÎļþÖÐʱ£¬Ä㻹¿ÉÒÔɾȥ-aÑ¡ÏÒòΪ²»ÔÙÐèÒªÊä³öÊÇ»ùÓÚASCIIÎı¾µÄ£º
$ echo "OpenSSL" | openssl enc -aes-256-cbc > openssl.dat
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
$ file openssl.dat
openssl.dat: data
Ïë¶Ôopenssl.datÎļþ½øÐнâÃÜ£¬»Ö¸´ÖÁÔʼÏûÏ¢£¬ÇëʹÓãº
$ openssl enc -aes-256-cbc -d -in openssl.dat
enter aes-256-cbc decryption password:
OpenSSL
3.¶ÔÎļþ½øÐмÓÃܺͽâÃÜ
ÏëʹÓÃOpenSSL¶ÔÎļþ½øÐмÓÃÜ£¬Æäʵ¾Í¸ú¶ÔÏûÏ¢½øÐмÓÃÜÒ»Ñù¼òµ¥¡£Î¨Ò»µÄÇø±ðÔÚÓÚ£¬ÎÒÃDz»ÊÇʹÓÃechoÃüÁ¶øÊÇʹÓÃ-inÑ¡ÏºóÃæ¸úÒÔÎÒÃÇÏë½øÐмÓÃܵÄʵ¼ÊÎļþ£¬²¢Ê¹ÓÃ-outÑ¡ÏÕâ»áÖ¸ÁîOpenSSL½«¾¹ý¼ÓÃܵÄÎļþ´æ´¢µ½Ä³¸öÃû³ÆµÄÎļþÖУº
$ openssl enc -aes-256-cbc -in /etc/services -out services.dat
Ïë¶ÔÎÒÃǵķþÎñÎļþ½øÐнâÃÜ£¬»Ö¸´³ÉÔÑù£¬ÇëʹÓãº
$ openssl enc -aes-256-cbc -d -in services.dat > services.txt
enter aes-256-cbc decryption password:
4.¶ÔĿ¼½øÐмÓÃܺͽâÃÜ
ÍòÒ»ÄãÐèҪʹÓÃOpenSSL¶ÔÕû¸öĿ¼½øÐмÓÃÜ£¬Ê×ÏÈÐèÒª´´½¨gzip´ò°üÎļþ£¨tarball£©£¬È»ºóÓÃÉÏÊö·½·¨¶Ô¸Ã´ò°üÎļþ½øÐмÓÃÜ£¬Ò²¿ÉÒÔʹÓÃpipe£¬Í¬Ê±Íê³ÉÕâÁ½ÏîÈÎÎñ£º
# tar cz /etc | openssl enc -aes-256-cbc -out etc.tar.gz.dat
tar: Removing leading `/' from member names
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Ïë¶ÔÕû¸öetc/Ŀ¼½øÐнâÃÜ£¬²¢ÌáÈ¡µ½µ±Ç°µÄ¹¤×÷Ŀ¼£¬ÇëʹÓãº
# openssl enc -aes-256-cbc -d -in etc.tar.gz.dat | tar xz
enter aes-256-cbc decryption password:
ÉÏÊö·½·¨¶Ô×Ô¶¯±¸·Ý¼ÓÃÜĿ¼À´ËµÏ൱ÓÐÓá£
5.С½á
´ó¼Ò¸Õ²Å¿´µ½µÄÖ»ÊÇOpenSSL¼ÓÃÜ·½ÃæµÄ»ù±¾½éÉÜ¡£Ëµµ½OpenSSLÕâ¿î¼ÓÃܹ¤¾ß°ü£¬ËüÆäʵûÓÐÏÞÖÆÄãÄÜÓÃËüÀ´×öʲô£¬¿ÉÒÔ˵ÓÃ;¹ã·º¡£Ïë¿´¿´ÈçºÎʹÓò»Í¬µÄ±àÂë·½·¨£¬Çë²ÎÔÄOpenSSLÊÖ²áÒ³£º
$ man openssl
À´Ô´£º51CTO ×÷Õߣº²¼¼ÓµÏ±àÒë