当我使用类似的方法时,这里指定了什么使用 openssl 生成使用密码加密的私钥 我遇到了问题 - 我可以解密而无需提供密码。这是为什么?我原本以为它会在解密之前要求输入密码。我做错了什么?下面是我在 Windows 中的 Git Bash 中执行的日志,但我在 Ubuntu 中得到的结果相同。
auser@pc MINGW64 ~
$ openssl genrsa -out key.pem -passout pass:foobarpwd 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
............................................................................................+++++
e is 65537 (0x010001)
auser@pc MINGW64 ~
$ openssl rsa -in key.pem -pubout -out pub.pem
writing RSA key
auser@pc MINGW64 ~
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey pub.pem --pubin | base64
ioLPkvYY6+MqNbjQEgkKk+6UctHqPLeZZ12WTSezpWB1Q0aPXecQhptl92OD6Kk0rGbAf3+iFeWI
lYkfZDEs66a3EYRHKPe4ZspEo1mBFxFyI2VjSl0J2k0UEtDcuCion8lRic4GxPLd5tJeDI+hnUYo
Wbmbb3iBcW5HkXrREgq5EfXcQn7pQk9L0jT+KgZ3HOswz4njhPrlP2BHC/DaeobsqXRH3eFnmNt2
0tN8c5v9v1y1Eh0bQ22z3vlWldrbP6B7zU+Thv0N7ftVSOKbQwZ9upN+GCYexQO4KqegER1AwLs6
F3yluElBlHWncPpwwIBjK7TB48VAlYQ+FyFhIQ==
auser@pc MINGW64 ~
$ echo "ioLPkvYY6+MqNbjQEgkKk+6UctHqPLeZZ12WTSezpWB1Q0aPXecQhptl92OD6Kk0rGbAf3+iFeWI
> lYkfZDEs66a3EYRHKPe4ZspEo1mBFxFyI2VjSl0J2k0UEtDcuCion8lRic4GxPLd5tJeDI+hnUYo
> Wbmbb3iBcW5HkXrREgq5EfXcQn7pQk9L0jT+KgZ3HOswz4njhPrlP2BHC/DaeobsqXRH3eFnmNt2
> 0tN8c5v9v1y1Eh0bQ22z3vlWldrbP6B7zU+Thv0N7ftVSOKbQwZ9upN+GCYexQO4KqegER1AwLs6
> F3yluElBlHWncPpwwIBjK7TB48VAlYQ+FyFhIQ==" | base64 -d | openssl rsautl -decrypt -inkey key.pem
Hi Alice!
auser@pc MINGW64 ~
$
auser@pc MINGW64 ~
$ openssl genrsa -out key.pem --passout pass:foobarpwd 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
......................+++++
e is 65537 (0x010001)
auser@pc MINGW64 ~
$ openssl rsa -in key.pem -pubout -out pub.pem
writing RSA key
auser@pc MINGW64 ~
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey pub.pem --pubin | base64
eiuR7qf46hMDNUlejo8FGWDRYW6VrTTDV0l93+jP2cz5FSzoFbNXuAFjYHTf5EMBcyRT7ZGXBbgm
TkpuZX5on844j61rTEYLpLH9+bidFuHOpNGp3nSooXCxUs0xX+qKVZQ8ZVHEYUmQGDb++v/f+9/f
LXrl+GiLUAhGePr+rtYVVlE2kwzwLbnUC/G8G+M45xkH6Pqn2ewdalgZY87MlA5ZahSfJxjnB0nC
/5L2iTqD/RbatuQeEFP2oeOhVI+VJbb/ilJBqvVd+eH2Xl4sTySVbfxP5oeEbQSvQqRnJW/ZBhZt
gOcov4hf2vdBm/2jY58y7wMMO1IkbMUZiQRkIg==
auser@pc MINGW64 ~
$ echo "eiuR7qf46hMDNUlejo8FGWDRYW6VrTTDV0l93+jP2cz5FSzoFbNXuAFjYHTf5EMBcyRT7ZGXBbgm
TkpuZX5on844j61rTEYLpLH9+bidFuHOpNGp3nSooXCxUs0xX+qKVZQ8ZVHEYUmQGDb++v/f+9/f
LXrl+GiLUAhGePr+rtYVVlE2kwzwLbnUC/G8G+M45xkH6Pqn2ewdalgZY87MlA5ZahSfJxjnB0nC
/5L2iTqD/RbatuQeEFP2oeOhVI+VJbb/ilJBqvVd+eH2Xl4sTySVbfxP5oeEbQSvQqRnJW/ZBhZt
gOcov4hf2vdBm/2jY58y7wMMO1IkbMUZiQRkIg==" | base64 -d | openssl rsautl -decrypt -inkey key.pem
Hi Alice!
auser@pc MINGW64 ~
$
答案1
生成私钥时没有密码的原因只是因为没有指定加密来加密生成的密钥。该命令应类似于
openssl genrsa -des3 -out key3.pem -passout pass:"foobarpwd" 2048
openssl genrsa -aes -out key3.pem -passout pass:"foobarpwd" 2048
openssl genrsa -aes256 -out key3.pem -passout pass:"foobarpwd" 2048
因此,使用 aes256 时密钥文件将具有内容
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,09B36E3B49DE4DB249D71CC8FE7C7DCE
N7tcP+gEEJC9gfuRXYUJS7RVXTj/nsenqOixEM3mmM4EUXOAIkmxQFTbex3pCJls
0LVyjMkFTeDFZV/7OEoLrpP1/Vgy55M0h2TsDo/u11JijlqYh9vN9Ne3FVkeqiFF
RCgBNf685O89pRdUgOLHRF3g3jJqn6X06ALNsYi+4tI8ea11iUXHgXvfwfvRfwm4
rLsuV86Lh3pEcApwXpDmbAi+pVYTD2ngNZLlbXTifV783x8WDksmkMzhCg4oRZ7o
AFMmV6uxEuJvHdBhLyNDf54JNgYKmrIk8c8oL/0YC4tA7Hw31W1zJlwNu00mQIZU
M9vi9oDsPQNRBVsHL+V0E9d7FnXf8Oh8AKSGb6CaSEjkJbMiHbrG0upMQCVn0l6F
HM1AredJOZcT4yNX9fXXlJ5ynKPBLOc1YxcfNTPjXUyS9KDvrvaXmopMTsSRl/mt
C7J+4ZI1tUVqDFLAVunRciSBBWaqPfzPnoQLQ3TOD0ptmimTUvJ6rQINaWBRQsoY
Blvh02EWu/Nm4i/KCusCyrPZW2mJBnErguWS+Roe5jMeSYR10Sr874g7ehhED3PL
LoDTfNv9UQlOdnJkMO2lQ35b5dQnCC6mpXbirhKo3lRkyJnv73DPp6MAKtDpLb/U
iSQ6YO4iPFKQZigBWrzKg5O9cOZ789Of/2Z6Pvuls7cqt2BeGumswzhrqDDO+R+w
Pj92szv21e2F5olnR1I8MdmqajNrIKoOgdFEHYFZpHyS3dfttJk1LJQzkuaCqY6K
xCUgpiFQWKNICfAi6XKzvw9acQ4SL93AUWBL8oX+slYb38FbsCRgCKNgQVT3QmQr
qSwwrXnquxe2GNLJ723LDDW+gV4+SNIrJqFHTgKMZrRy6x0cvi9ctHyLu7NRTSrP
RKC++gI1yj+JF8YKoL3Zvrwe62Kc75pnSdAYSzSShcKGTIN34KJei3meaJFzmV0I
aYi9hpion00F27Vh2TH1Zd0YRO8ZpTrppfk72BWl4fk9KhNT9EsYgarNl9xi/9G2
KJ2k7I5tlxiUpbtgkoZRi7ZdO6MuRmWJSPyBhgM+Cyo0Mzjok/lGof6HrcpReDFK
Wt3A73/ZMHkyUI22TbX0vg3NvV42tBMuZLJM8eA4Mca25UknbuT4Snf6YrVehtvR
qW7bYXYEGSSHUV30vIXajo0FRvgDKM6MPQnLs7umHfOMC9Mz/FXfRHqazS9ZTbm9
EX/U048HNJwlPC7VQmsAU5c2BMx2YiCN31CzercgyUutuRiK6qi9gHZvHSf3eBwi
nEYOSC/Z6Izj+f06m453Bw2YZiqTeDDTpCRNLjA9jqOEb+NdBkR+mL7pEBqezNqE
5p19KRZDepID6OQNIlZX7VBMD88xAHzI2jDBk30juX5p8/S0Z0p7hnmBlEKKNQsM
KlRpkAUJw9juX78IIdHL3scpr+NtcwZNQ4C+C8fiwBjqy3vBjX35tVXYCTCJto0h
caa+SmwbfzMjVffMGyXvxtRsYFcwzv1bTXdu9vJTrbnXNSJzdhXuGRpEsn6k1t+n
c6RB3gNiHdH1vAn6vA/duRCENrOvUylHOf8kM+eIJNgo8hiW9iJNnfj6qGqonjJy
-----END RSA PRIVATE KEY-----