为什么 OpenSSL 提供了两个有如此多重叠的实用程序
genpkey:
OpenSSL> genpkey -
Usage: genpkey [options]
where options may be
-out file output file
-outform X output format (DER or PEM)
-pass arg output file pass phrase source
-<cipher> use cipher <cipher> to encrypt the key
-engine e use engine e, possibly a hardware device.
-paramfile file parameters file
-algorithm alg the public key algorithm
-pkeyopt opt:value set the public key algorithm option <opt>
to value <value>
-genparam generate parameters, not key
-text print the in text
NB: options order may be important! See the manual page.
和genrsa:
OpenSSL> genrsa -
usage: genrsa [args] [numbits]
-des encrypt the generated key with DES in cbc mode
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)
-seed
encrypt PEM output with cbc seed
-aes128, -aes192, -aes256
encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-out file output the key to 'file
-passout arg output file pass phrase source
-f4 use F4 (0x10001) for the E value
-3 use 3 for the E value
-engine e use engine e, possibly a hardware device.
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
Debian 的文档对此也很奇怪,
genpkey Generation of Private Key or Parameters.
genrsa Generation of RSA Private Key. Superceded by genpkey.
是genpkey替代品吗?如果是,那为什么没有-des3?还有,我们如何为其添加密码并指定密钥长度?
答案1
它明确指出genrsa已被取代genpkey,因此是的,genpkey是一个替代品。
3des您可以使用-cipher参数将密码更改为
此外,它应该告诉您,要添加密码,请使用-pass参数
您可以找到更多信息这里