Openssl smime命令
2015-07-24 14:50
537 查看
一、简介
S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息
二、语法
选项
三、实例
1、进行数字签名
1)包含证书和原文信息
2)不包含证书信息
3)不包含原文
2、进行签名验证
1)包含证书和原文信息
2)不验证签名者证书信息
3)不包含原文
3、进行数字信封加密
4、进行数字信封解密
5、smime格式与pkcs#7格式的互转
6、对一个现存的消息添加一个签名者
S/MIME工具,用于处理S/MIME邮件,它能加密、解密、签名和验证S/MIME消息
二、语法
openssl smime [-encrypt] [-decrypt] [-sign] [-verify] [-pk7out] [-nointern] [-nosigs] [-noverify] [-nocerts] [ -nodetach] [-noattr] [-binary] [-in file] [-inform SMIME|PEM|DER] [-certfile file] [-signer file] [-recip file] [-passin arg] [-inkey file] [-keyform PEM |ENGINE] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-CApath directory] [-CAfile filename] [-crl_check] [-crl_check_all] [-indef] [-noindef] [-stream] [-rand file(s)] [-md digest] [cert.pem…] [-des] [-des3] [-rc2-40] [-rc2-64] [-rc2-128]
选项
-encrypt encrypt message -decrypt decrypt encrypted message -sign sign message -verify verify signed message -pk7out output PKCS#7 structure -des3 encrypt with triple DES -des encrypt with DES -seed encrypt with SEED -rc2-40 encrypt with RC2-40 (default) -rc2-64 encrypt with RC2-64 -rc2-128 encrypt with RC2-128 -aes128, -aes192, -aes256 encrypt PEM output with cbc aes -camellia128, -camellia192, -camellia256 encrypt PEM output with cbc camellia -nointern don't search certificates in message for signer -nosigs don't verify message signature -noverify don't verify signers certificate -nocerts don't include signers certificate when signing -nodetach use opaque signing -noattr don't include any signed attributes -binary don't translate message to text -certfile file other certificates file -signer file signer certificate file -recip file recipient certificate file for decryption -in file input file -inform arg input format SMIME (default), PEM or DER -inkey file input private key (if not signer or recipient) -keyform arg input private key format (PEM or ENGINE) -out file output file -outform arg output format SMIME (default), PEM or DER -content file supply or override content for detached signature -to addr to address -from ad from address -subject s subject -text include or delete text MIME headers -CApath dir trusted certificates directory -CAfile file trusted certificates file -trusted_first use trusted certificates first when building the trust chain -crl_check check revocation status of signer's certificate using CRLs -crl_check_all check revocation status of signer's certificate chain using CRLs -engine e use engine e, possibly a hardware device. -passin arg input file pass phrase source -rand file:file:... load the file (or the files in the directory) into the random number generator cert.pem recipient certificate(s) for encryption
三、实例
1、进行数字签名
1)包含证书和原文信息
openssl smime -sign -inkey prikey.pem -signer certself.pem -in install.log -out install_sign.msg
2)不包含证书信息
openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" –nocerts -in install.log -out install_sign.msg
3)不包含原文
openssl smime -sign -inkey prikey.pem -signer certself.pem -passin pass:"123456" -nodetach -in install.log -out install_sign.msg
2、进行签名验证
1)包含证书和原文信息
openssl smime -verify -CAfile certself.pem -in install_sign.msg -out install_verify.log
2)不验证签名者证书信息
openssl smime -verify -noverify -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
3)不包含原文
openssl smime -verify -nodetach -CAfile certself.pem -signer certself.pem -in text_sign.msg -out text_verify.log
3、进行数字信封加密
openssl smime -encrypt -in install.log -out install_evp.enc certself.pem
4、进行数字信封解密
openssl smime -decrypt -in install_evp.enc -out install_ope.log -inkey prikey.pem
5、smime格式与pkcs#7格式的互转
openssl smime -in text_sign.msg -pk7out -out test_pkcs.pem
openssl pkcs7 -in test_pkcs.pem -text
6、对一个现存的消息添加一个签名者
openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
参考:http://blog.csdn.net/as3luyuan123/article/details/16850953
相关文章推荐
- SolrException: Index locked 和 Error opening new searcher 最终解决方案
- Linux 文件系统的简单操作
- linux 下的查找命令
- 更改Eclipse下Tomcat的部署目录 ,防止上传的文件是到eclipse的克隆的tomcat上的webapp,而不是tomcat本身的webapp
- 系统架构设计应考虑的因素
- hadoop常用命令
- myclipse 复制一个项目改名之后tomcat部署还是原来的名字 解决方法
- 一个程序演示所有的shell编程知识
- linux下python之模拟鼠标键盘动作具体实现
- linux 下面 静态库 、 动态库的生成 及其使用
- .net mvc 下实现移动架构display mode
- ln: creating symbolic link XXXXXX : Operation not supported
- linux下漏洞扫描工具软件结构报告
- Linux常用命令总结
- 对AOP切面的一些整理与理解
- Hadoop 遇到的问题集
- linux图形界面基本知识(X、X11、Xfree86、Xorg、GNOME、KDE之间的关系)
- linux多线程驱动中调用udelay对整个系统造成的影响
- SCWS分词扩展在UNIX/LINUX下的安装方法
- centos 6.6 安装图形界面 X server gnome Xwindows