從這幾篇文章:Certificate Authority(CA) 憑證簡介AppServ + OpenSSL Setup SSL(https) in Win32 憑證建立Generating Private Key with OpenSSL 建立主機私有憑證 我們大致可以瞭解憑證的概念與建立的過程,,我們可謂已經擁有了自己一 把私鑰 private keyserver-privatekey.pem)以及一份由Sinica CA所簽發出來的公鑰 certificateserver-publickey.cer)。以下接著將介紹使用private key與 certificate的基本應用,包括:文件加密(Encrypt)與解密 (Decrypt)、文件簽章(Sign Signature)與驗證簽章(Verify Signature)等應用。

 現在就來作一個簡單的測試,模擬在網路實務上的運用過程。測試旳步驟如下:

1. 自行建立CA (ca.key、ca.crt)
2. 建立 Private Key
3. 建立 Certificate Request(憑證要求)
4. 將 Certificate Request 送交 CA 來簽證此憑證
5. 建立一個測試檔案:certkey-test.txt 內容為 "this is 測試",並由對方經我方傳給他的公鑰 certificateserver-publickey.cer)作加密,存成加密檔:certkey-test.msg。
6. 作解密測試。

相對應的指令如下:

step 1:
genrsa -out ca.key 1024
req -new -x509 -days 3650 -key ca.key -out ca.crt -config ../conf/openssl.cnf

step 2:
genrsa -out server-privatekey.pem 1024
rsa -in server-privatekey.pem -inform pem -out server-privatekey.der -outform der

step 3:
req -new  -inform pem -in server-privatekey.pem -out server-publickey.csr -key server-privatekey.pem -config ../conf/openssl.cnf

step 4:
ca -in server-publickey.csr -out server-publickey.cer -cert ca.crt -keyfile ca.key -config ../conf/openssl.cnf

setp 5:
smime -encrypt -in certkey-test.txt -out certkey-test.msg server-publickey.cer

加密後的檔案內容會像下面這樣

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIBegYJKoZIhvcNAQcDoIIBazCCAWcCAQAxggElMIIBIQIBADCBiTCBgzELMAkG
A1UEBhMCVFcxDzANBgNVBAgTBlRhaXdhbjELMAkGA1UEBxMCVFoxCzAJBgNVBAoT
AkdVMQwwCgYDVQQLEwNNSVMxFzAVBgNVBAMTDkNBIFJvb3QgQ2VudGVyMSIwIAYJ
KoZIhvcNAQkBFhNwb2xpbi53ZWlAZ21haWwuY29tAgEDMA0GCSqGSIb3DQEBAQUA
BIGA6lONXzR5PWSn1I7pJElitlQCMtVu2I1ikeC1TaaJvasvc9xb70mDLoV1tER0
P8fdI3ZRHflq3eOPJui19B6SlT6/o8BjPAb25mZUNVYlhZUSH4Vj0wmUk6UiJ868
rF3cBG9gYfdP3XLaXawvRC3fkZ6f33t+i2jMDGiKjljasIYwOQYJKoZIhvcNAQcB
MBoGCCqGSIb3DQMCMA4CAgCgBAgMmcm0JJTP9IAQIP0ReJQ06MOWD7tc+fMddw==

 

step 6:
smime -decrypt -in certkey-test.msg -recip server-publickey.cer -inkey server-privatekey.pem
或者
smime -decrypt -in certkey-test.msg -recip server-publickey.cer -inkey server-privatekey.der -keyform der

 

文章標籤
創作者介紹
MIS

MISTECH 技術手抄本

MIS 發表在 痞客邦 PIXNET 留言(0) 人氣()