OpenSSL 非对称加密算法DSA命令详解(2)

linuxidc@linuxidc:~/test$ openssl gendsa -
usage: gendsa [args] dsaparam-file
-out file - output the key to 'file'
-des      - encrypt the generated key with DES in cbc mode
-des3    - encrypt the generated key with DES in ede cbc mode (168 bit key)
-seed
                encrypt PEM output with cbc seed
-aes128, -aes192, -aes256 encrypt PEM output with cbc aes-camellia128, -camellia192, -camellia256
                encrypt PEM output with cbc camellia
-engine e - use engine e, possibly a hardware device.
-rand file:file:...
          - load the file (or the files in the directory) into
            the random number generator
dsaparam-file
          - a DSA parameter file as generated by the dsaparam command

示例如下:

1、根据密钥参数生成密钥

/*根据密钥参数生成密钥*/
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA1.pem  DSAP.pem
Generating DSA key,1024 bits
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA2.pem  DSAP.pem
Generating DSA key,1024 bits
/*相同密钥参数，每次生成的密钥不同*/
linuxidc@linuxidc:~/test$ diff DSA1.pem DSA2.pem
8,11c8,11
< TWcw1+XFAoGAEA1DLnv5efzB+ipIQ29q0ZedLVPyxdB44jpZES+esBQtU04HdI2N
< bClgwj8c9M6Y/9rL1uy3NqKaGHM+mjLyAXVceigFx7v15r5LRmWjialdqkcVG/3S
< Qo530ui/tXgFbFV9iA6C8L+nHDMPOf5v6oGyICmxN8DWzhQAsmy9mkICFBeqMbZM
< 9qBeG0BaS/6PucBxObsv
---
> TWcw1+XFAoGALWkjJeFunfvkiarJ1/pw8Lqvuyu/Glt3g/hURPPlrOIhA0pFXDmC
> UzCM1x6wrHWFc0jmUNk6FtnjGyiCLxVJGzeB7/4MA35aInHkiHwzX7a+B0At8bMq
> WEkWtzxhvTxTqWTAcC02Qr2mNNfJwWWVV0jVzMtm3Gb6YwhNnUvxp0ACFHrXO/8h
> dIwr6pSuj6vdNpHFDlY2
/*生成密钥并使用des3加密存储*/
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA.pem -des3 -passout pass:123456 DSAP.pem
Generating DSA key,1024 bits

2.1 dsa指令说明

dsa和rsa指令功能及其类似，如下

linuxidc@linuxidc:~/test$ openssl dsa -
unknown option-
dsa [options]<infile >outfile
where options are
-inform arg    input format - DER or PEM
-outform arg    output format - DER or PEM
-in arg        input file
-passin arg    input file pass phrase source
-out arg        output file
-passout arg output file pass phrase source-engine e      use engine e, possibly a hardware device.
-des            encrypt PEM output with cbc des
-des3          encrypt PEM output with ede cbc des using 168 bit key
-aes128, -aes192, -aes256
                encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
                encrypt PEM output with cbc camellia
-seed          encrypt PEM output with cbc seed
-text          print the key in text
-noout          don't print key out
-modulus        print the DSA public value

示例如下：

1、加密密钥和解密密钥