linuxidc@linuxidc:~/test$ openssl gendsa -
usage: gendsa [args] dsaparam-file
-out file - output the key to 'file'
-des - encrypt the generated key with DES in cbc mode
-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)
-seed
encrypt PEM output with cbc seed
-aes128, -aes192, -aes256 encrypt PEM output with cbc aes-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-engine e - use engine e, possibly a hardware device.
-rand file:file:...
- load the file (or the files in the directory) into
the random number generator
dsaparam-file
- a DSA parameter file as generated by the dsaparam command
示例如下:
1、根据密钥参数生成密钥
/*根据密钥参数生成密钥*/
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA1.pem DSAP.pem
Generating DSA key,1024 bits
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA2.pem DSAP.pem
Generating DSA key,1024 bits
/*相同密钥参数,每次生成的密钥不同*/
linuxidc@linuxidc:~/test$ diff DSA1.pem DSA2.pem
8,11c8,11
< TWcw1+XFAoGAEA1DLnv5efzB+ipIQ29q0ZedLVPyxdB44jpZES+esBQtU04HdI2N
< bClgwj8c9M6Y/9rL1uy3NqKaGHM+mjLyAXVceigFx7v15r5LRmWjialdqkcVG/3S
< Qo530ui/tXgFbFV9iA6C8L+nHDMPOf5v6oGyICmxN8DWzhQAsmy9mkICFBeqMbZM
< 9qBeG0BaS/6PucBxObsv
---
> TWcw1+XFAoGALWkjJeFunfvkiarJ1/pw8Lqvuyu/Glt3g/hURPPlrOIhA0pFXDmC
> UzCM1x6wrHWFc0jmUNk6FtnjGyiCLxVJGzeB7/4MA35aInHkiHwzX7a+B0At8bMq
> WEkWtzxhvTxTqWTAcC02Qr2mNNfJwWWVV0jVzMtm3Gb6YwhNnUvxp0ACFHrXO/8h
> dIwr6pSuj6vdNpHFDlY2
/*生成密钥并使用des3加密存储*/
linuxidc@linuxidc:~/test$ openssl gendsa -out DSA.pem -des3 -passout pass:123456 DSAP.pem
Generating DSA key,1024 bits
dsa和rsa指令功能及其类似,如下
linuxidc@linuxidc:~/test$ openssl dsa -
unknown option-
dsa [options]<infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-passin arg input file pass phrase source
-out arg output file
-passout arg output file pass phrase source-engine e use engine e, possibly a hardware device.
-des encrypt PEM output with cbc des
-des3 encrypt PEM output with ede cbc des using 168 bit key
-aes128, -aes192, -aes256
encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-seed encrypt PEM output with cbc seed
-text print the key in text
-noout don't print key out
-modulus print the DSA public value
示例如下:
1、加密密钥和解密密钥