本文介绍如何直接使用openssl生成的证书直接加密和解密(公钥直接从pem文件读取,私钥直接pkcs8格式的key文件)
一、生成证书
openssl genrsa > cert.key 2048利用上面的私钥生成证书
openssl req -new -x509 -key cert.key >cert.pem
二、加密
输入原文、加密并采用base64输出
zeno@zeno-mbp isign % echo -n hello | openssl rsautl -certin -inkey cert.pem -encrypt | base64 | tr -d '\n'
Wvoa/ha9SJhHtdlTKD+jfpvY6+jfirMIRJJ1dvtACWsw8+z8fU7qSS5PJfavAqmozY5OGZGuevbN+BSqv/SWnxxgj6TewTwvOO2Fmv2rn2TgmnSkkw3y+DnYtKD7dgOFl6sgIANFobFf/fPeHmHtZKh025Zn/hRkAD6eX3nvKPoKS3eqM7oP1z16buWzvxVt3HA9P9bTpWFE5aPsjIV6FEJcYB1TS/J71mEjdgkhSNdeesyM9cerSqMopp//DWoERUpQZ27wLAF4Z47tsPFMOZpyAvDwk63hHP99pxqhbaeVMvmZYz1yjRbtcTBZGu3vw0hGhF7Ordpr1mOHTsyNrQ==其中hello为用例密文,根据实际需要调整
二、解密
输入密文,BASE64解码并解密
zeno@zeno-mbp isign % echo 'Wvoa/ha9SJhHtdlTKD+jfpvY6+jfirMIRJJ1dvtACWsw8+z8fU7qSS5PJfavAqmozY5OGZGuevbN+BSqv/SWnxxgj6TewTwvOO2Fmv2rn2TgmnSkkw3y+DnYtKD7dgOFl6sgIANFobFf/fPeHmHtZKh025Zn/hRkAD6eX3nvKPoKS3eqM7oP1z16buWzvxVt3HA9P9bTpWFE5aPsjIV6FEJcYB1TS/J71mEjdgkhSNdeesyM9cerSqMopp//DWoERUpQZ27wLAF4Z47tsPFMOZpyAvDwk63hHP99pxqhbaeVMvmZYz1yjRbtcTBZGu3vw0hGhF7Ordpr1mOHTsyNrQ==' | base64 -d | openssl rsautl -inkey cert.key -decrypt
hello