openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1

本文主要是介绍openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\071\my_openssl_linux_doc_071.txt
* \note openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup071.shclear# openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1
./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest# 官方的这个脚本报错, 需要自己休整一下.
# x509: Multiple digest or unknown options: -sha256 and -sha1
# 修正之后, 还和原本的官方目标还一样么?# 报错原因, 采用了2种摘要算法(sha256, sha1)
# 尝试修正, 只保留一种摘要算法(sha1)# 看官方这个大脚本(setup.sh + mkcert.sh)写的这么不严谨, 看起来只是作为传家宝的脚本, 为了集齐7龙珠(各种历史脚本)
# 下一步要看看oenssl源码库中, 在哪里用这些历史脚本, 真的很好奇.# ./test/certs/下的这2个脚本, 只是为了制作各种用途的脚本, 只有这一种目标.// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem // cmd 2
// cfg_exp071_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = PSS-SHA1openssl req -new -sha256 -key ee-key.pem -config cfg_exp071_cmd2.txt -out req_exp071_cmd2.pem// cmd 3
// cfg_exp071_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:falseextendedKeyUsage = serverAuth
[alts]
subjectAltName = @alts
DNS=PSS-SHA1
[alts]openssl x509 -req -sha256 -out ee-pss-sha1-cert.pem -extfile cfg_exp071_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -in req_exp071_cmd2.pem// 报错
// x509: Multiple digest or unknown options: -sha256 and -sha1// 原因分析
// 在一句openssl命令行中, 只能采用一种确定的摘要算法.
// 在上面报错的命令行中, 采用了2种摘要算法 -sha256 -sha1
// 尝试修正, 只采用sha1为摘要算法, 修正后的openssl命令行如下openssl x509 -req -out ee-pss-sha1-cert.pem -extfile cfg_exp071_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -in req_exp071_cmd2.pem// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem 
openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = PSS-SHA1
openssl x509 -req -sha256 -out ee-pss-sha1-cert.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:falseextendedKeyUsage = serverAuth
[alts]
subjectAltName = @alts
DNS=PSS-SHA1[alts]

END

这篇关于openssl3.2/test/certs - 071 - RSA-PSS signatures - SHA1的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---