在Ubuntu系统中使用OpenSSL有许多实用的技巧,以下是一些常用的方法和命令:
sudo apt update
sudo apt install openssl libssl-dev
wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz
tar -xzvf openssl-1.1.1u.tar.gz
cd openssl-1.1.1u
./config --prefix=/usr/local/openssl shared zlib
make -j$(nproc)
sudo make install
openssl genrsa -out private.key 2048
openssl rsa -pubout -in private.key -out public.key
openssl req -new -key private.key -out certificate.csr
openssl req -x509 -new -nodes -key private.key -days 365 -out certificate.crt
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
openssl enc -d -aes-256-cbc -in file.txt.enc -out file.txt
openssl dgst -sha256 file.txt
openssl dgst -sha256 -verify public.key -signature signature.txt file.txt
openssl dgst -sha256 -sign private.key -out signature.txt file.txt
openssl dgst -sha256 -verify public.key -signature signature.txt file.txt
openssl rand -hex 32
openssl s_client -connect example.com:443
openssl s_server -www -accept 443 -cert certificate.crt -key private.key
export OPENSSL_ROOT_DIR=/opt/openssl/1.1.1
export OPENSSL_INCLUDE_DIR=$OPENSSL_ROOT_DIR/include
export OPENSSL_LIB_DIR=$OPENSSL_ROOT_DIR/lib
export LD_LIBRARY_PATH=$OPENSSL_LIB_DIR:$LD_LIBRARY_PATH
export PATH=$OPENSSL_ROOT_DIR/bin:$PATH
gcc -o my_program my_program.c -I/opt/openssl/1.1.1/include -L/opt/openssl/1.1.1/lib -lssl -lcrypto
cat server.crt intermediate.crt private.key > full-chain.pem
/etc/ssl/certs/ca-certificates.crt 文件中:sudo cp certificate.pem /etc/ssl/certs/ca-certificates.crt
请注意,OpenSSL的版本可能会随着Ubuntu版本的更新而发生变化,因此建议在使用前通过 openssl version命令确认当前安装的版本。如果你需要特定版本的OpenSSL,可以从OpenSSL官方网站下载对应版本的源码进行编译安装。
