RSA

合规建议

• 默认选用RSA3072，或更高强度的RSA4096等。

示例

openssl genrsa -out rsa_priv.pem 3072
openssl rsa -in rsa_priv.pem -pubout > rsa_pub.pem

openssl rsa -pubin -text -in rsa_pub.pem

openssl dgst -sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -binary -sign rsa_priv.pem -out data.sig data.txt
openssl dgst -sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -verify rsa_pub.pem -signature data.sig data.txt

openssl dgst -sha256 -binary data.txt > data.dgst
openssl pkeyutl -sign -in data.dgst -inkey rsa_priv.pem -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -out data.sig
openssl pkeyutl -verify -pubin -inkey rsa_pub.pem -sigfile data.sig -in data.dgst -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256