Onion Information
Kriptografija javnog ključa - GASERI
Više informacija može se naći u pkeyutl(1ssl) . Author: Domagoj Margan, Vedran Miletić
Onion Details
Page Clicks: 0
First Seen: 03/15/2024
Last Indexed: 10/23/2024
Onion Content
Preskoči na sadržaj Kriptografija javnog ključa Stvaranje i transformacije para ključeva Stvaranje (tajnog) RSA ključa Za generiranje RSA ključa koristimo opciju genrsa : $ openssl genrsa Generating RSA private key, 2048 bit long modulus ( 2 primes ) ................+++++ ................................+++++ e is 65537 ( 0x010001 ) -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA41Eyt2xgFhxOvDRefKJaQ0ReYoDRMqDiHpToYroUIhyulTqM CkBhGFZSrwP8EQRLHe/0XCUXTXFKtfPkw9xs2HhMkqbufjcDEQF2bJR3xNwUctPS i6MTwVX1cWvURd2kJRzRR5pBBnWkxsb0Xp5bgu05nlkCsjSTN/U0vnncfaBElkbD Ao54taTqkaCBBvNdrqBHY6cK9mfbL2Zo9A3rwfMU/0Vc2ZcM2MBGqu8g9QZvKNN5 cKYJ8LRn/4NoaKzaD5w11ss6qpGjbkBYph+2q5yeUiDarD4Br7e8boOJnNv13qwI cCjp4t6Dk0eyHGpAEuFfyO0vgn8sLq68ZJiVZQIDAQABAoIBAQC+Im+6boLcW6cb 0u3pb97x/uC3oanZoCoijEjoM16dvcHlfkgeVwUf1yxnyXxwO1gdXVTWMgwQsZ9d G/iQPvIoCk96Jvi7R4ZgFgoY/gJD/hV4imbEd44Rm7Wlvhyap64hgL4oFwUmwwYl YcqKzggbNhOIuEkCB+nP12DbpZBg3jaJT4km1Iz58kacbCItm+rilycq5mNWfKOq M8eipf+a2QO+1R4pP6vATMgCSz4euAjr3AISYiUa2WtQCrhy3tlpTF6FAazhZXO5 7MqB7/liM5k/hp5P2334vbh3bKVJcJHW9Uf4ViYSeHGIDXonUTED2tX4kuztt+V7 C8dPyrghAoGBAPR3tzSsIDROmfH+wkedk4hsppQT/n9jCezmiCatVd0+8UUHL3R/ DDGdyVIHEsb3sZBdUh8Oin9AofdaYpZyJgJXkBRph4Wf0973nvAaR5F6nLTBjVS+ eX9mFz80KUJB7XzXQn1gz83iKzX32rYbE2eWmFc+8NL2b7gmVonIp94ZAoGBAO4K XfK+ItF2+dtxcNfqXJNf3R7i5OoOhGNjQu2QR3gX/m7iJ87fOsh5tGtkADdA8Io1 +8jIPcaedp81UlId3ux9o8FKl8YewEPufFz+ZjP8Q+DwQyISITrGBU0ifh97S78+ 8ZVFQkx9RI+6gU2PU62C21asGeqHVvhRUp2CZkMtAoGBAPKmqUg02TpSEmeq8PfY pomxHp64QdH7Yeys3dNWFXYndZ+IhEfjmxzceulab/7h+HNMzahZ7Ipmgt1b76NY 5fVJKI+6N3QgslIMAsxbqVHzG/wmabwF297iXIy1n4ZOngVePHbqUxkONsm4nHRI 57fYOJnQtYUQas+j7h2Q915xAoGBAMJ1UZ5V2VfInAC6wXaBjDMQozDyJhNW3Kvc kPZFYT0oTMAEnISRNBJF6i+4t7xrnpUp2JCDlIPHPBx/kMpogI4tbTMgXrCIuoRE NPA7Gv7o3ALMA+u3Z9H9pqMGxIWvUYfgQbaxp6GYzAOmVq8noTIjrk81tM401cVx mc32ktfZAoGALL8/ZE8rOyE2wzoIjlOnnQWRWPYdD3hu0ruxEUGtCYxPokTYGL4y i/DyrJ5xLe7ydPJ5QdPb3tPraLVYuhGpKUx6K2df1TJ+Q6AjokZH/Utr52m/dmaI +doKmc6nJ28/T2+OdEFgStua8NDGOqNvq/wEf9TmcT+uU8ExlEEipUA = -----END RSA PRIVATE KEY----- Ovdje generiramo 2048-bitni ključ koji ispisujemo na standardni izlaz. Veća veličina ključa povećava vrijeme šifriranja i dešifriranja, ali isto tako smanjuje mogućnost provaljivanja šifriranog sadržaja od treće strane . Ukoliko želimo spremiti ključ u posebnu izlaznu datoteku, koristimo parametar -out . Također možemo navesti veličinu ključa koju želimo: $ openssl genrsa -out mojkljuc.pem 1024 openssl genrsa -out mojkljuc.pem 1024 Generating RSA private key, 1024 bit long modulus ( 2 primes ) .................................+++++ .................+++++ e is 65537 ( 0x010001 ) Ovime smo generirali 1024-bitni ključ i spremili ga u datoteku mojkljuc.pem . Želimo li osigurati naš ključ, možemo ga šifrirati i zaštititi lozinkom. Dodajemo parametar željenog algoritma za šifriranje: $ openssl genrsa -camellia256 -out mojkljuc.pem 4096 Generating RSA private key, 4096 bit long modulus ( 2 primes ) ........+++++ .....................+++++ e is 65537 ( 0x010001 ) Enter pass phrase for mojkljuc.pem: Verifying - Enter pass phrase for mojkljuc.pem: Ovime smo generirali 4096-bitni ključ i spremili ga u datoteku mojkljuc.pem , uz šifriranje algoritmom Camellia-256 . Stvaranje javnog RSA ključa Kako bi generirali pripadni javni ključ našeg privatnog RSA ključa, koristimo opciju rsa s parametrom -pubout : $ openssl rsa -in mojkljuc.pem -pubout Enter pass phrase for mojkljuc.pem: writing RSA key -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAJn/omkMIes+2XQC8WumxJuk0 n4uSrfoVJg/TmFecsfnxfGwX+AIKg7vYZE21IqqrgB1lUmBp+hqGxTmw55b/9iPo pBk+I1aaRZdHNvkbztU+t8/PPwFAMN7969jpMXYGhGcZACn0h+ok/i7MglSOQWzB im00OOWKyVh0EWrT9wIDAQAB -----END PUBLIC KEY----- Kao i dosad, parametrom -out možemo ključ pohraniti u datoteku umjesto ispisivanja na standardni izlaz: $ openssl rsa -in mojkljuc.pem -out javnikljuc.pem -pubout Enter pass phrase for mojkljuc.pem: writing RSA key Opcija rsa ima i druge parametre koji omogućuju, primjerice, konverziju formata ( -inform i -outform ), ispis modulusa ( -modulus ) i šifriranje ključa ( - i naredba bilo kojeg od podržanih algoritama za šifriranje). Mjerenje performansi RSA ključeva OpenSSL omogućuje mjerenje brzine stvaranja tajnih i javnih RSA ključeva opcijom speed rsa : $ openssl speed rsa Doing 512 bits private rsa 's for 10s: 276416 512 bits private RSA' s in 9 .98s Doing 512 bits public rsa 's for 10s: 4679174 512 bits public RSA' s in 9 .98s Doing 1024 bits private rsa 's for 10s: 130765 1024 bits private RSA' s in 9 .98s Doing 1024 bits public rsa 's for 10s: 1944320 1024 bits public RSA' s in 9 .98s Doing 2048 bits private rsa 's for 10s: 18717 2048 bits private RSA' s in 9 .98s Doing 2048 bits public rsa 's for 10s: 625187 2048 bits public RSA' s in 9 .98s Doing 3072 bits private rsa 's for 10s: 6198 3072 bits private RSA' s in 9 .99s Doing 3072 bits public rsa 's for 10s: 302978 3072 bits public RSA' s in 9 .98s Doing 4096 bits private rsa 's for 10s: 2782 4096 bits private RSA' s in 9 .99s Doing 4096 bits public rsa 's for 10s: 175534 4096 bits public RSA' s in 9 .97s Doing 7680 bits private rsa 's for 10s: 289 7680 bits private RSA' s in 9 .98s Doing 7680 bits public rsa 's for 10s: 49636 7680 bits public RSA' s in 9 .89s Doing 15360 bits private rsa 's for 10s: 54 15360 bits private RSA' s in 10 .00s Doing 15360 bits public rsa 's for 10s: 13626 15360 bits public RSA' s in 9 .97s OpenSSL 1 .1.1b 26 Feb 2019 built on: Wed Apr 3 10 :50:23 2019 UTC options:bn ( 64 ,64 ) rc4 ( 16x,int ) des ( int ) aes ( partial ) blowfish ( ptr ) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map = /build/openssl-uEA50R/openssl-1.1.1b = . fstack-protector-strong -Wformat -Werror = format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE = 2 sign verify sign/s verify/s rsa 512 bits 0 .000036s 0 .000002s 27697 .0 468855 .1 rsa 1024 bits 0 .000076s 0 .000005s 13102 .7 194821 .6 rsa 2048 bits 0 .000533s 0 .000016s 1875 .5 62644 .0 rsa 3072 bits 0 .001612s 0 .000033s 620 .4 30358 .5 rsa 4096 bits 0 .003591s 0 .000057s 278 .5 17606 .2 rsa 7680 bits 0 .034533s 0 .000199s 29 .0 5018 .8 rsa 15360 bits 0 .185185s 0 .000732s 5 .4 1366 .7 Specijalno se može mjeriti brzina stvaranja tajnih i javnih RSA ključeva duljine redom 512, 1024, 2048 i 4096 bitova opcijama speed rsa512 , speed rsa1024 , speed rsa2048 i speed rsa4096 . Opcija speed nudi mogućnost mjerenja brzine izvođenja i drugih kriptoalgoritama o čemu se više može pročitati u speed(1ssl) . Stvaranje para DSA ključeva Generiranje DSA ključeva izvodi se putem opcije dsaparam i opcije gendsa u dva koraka. Pokažimo stvaranje 1024-bitnog ključa u datoteci dsakljuc.pem . Prvo stvaramo datoteku s parametrima algoritma DSA opcijom dsaparam : $ openssl dsaparam -out dsaparam.pem 1024 Generating DSA parameters, 1024 bit long prime This could take some time ..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* ..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* Zatim stvaramo tajni ključ naredbom gendsa : $ openssl gendsa dsaparam.pem Generating DSA key, 1024 bits -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDOhyPo/H/ULvcuw3KiY1L19ccVUbn98x6/nlP9sW6npmVTfdcz QnBVikmDhzSVlNF5kXznGotporfSnISBeaT/znTLV8/u394FgpDFw4vFuuq+njyp xQ8HahHPrNe+495OXwXpAhrw+DkcpIrXZCRZJR4AfNixvxKQuiuJV6QbRQIVAOWb rPV+O1LV8eDKLs9q5WI6W5enAoGAVkRz5CeaIg6XNN8y98ItGrf6FhKEr033rOiv UWgR24h/vHuj7HMANA27pDxvntZKUVwnObdTXRowRBCVXQQnLCZZ/ltlSPBt9hBT gapcUh00UfpXo0ybjbD8Y0v9SXu6fXlqPGo6JUI88O5nHA1WpN5NNENGOCxRkzm2 qAUpdlQCgYBafObwm2vyGzjDsrmY+jqKy3TnNTbhRLAANpNKeSwwu3+4XN6j/0at hlU68uWIUkLxXnkK+IZdhiNaUI5G3QxkKvnj11oGnMT9IAaSrWiQq7Mgf15s/VO7 U1wn6E0N+80LqIN2LkpaSFA+hI3/1xzx877zHfeHerEqYYNsbIhKAwIVAMniYkKx UNABQps6Jm6Kf1gz8Lhi -----END DSA PRIVATE KEY----- Dodamo li parametar -out , ključ će umjesto ispisivanja na standardni izlaz biti pohranjen u datoteku: $ openssl gendsa -out dsakljuc.pem dsaparam.pem Generating DSA key, 1024 bits Ovih dva koraka moguće je svesti na jedan korištenjem parametra -genkey opcije dsaparam . $ openssl dsaparam -out dsakljuc.pem -genkey 1024 Generating DSA parameters, 1024 bit long prime This could take some time ...+.......+...+....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* ..+.+.....+..+.+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* Kako bi generirali pripadni javni ključ našeg privatnog DSA ključa, koristimo opciju dsa s parametrom -pubout analogno primjeru za RSA: $ openssl dsa -in dsakljuc.pem -pubout read DSA key writing DSA key -----BEGIN PUBLIC KEY----- MIIBtjCCASsGByqGSM44BAEwggEeAoGBAM6HI+j8f9Qu9y7DcqJjUvX1xxVRuf3z Hr+eU/2xbqemZVN91zNCcFWKSYOHNJWU0XmRfOcai2mit9KchIF5pP/OdMtXz+7f 3gWCkMXDi8W66r6ePKnFDwdqEc+s177j3k5fBekCGvD4ORykitdkJFklHgB82LG/ EpC6K4lXpBtFAhUA5Zus9X47UtXx4Mouz2rlYjpbl6cCgYBWRHPkJ5oiDpc03zL3 wi0at/oWEoSvTfes6K9RaBHbiH+8e6PscwA0DbukPG+e1kpRXCc5t1NdGjBEEJVd BCcsJln+W2VI8G32EFOBqlxSHTRR+lejTJuNsPxjS/1Je7p9eWo8ajolQjzw7mcc DVak3k00Q0Y4LFGTObaoBSl2VAOBhAACgYB/APco+HtrGsyeGGFpZWgu9N/e2y+e p4/RQH9iatV3AkbjuK5vECi9cgCUH3R2eUIRYRy7MxABmp0ARwCCreF95LsUlHdx ytf5/FhB0OMSmc2Zxf55I2QEnWq9kNgoGbl75slUIpeF7Vuqe7K3Q31kRAr/L75N gdwQ8Xo2lO727g == -----END PUBLIC KEY----- Također analogno primjeru za RSA, parametrom -out možemo ključ pohraniti u datoteku umjesto ispisivanja na standardni izlaz: $ openssl dsa -in dsakljuc.pem -out javnidsakljuc.pem -pubout read DSA key writing DSA key Opcija dsa ima i druge parametre vrlo slične već opisanoj opciji rsa . Mjerenje performansi DSA ključeva OpenSSL omogućuje mjerenje brzine potpisivanja DSA ključevima i provjere potpisa opcijom speed dsa : $ openssl speed dsa Doing 512 bits sign dsa 's for 10s: 192335 512 bits DSA signs in 9.99s Doing 512 bits verify dsa' s for 10s: 325914 512 bits DSA verify in 10 .00s Doing 1024 bits sign dsa 's for 10s: 110027 1024 bits DSA signs in 9.99s Doing 1024 bits verify dsa' s for 10s: 148698 1024 bits DSA verify in 10 .00s Doing 2048 bits sign dsa 's for 10s: 43267 2048 bits DSA signs in 10.00s Doing 2048 bits verify dsa' s for 10s: 49308 2048 bits DSA verify in 9 .99s OpenSSL 1 .1.1b 26 Feb 2019 built on: Wed Apr 3 10 :50:23 2019 UTC options:bn ( 64 ,64 ) rc4 ( 16x,int ) des ( int ) aes ( partial ) blowfish ( ptr ) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map = /build/openssl-uEA50R/openssl-1.1.1b = . fstack-protector-strong -Wformat -Werror = format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM...