{"id":803,"date":"2024-09-06T10:22:07","date_gmt":"2024-09-06T02:22:07","guid":{"rendered":"https:\/\/thereisno.top\/?p=803"},"modified":"2024-12-17T21:48:20","modified_gmt":"2024-12-17T13:48:20","slug":"openssl%e4%bd%bf%e7%94%a8smime%e5%8f%91%e9%80%81%e7%ad%be%e5%90%8d%e5%92%8c%e5%8a%a0%e5%af%86%e9%82%ae%e4%bb%b6","status":"publish","type":"post","link":"https:\/\/thereisno.top\/?p=803","title":{"rendered":"OpenSSL\u4f7f\u7528S\/MIME\u53d1\u9001\u7b7e\u540d\u548c\u52a0\u5bc6\u90ae\u4ef6"},"content":{"rendered":"\n

1\uff0c\u901a\u4fe1\u53cc\u65b9\u7684\u8bc1\u4e66\u751f\u6210<\/p>\n\n\n\n

1.1\u751f\u6210\u6839\u8282\u70b9\u8bc1\u4e66<\/p>\n\n\n\n

openssl genrsa -out cakey.pem 2048<\/p>\n\n\n\n\n\n\n\n

openssl req -new -key cakey.pem -subj “\/CN=rootca.bitbaba.com” -out cacsr.pem<\/p>\n\n\n\n

openssl x509 -req -in cacsr.pem -days 999 -signkey cakey.pem -out cacert.pem<\/p>\n\n\n\n

1.2\u751f\u6210alice\u7684\u8bc1\u4e66<\/p>\n\n\n\n

openssl genrsa -out alicekey.pem 2048<\/p>\n\n\n\n

openssl req -new -key cakey.pem -subj “\/emailAddress=imalice.freemail@gmail.com” -out alicecsr.pem<\/p>\n\n\n\n

openssl x509 -req -in alicecsr.pem -days 999 -CA cacert.pem -CAKey cakey.pem -set_serial 01 -name “alice” -out alicecert.pem<\/p>\n\n\n\n

openssl pkcs12 -export -in alicecert.pem -inkey alicekey.pem -certfile cacert.pem -out alice.p12<\/p>\n\n\n\n

1.3\u751f\u6210bob\u7684\u8bc1\u4e66<\/p>\n\n\n\n

openssl genrsa -out bobkey.pem 2048<\/p>\n\n\n\n

openssl req -new -key bobkey.pem -subj “\/emailAddress=iambob.freemail@gmail.com” -out bobcsr.pem<\/p>\n\n\n\n

openssl x509 -req -in bobcsr.pem -days 999 -CA cacert.pem -CAkey cakey.pem -set_serial 02 -name “bob” -out bobcert.pem<\/p>\n\n\n\n

openssl pkcs12 -export -in bobcert.pem -inkey bobkey.pem -certfile cacert.pem -out bob.p12<\/p>\n\n\n\n

2\uff0c\u90ae\u4ef6\u7b7e\u540d<\/p>\n\n\n\n

openssl smime -sign -in \/tmp\/msg.txt -signer alicecert.pem -inkey alicekey.pem -nocerts -nodetach -text -out \/tmp\/alicesigned.eml<\/p>\n\n\n\n

\u63d0\u9192\uff1a<\/p>\n\n\n\n

-nodetach \u628a\u4fe1\u606f\u539f\u6587\u4e5f\u5305\u542b\u5230base64\u5757\u91cc\u9762\uff0c\u800c\u4e0d\u662f\u7528mime\u683c\u5f0f\u7684\u5206\u9694\u7b26\u5355\u72ec\u653e\u7f6e\uff0c\u6bd4\u8f83\u5bb9\u6613\u4fdd\u8bc1\u4fe1\u606f\u4e0d\u88ab\u90ae\u4ef6\u6536\u53d1\u670d\u52a1\u5668\u91cd\u6784\uff0c\u5bfc\u81f4\u9a8c\u8bc1\u5931\u8d25\u3002<\/p>\n\n\n\n

-nocerts    \u662f\u4e00\u4e2a\u53ef\u9009\u9009\u9879\uff0c\u5982\u679c\u8bbe\u7f6e\u7684\u8bdd\uff0calice\u7684\u8bc1\u4e66\uff08\u516c\u94a5\u7b49\uff09\u4e0d\u4f1a\u88ab\u5305\u542b\u5230\u7b7e\u540d\u4fe1\u606f\u91cc\u9762\uff08base64\u5757\uff09<\/p>\n\n\n\n

-signer      \u5728\u7b7e\u53d1\u90ae\u4ef6\u7684\u65f6\u5019\uff0c\u6307\u5b9a\u53d1\u9001\u4eba\u7684\u8bc1\u4e66\u4f4d\u7f6e\uff0c\u8fd9\u91cc\u6307\u5b9aalice\u7684\u8bc1\u4e66<\/p>\n\n\n\n

3\uff0c\u7b7e\u540d\u9a8c\u8bc1<\/p>\n\n\n\n

openssl smime -verify -in \/tmp\/alicesigned.eml -certfile alicecert.pem -CAfile cacert.pem<\/p>\n\n\n\n

\u6ce8\u610f\uff1a<\/p>\n\n\n\n

-signer  \u53c2\u6570\u8fd9\u4e2a\u65f6\u5019\u7684\u610f\u601d\uff1a\u5bfc\u51fa\u7b7e\u53d1\u90ae\u4ef6\u7684\u8bc1\u4e66\u4fdd\u5b58\u3002\u6240\u4ee5\u8981\u5c0f\u5fc3\u8986\u76d6\u539f\u6709\u8bc1\u4e66<\/p>\n\n\n\n

-CAfile  \u8bbe\u7f6e\u4fe1\u4efb\u7684ca\u4f4d\u7f6e\uff0c\u5426\u5219\u9a8c\u8bc1\u4e0d\u901a\u8fc7<\/p>\n\n\n\n

-certfile \u662f\u4e00\u4e2a\u53ef\u9009\u9009\u9879\uff0c\u5982\u679c\u7b7e\u540d\u7684\u65f6\u5019\u6307\u5b9a\u4e86-nocerts\uff0c\u8fd9\u91cc\u53ef\u4ee5\u6307\u5b9a\u9a8c\u8bc1\u8bc1\u4e66\uff08alice\uff09\uff0c\u8fd9\u6837\u7f51\u7edc\u4f20\u8f93\u7ecf\u6d4e\u3002<\/p>\n\n\n\n

4\uff0c\u90ae\u4ef6\u52a0\u5bc6<\/p>\n\n\n\n

 smime -encrypt -in \/tmp\/msg.txt -from imalice.freemail@gmail.com -to iambob.freemail@gmail.com -des3 -out \/tmp\/msg.eml bobcert.pem<\/p>\n\n\n\n

5\uff0c\u90ae\u4ef6\u89e3\u5bc6<\/p>\n\n\n\n

 openssl smime -decrypt -in \/tmp\/msg.eml -recip bobcert.pem -inkey bobkey.pem<\/p>\n\n\n\n

6\uff0c \u7b7e\u540d\u5e76\u52a0\u5bc6<\/p>\n\n\n\n

openssl smime -sign -in msg.txt -signer alicecert.pem -inkey alicekey.pem -nocerts -nodetach -text | openssl smime -encrypt -des3 -from imalice.freemail@gmail.com -to iambob.freemail@gmail.com -subject HiBob  bobcert.pem<\/p>\n\n\n\n

To: iambob.freemail@gmail.com<\/p>\n\n\n\n

From: imalice.freemail@gmail.com<\/p>\n\n\n\n

Subject: HiBob<\/p>\n\n\n\n

MIME-Version: 1.0<\/p>\n\n\n\n

Content-Disposition: attachment; filename=”smime.p7m”<\/p>\n\n\n\n

Content-Type: application\/x-pkcs7-mime; smime-type=enveloped-data; name=”smime.p7m”<\/p>\n\n\n\n

Content-Transfer-Encoding: base64<\/p>\n\n\n\n

MIIGKQYJKoZIhvcNAQcDoIIGGjCCBhYCAQAxggFmMIIBYgIBADBKMEUxCzAJBgNV<\/p>\n\n\n\n

BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX<\/p>\n\n\n\n

aWRnaXRzIFB0eSBMdGQCAQMwDQYJKoZIhvcNAQEBBQAEggEAdmR6L5KWIhmIFBwj<\/p>\n\n\n\n

\u3002\u3002\u3002\u3002<\/p>\n\n\n\n

7\uff0c\u89e3\u5bc6\u5e76\u9a8c\u8bc1<\/p>\n\n\n\n

openssl smime -decrypt -in enc.eml -recip bobcert.pem -inkey bobkey.pem | openssl smime -verify -certfile alicecert.pem -CAfile cacert.pem<\/p>\n\n\n\n

Content-Type: text\/plain<\/p>\n\n\n\n

 Hello, World !<\/p>\n\n\n\n

Verification successful<\/p>\n\n\n\n

\u7ba1\u9053\u547d\u4ee4<\/p>\n\n\n\n

openssl smime -sign -in msg.txt -signer alicecert.pem -inkey alicekey.pem -nocerts -nodetach -text | \\<\/p>\n\n\n\n

openssl smime -encrypt -des3 -from imalice.freemail@gmail.com -to iambob.freemail@gmail.com -subject HiBob  bobcert.pem | \\<\/p>\n\n\n\n

openssl smime -decrypt -recip bobcert.pem -inkey bobkey.pem | \\<\/p>\n\n\n\n

openssl smime -verify -certfile alicecert.pem -CAfile cacert.pem<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

1\uff0c\u901a\u4fe1\u53cc\u65b9\u7684\u8bc1\u4e66\u751f\u6210 1.1\u751f\u6210\u6839\u8282\u70b9\u8bc1\u4e66 openssl genrsa -out cakey.pem 20 … <\/p>\n

\u7ee7\u7eed\u9605\u8bfb\u201cOpenSSL\u4f7f\u7528S\/MIME\u53d1\u9001\u7b7e\u540d\u548c\u52a0\u5bc6\u90ae\u4ef6\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[103],"tags":[137,130],"class_list":["post-803","post","type-post","status-publish","format-standard","hentry","category-103","tag-openssl","tag-s-mime"],"_links":{"self":[{"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/posts\/803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thereisno.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=803"}],"version-history":[{"count":4,"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/posts\/803\/revisions"}],"predecessor-version":[{"id":2252,"href":"https:\/\/thereisno.top\/index.php?rest_route=\/wp\/v2\/posts\/803\/revisions\/2252"}],"wp:attachment":[{"href":"https:\/\/thereisno.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thereisno.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thereisno.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}