i3 Jan 17 2015: OpenSSL 各ファイルの内容の確認方法
メモとして。
genrsa で生成した RSA 秘密鍵。
$ openssl rsa -in clttest/clt.key -text
Enter pass phrase for clttest/clt.key:
Private-Key: (2048 bit)
modulus:
00:c1:37:ba:01:95:6c:cc:d6:03:85:8f:dc:d0:8f:
e7:e9:35:0b:4b:7a:c8:31:49:e2:ed:06:f0:07:fe:
d9:9c:ff:cb:48:14:db:79:d4:ff:8f:3c:c2:57:9d:
...
CSR(署名要求)。
$ openssl req -in clttest/clt.csr -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=JP, ST=Tokyo-to, L=Minato-ku, O=Ayutaya.com, Inc., OU=Sales, Div., CN=AYUTAYA_COM EMPID 3828347/emailAddress=example@ayutaya.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c1:37:ba:01:95:6c:cc:d6:03:85:8f:dc:d0:8f:
e7:e9:35:0b:4b:7a:c8:31:49:e2:ed:06:f0:07:fe:
d9:9c:ff:cb:48:14:db:79:d4:ff:8f:3c:c2:57:9d:
...
X.509 証明書。
$ openssl x509 -in clttest/clt.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=Tokyo, O=Ayutaya.com, Inc., OU=IT, Div., CN=Kiichiro NAKA/emailAddress=admin@ayutaya.com
Validity
Not Before: Jan 13 07:24:51 2015 GMT
Not After : Jan 4 07:24:51 2050 GMT
Subject: C=JP, ST=Tokyo-to, L=Minato-ku, O=Ayutaya.com, Inc., OU=Sales, Div., CN=AYUTAYA_COM EMPID 3828347/emailAddress=example@ayutaya.com
...
以上は PEM。DER ならばそれぞれに、-inform ~ を指定。変換ならば、-outform ~ を指定。
PKCS#12 の内容。
$ openssl pkcs12 -in clttest/clt.p12 -info
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: F6 AA CB 59 B5 45 A5 CE A8 F1 56 58 F5 E6 EB 1E 41 63 63 2C
subject=/C=JP/ST=Tokyo-to/L=Minato-ku/O=Ayutaya.com, Inc./OU=Sales, Div./CN=AYUTAYA_COM EMPID 3828347/emailAddress=example@ayutaya.com
issuer=/C=JP/ST=Tokyo/O=Ayutaya.com, Inc./OU=IT, Div./CN=Kiichiro NAKA/emailAddress=admin@ayutaya.com
...