TungNT (Blue)

tungnt.blue@gmail.com

User Tools

Site Tools

Trace:
development:security:rsa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
development:security:rsa [2024/08/21 04:56] – [3. Tra cứu chứng thư số] tungntdevelopment:security:rsa [2024/09/07 03:05] (current) tungnt
Line 26: Line 26:
   * [[https://packagist.org/packages/phpseclib/phpseclib|Package phpseclib]]   * [[https://packagist.org/packages/phpseclib/phpseclib|Package phpseclib]]
   * [[https://phpseclib.sourceforge.net/rsa/2.0/examples.html|phpseclib: RSA Examples and Notes]]   * [[https://phpseclib.sourceforge.net/rsa/2.0/examples.html|phpseclib: RSA Examples and Notes]]
 +  * [[https://docs.openssl.org/master/man1|OpenSSL commands]]
 +  * [[https://en.rakko.tools/tools/46/|SSL Certificate Generator]]
 +
 +<code bash>
 +tungnt@MacBook-Pro-cua-Nguyen-2 2024 % openssl x509 -help                                         
 +Usage: x509 [options]
 +
 +General options:
 + -help                      Display this summary
 + -in infile                 Certificate input, or CSR input file with -req (default stdin)
 + -passin val                Private key and cert file pass-phrase source
 + -new                       Generate a certificate from scratch
 + -x509toreq                 Output a certification request (rather than a certificate)
 + -req                       Input is a CSR file (rather than a certificate)
 + -copy_extensions val       copy extensions when converting from CSR to x509 or vice versa
 + -inform format             CSR input format to use (PEM or DER; by default try PEM first)
 + -vfyopt val                CSR verification parameter in n:v form
 + -key val                   Key for signing, and to include unless using -force_pubkey
 + -signkey val               Same as -key
 + -keyform PEM|DER|ENGINE    Key input format (ENGINE, other values ignored)
 + -out outfile               Output file - default stdout
 + -outform format            Output format (DER or PEM) - default PEM
 + -nocert                    No cert output (except for requested printing)
 + -noout                     No output (except for requested printing)
 +
 +Certificate printing options:
 + -text                      Print the certificate in text form
 + -dateopt val               Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822.
 + -certopt val               Various certificate text printing options
 + -fingerprint               Print the certificate fingerprint
 + -alias                     Print certificate alias
 + -serial                    Print serial number value
 + -startdate                 Print the notBefore field
 + -enddate                   Print the notAfter field
 + -dates                     Print both notBefore and notAfter fields
 + -subject                   Print subject DN
 + -issuer                    Print issuer DN
 + -nameopt val               Certificate subject/issuer name printing options
 + -email                     Print email address(es)
 + -hash                      Synonym for -subject_hash (for backward compat)
 + -subject_hash              Print subject hash value
 + -subject_hash_old          Print old-style (MD5) subject hash value
 + -issuer_hash               Print issuer hash value
 + -issuer_hash_old           Print old-style (MD5) issuer hash value
 + -ext val                   Restrict which X.509 extensions to print and/or copy
 + -ocspid                    Print OCSP hash values for the subject name and public key
 + -ocsp_uri                  Print OCSP Responder URL(s)
 + -purpose                   Print out certificate purposes
 + -pubkey                    Print the public key in PEM format
 + -modulus                   Print the RSA key modulus
 +
 +Certificate checking options:
 + -checkend intmax           Check whether cert expires in the next arg seconds
 +                            Exit 1 (failure) if so, 0 if not
 + -checkhost val             Check certificate matches host
 + -checkemail val            Check certificate matches email
 + -checkip val               Check certificate matches ipaddr
 +
 +Certificate output options:
 + -set_serial val            Serial number to use, overrides -CAserial
 + -next_serial               Increment current certificate serial number
 + -days int                  Number of days until newly generated certificate expires - default 30
 + -preserve_dates            Preserve existing validity dates
 + -set_issuer val            Set or override certificate issuer
 + -set_subject val           Set or override certificate subject (and issuer)
 + -subj val                  Alias for -set_subject
 + -force_pubkey infile       Key to be placed in new certificate or certificate request
 + -clrext                    Do not take over any extensions from the source certificate or request
 + -extfile infile            Config file with X509V3 extensions to add
 + -extensions val            Section of extfile to use - default: unnamed section
 + -sigopt val                Signature parameter, in n:v form
 + -badsig                    Corrupt last byte of certificate signature (for test)
 + -*                         Any supported digest, used for signing and printing
 +
 +Micro-CA options:
 + -CA infile                 Use the given CA certificate, conflicts with -key
 + -CAform PEM|DER            CA cert format (PEM/DER/P12); has no effect
 + -CAkey val                 The corresponding CA key; default is -CA arg
 + -CAkeyform PEM|DER|ENGINE  CA key format (ENGINE, other values ignored)
 + -CAserial val              File that keeps track of CA-generated serial number
 + -CAcreateserial            Create CA serial number file if it does not exist
 +
 +Certificate trust output options:
 + -trustout                  Mark certificate PEM output as trusted
 + -setalias val              Set certificate alias (nickname)
 + -clrtrust                  Clear all trusted purposes
 + -addtrust val              Trust certificate for a given purpose
 + -clrreject                 Clears all the prohibited or rejected uses of the certificate
 + -addreject val             Reject certificate for a given purpose
 +
 +Random state options:
 + -rand val                  Load the given file(s) into the random number generator
 + -writerand outfile         Write random data to the specified file
 + -engine val                Use engine, possibly a hardware device
 +
 +Provider options:
 + -provider-path val         Provider load path (must be before 'provider' argument if required)
 + -provider val              Provider to load (can be specified multiple times)
 + -propquery val             Property query used when fetching algorithms
 +</code>
 ====== 2. Sử dụng RSA từ postman ====== ====== 2. Sử dụng RSA từ postman ======
  
Line 65: Line 165:
  
 <code bash> <code bash>
-tungnt@MacBook-Pro-cua-Nguyen-2 2024 % openssl x509 -in public_key.cer -text -noout+% openssl x509 -in public_key.cer -text -noout
  
-tungnt@MacBook-Pro-cua-Nguyen-2 2024 % openssl x509 -in 9pay_tcb_verify_sign_1.cer -serial -noout +% openssl x509 -in public_key.cer -serial -noout 
 serial=5401120DBEDE6BADB78DB6895AEA45AA serial=5401120DBEDE6BADB78DB6895AEA45AA
  
-tungnt@MacBook-Pro-cua-Nguyen-2 2024 % openssl x509 -in 9pay_tcb_verify_sign_1.cer -dates -noout  +% openssl x509 -in public_key.cer -dates -noout  
 notBefore=Aug 23 08:25:05 2023 GMT notBefore=Aug 23 08:25:05 2023 GMT
 notAfter=Aug 25 08:25:05 2026 GMT notAfter=Aug 25 08:25:05 2026 GMT
 +
 +% openssl rsa -noout -modulus -in tcb_refund.crt | openssl md5
 +MD5(stdin)= ae4a16924cebaccc1b7a8240507930d0
 +
 </code> </code>
  
development/security/rsa.1724216207.txt.gz · Last modified: 2024/08/21 04:56 by tungnt
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki