一、openssl 简介

openssl 是目前最流行的 SSL 密码库工具,其提供了一个通用、健壮、功能完备的工具套件,用以支持SSL/TLS 协议的实现。
官网:https://www.openssl.org/source/

构成部分

  1. 密码算法库
  2. 密钥和证书封装管理功能
  3. SSL通信API接口

用途

  1. 建立 RSA、DH、DSA key 参数
  2. 建立 X.509 证书、证书签名请求(CSR)和CRLs(证书回收列表)
  3. 计算消息摘要
  4. 使用各种 Cipher加密/解密
  5. SSL/TLS 客户端以及服务器的测试
  6. 处理S/MIME 或者加密邮件

二、RSA密钥操作

默认情况下,openssl 输出格式为 PKCS#1-PEM

生成RSA私钥(无加密)

openssl genrsa -out rsa_private.key <span style="color: #800080;line-height: 1.5 !important">2048</span>

生成RSA公钥

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_private.key -pubout -out rsa_public.key

生成RSA私钥(使用aes256加密)

openssl genrsa -aes256 -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out rsa_aes_private.key <span style="color: #800080;line-height: 1.5 !important">2048</span>

其中 passout 代替shell 进行密码输入,否则会提示输入密码;
生成加密后的内容如:

-----BEGIN RSA PRIVATE KEY-----<span style="line-height: 1.5 !important">
Proc</span>-Type: <span style="color: #800080;line-height: 1.5 !important">4</span><span style="line-height: 1.5 !important">,ENCRYPTED
DEK</span>-Info: AES-<span style="color: #800080;line-height: 1.5 !important">256</span>-<span style="line-height: 1.5 !important">CBC,5584D000DDDD53DD5B12AE935F05A007
Base64 Encoded Data
</span>-----END RSA PRIVATE KEY-----

此时若生成公钥,需要提供密码

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_aes_private.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -pubout -out rsa_public.key

其中 passout 代替shell 进行密码输入,否则会提示输入密码;

转换命令

私钥转非加密

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_aes_private.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out rsa_private.key

私钥转加密

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_private.key -aes256 -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out rsa_aes_private.key

私钥PEM转DER

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_private.key -outform der-out rsa_aes_private.der

-inform和-outform 参数制定输入输出格式,由der转pem格式同理

查看私钥明细

openssl rsa -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_private.key -noout -text

使用-pubin参数可查看公钥明细

私钥PKCS#1转PKCS#8

openssl pkcs8 -topk8 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> rsa_private.key -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out pkcs8_private.key

其中-passout指定了密码,输出的pkcs8格式密钥为加密形式,pkcs8默认采用des3 加密算法,内容如下:

-----BEGIN ENCRYPTED PRIVATE KEY-----<span style="line-height: 1.5 !important">
Base64 Encoded Data
</span>-----END ENCRYPTED PRIVATE KEY-----

使用-nocrypt参数可以输出无加密的pkcs8密钥,如下:

-----BEGIN PRIVATE KEY-----<span style="line-height: 1.5 !important">
Base64 Encoded Data
</span>-----END PRIVATE KEY-----

三、生成自签名证书

生成 RSA 私钥和自签名证书

openssl req -newkey rsa:<span style="color: #800080;line-height: 1.5 !important">2048</span> -nodes -keyout rsa_private.key -x509 -days <span style="color: #800080;line-height: 1.5 !important">365</span> -out cert.crt

req是证书请求的子命令,-newkey rsa:2048 -keyout private_key.pem 表示生成私钥(PKCS8格式),-nodes 表示私钥不加密,若不带参数将提示输入密码;
-x509表示输出证书,-days365 为有效期,此后根据提示输入证书拥有者信息;
若执行自动输入,可使用-subj选项:

openssl req -newkey rsa:<span style="color: #800080;line-height: 1.5 !important">2048</span> -nodes -keyout rsa_private.key -x509 -days <span style="color: #800080;line-height: 1.5 !important">365</span> -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]"

使用 已有RSA 私钥生成自签名证书

openssl req -new -x509 -days <span style="color: #800080;line-height: 1.5 !important">365</span> -key rsa_private.key -out cert.crt

-new 指生成证书请求,加上-x509 表示直接输出证书,-key 指定私钥文件,其余选项与上述命令相同

四、生成签名请求及CA 签名

使用 RSA私钥生成 CSR 签名请求

openssl genrsa -aes256 -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out server.key <span style="color: #800080;line-height: 1.5 !important">2048</span><span style="line-height: 1.5 !important">
openssl req </span>-new -key server.key -out server.csr

此后输入密码、server证书信息完成,也可以命令行指定各类参数

openssl req -new -key server.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out server.csr -subj <span style="color: #800000;line-height: 1.5 !important">"</span><span style="color: #800000;line-height: 1.5 !important">/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/[email protected]</span><span style="color: #800000;line-height: 1.5 !important">"</span>

*** 此时生成的 csr签名请求文件可提交至 CA进行签发 ***

查看CSR 的细节

<span style="color: #0000ff;line-height: 1.5 !important">cat</span><span style="line-height: 1.5 !important"> server.csr
</span>-----BEGIN CERTIFICATE REQUEST-----<span style="line-height: 1.5 !important">
Base64EncodedData
</span>-----END CERTIFICATE REQUEST-----<span style="line-height: 1.5 !important">

openssl req </span>-noout -text -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.csr

使用 CA 证书及CA密钥 对请求签发证书进行签发,生成 x509证书

openssl x509 -req -days <span style="color: #800080;line-height: 1.5 !important">3650</span> -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.csr -CA ca.crt -CAkey ca.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -CAcreateserial -out server.crt

其中 CAxxx 选项用于指定CA 参数输入

五、证书查看及转换

查看证书细节

openssl x509 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> cert.crt -noout -text

转换证书编码格式

openssl x509 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> cert.cer -inform DER -outform PEM -out cert.pem

合成 pkcs#12 证书(含私钥)

** 将 pem 证书和私钥转 pkcs#12 证书 **

openssl pkcs12 -export -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.crt -inkey server.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out server.p12

其中-export指导出pkcs#12 证书,-inkey 指定了私钥文件,-passin 为私钥(文件)密码(nodes为无加密),-password 指定 p12文件的密码(导入导出)

** 将 pem 证书和私钥/CA 证书 合成pkcs#12 证书**

openssl pkcs12 -export -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.crt -inkey server.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111111</span><span style="line-height: 1.5 !important"> 
    </span>-chain -CAfile ca.crt -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out server-all.p12

其中-chain指示同时添加证书链,-CAfile 指定了CA证书,导出的p12文件将包含多个证书。(其他选项:-name可用于指定server证书别名;-caname用于指定ca证书别名)

** pcks#12 提取PEM文件(含私钥) **

openssl pkcs12 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.p12 -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -out out/server.pem

其中-password 指定 p12文件的密码(导入导出),-passout指输出私钥的加密密码(nodes为无加密)
导出的文件为pem格式,同时包含证书和私钥(pkcs#8):

使用
<span style="line-height: 1.5 !important">Bag Attributes
    localKeyID: </span><span style="color: #800080;line-height: 1.5 !important">97</span> DD <span style="color: #800080;line-height: 1.5 !important">46</span> 3D 1E <span style="color: #800080;line-height: 1.5 !important">91</span> EF <span style="color: #800080;line-height: 1.5 !important">01</span> 3B 2E 4A <span style="color: #800080;line-height: 1.5 !important">75</span> <span style="color: #800080;line-height: 1.5 !important">81</span> 4F <span style="color: #800080;line-height: 1.5 !important">11</span> A6 E7 1F <span style="color: #800080;line-height: 1.5 !important">79</span> <span style="color: #800080;line-height: 1.5 !important">40</span><span style="line-height: 1.5 !important"> 
subject</span>=/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vihoo.com/emailAddress=<span style="line-height: 1.5 !important">[email protected]
issuer</span>=/C=CN/ST=GD/L=SZ/O=viroot/OU=dev/CN=viroot.com/emailAddress=<span style="line-height: 1.5 !important">[email protected]
</span>-----BEGIN CERTIFICATE-----<span style="line-height: 1.5 !important">
MIIDazCCAlMCCQCIOlA9</span>/<span style="line-height: 1.5 !important">dcfEjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJD
1LpQCA</span>+<span style="line-height: 1.5 !important">2B6dn4scZwaCD
</span>-----END CERTIFICATE-----<span style="line-height: 1.5 !important">
Bag Attributes
    localKeyID: </span><span style="color: #800080;line-height: 1.5 !important">97</span> DD <span style="color: #800080;line-height: 1.5 !important">46</span> 3D 1E <span style="color: #800080;line-height: 1.5 !important">91</span> EF <span style="color: #800080;line-height: 1.5 !important">01</span> 3B 2E 4A <span style="color: #800080;line-height: 1.5 !important">75</span> <span style="color: #800080;line-height: 1.5 !important">81</span> 4F <span style="color: #800080;line-height: 1.5 !important">11</span> A6 E7 1F <span style="color: #800080;line-height: 1.5 !important">79</span> <span style="color: #800080;line-height: 1.5 !important">40</span><span style="line-height: 1.5 !important"> 
Key Attributes: </span><No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----<span style="line-height: 1.5 !important">
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDC</span>/<span style="line-height: 1.5 !important">6rAc1YaPRNf
K9ZLHbyBTKVaxehjxzJHHw</span>==
-----END ENCRYPTED PRIVATE KEY-----

仅提取私钥

 openssl pkcs12 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.p12 -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -passout pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -nocerts -out out/key.pem

仅提取证书(所有证书)

 openssl pkcs12 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.p12 -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -nokeys -out out/key.pem

仅提取ca证书

openssl pkcs12 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server-all.p12 -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -nokeys -cacerts -out out/cacert.pem

仅提取server证书

openssl pkcs12 -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server-all.p12 -password pass:<span style="color: #800080;line-height: 1.5 !important">111111</span> -nokeys -clcerts -out out/cert.pem

六、openssl 命令参考

<span style="color: #800080;line-height: 1.5 !important">1</span>. openssl list-standard-<span style="line-height: 1.5 !important">commands(标准命令)
    </span><span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) asn1parse: asn1parse用于解释用ANS.1语法书写的语句(ASN一般用于定义语法的构成) 
    </span><span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) ca: ca用于CA的管理 
    openssl ca [options]:
        </span><span style="color: #800080;line-height: 1.5 !important">2.1</span>) -<span style="line-height: 1.5 !important">selfsign
        使用对证书请求进行签名的密钥对来签发证书。即</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="color: #800000;line-height: 1.5 !important">自签名</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="line-height: 1.5 !important">,这种情况发生在生成证书的客户端、签发证书的CA都是同一台机器(也是我们大多数实验中的情况),我们可以使用同一个
密钥对来进行</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="color: #800000;line-height: 1.5 !important">自签名</span><span style="color: #800000;line-height: 1.5 !important">"</span>
        <span style="color: #800080;line-height: 1.5 !important">2.2</span>) -<span style="color: #0000ff;line-height: 1.5 !important">in</span> <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        需要进行处理的PEM格式的证书
        </span><span style="color: #800080;line-height: 1.5 !important">2.3</span>) -out <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        处理结束后输出的证书文件
        </span><span style="color: #800080;line-height: 1.5 !important">2.4</span>) -cert <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        用于签发的根CA证书
        </span><span style="color: #800080;line-height: 1.5 !important">2.5</span>) -<span style="line-height: 1.5 !important">days arg 
        指定签发的证书的有效时间
        </span><span style="color: #800080;line-height: 1.5 !important">2.6</span>) -<span style="line-height: 1.5 !important">keyfile arg   
        CA的私钥证书文件
        </span><span style="color: #800080;line-height: 1.5 !important">2.7</span>) -<span style="line-height: 1.5 !important">keyform arg
        CA的根私钥证书文件格式:
            </span><span style="color: #800080;line-height: 1.5 !important">2.7</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) PEM
            </span><span style="color: #800080;line-height: 1.5 !important">2.7</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) ENGINE 
        </span><span style="color: #800080;line-height: 1.5 !important">2.8</span>) -<span style="line-height: 1.5 !important">key arg   
        CA的根私钥证书文件的解密密码(如果加密了的话)
        </span><span style="color: #800080;line-height: 1.5 !important">2.9</span>) -config <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">    
        配置文件
    example1: 利用CA证书签署请求证书
    openssl ca </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.csr -out server.crt -cert ca.crt -<span style="line-height: 1.5 !important">keyfile ca.key  

    </span><span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) req: X.509证书签发请求(CSR)管理
    openssl req [options] </span><infile ><span style="line-height: 1.5 !important">outfile
        </span><span style="color: #800080;line-height: 1.5 !important">3.1</span>) -<span style="line-height: 1.5 !important">inform arg
        输入文件格式
            </span><span style="color: #800080;line-height: 1.5 !important">3.1</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">3.1</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">3.2</span>) -<span style="line-height: 1.5 !important">outform arg   
        输出文件格式
            </span><span style="color: #800080;line-height: 1.5 !important">3.2</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">3.2</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">3.3</span>) -<span style="color: #0000ff;line-height: 1.5 !important">in</span><span style="line-height: 1.5 !important"> arg
        待处理文件
        </span><span style="color: #800080;line-height: 1.5 !important">3.4</span>) -<span style="line-height: 1.5 !important">out arg
        待输出文件
        </span><span style="color: #800080;line-height: 1.5 !important">3.5</span>) -<span style="line-height: 1.5 !important">passin        
        用于签名待生成的请求证书的私钥文件的解密密码
        </span><span style="color: #800080;line-height: 1.5 !important">3.6</span>) -key <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        用于签名待生成的请求证书的私钥文件
        </span><span style="color: #800080;line-height: 1.5 !important">3.7</span>) -<span style="line-height: 1.5 !important">keyform arg  
            </span><span style="color: #800080;line-height: 1.5 !important">3.7</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">3.7</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) NET
            </span><span style="color: #800080;line-height: 1.5 !important">3.7</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">3.8</span>) -<span style="line-height: 1.5 !important">new
        新的请求
        </span><span style="color: #800080;line-height: 1.5 !important">3.9</span>) -<span style="line-height: 1.5 !important">x509          
        输出一个X509格式的证书 
        </span><span style="color: #800080;line-height: 1.5 !important">3.10</span>) -<span style="line-height: 1.5 !important">days
        X509证书的有效时间  
        </span><span style="color: #800080;line-height: 1.5 !important">3.11</span>) -<span style="line-height: 1.5 !important">newkey rsa:bits 
        生成一个bits长度的RSA私钥文件,用于签发  
        </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>) -<span style="line-height: 1.5 !important">[digest]
        HASH算法
            </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) md5
            </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) sha1
            </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) md2
            </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>.<span style="color: #800080;line-height: 1.5 !important">4</span><span style="line-height: 1.5 !important">) mdc2
            </span><span style="color: #800080;line-height: 1.5 !important">3.12</span>.<span style="color: #800080;line-height: 1.5 !important">5</span><span style="line-height: 1.5 !important">) md4
        </span><span style="color: #800080;line-height: 1.5 !important">3.13</span>) -config <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">   
        指定openssl配置文件
        </span><span style="color: #800080;line-height: 1.5 !important">3.14</span>) -<span style="line-height: 1.5 !important">text: text显示格式
    example1: 利用CA的RSA密钥创建一个自签署的CA证书(X.509结构) 
    openssl req </span>-new -x509 -days <span style="color: #800080;line-height: 1.5 !important">3650</span> -key server.key -<span style="line-height: 1.5 !important">out ca.crt 
    example2: 用server.key生成证书签署请求CSR(这个CSR用于之外发送待CA中心等待签发)
    openssl req </span>-new -key server.key -<span style="line-height: 1.5 !important">out server.csr
    example3: 查看CSR的细节
    openssl req </span>-noout -text -<span style="color: #0000ff;line-height: 1.5 !important">in</span><span style="line-height: 1.5 !important"> server.csr

    </span><span style="color: #800080;line-height: 1.5 !important">4</span><span style="line-height: 1.5 !important">) genrsa: 生成RSA参数
    openssl genrsa [args] [numbits]
        [args]
        </span><span style="color: #800080;line-height: 1.5 !important">4.1</span><span style="line-height: 1.5 !important">) 对生成的私钥文件是否要使用加密算法进行对称加密:
            </span><span style="color: #800080;line-height: 1.5 !important">4.1</span>.<span style="color: #800080;line-height: 1.5 !important">1</span>) -<span style="line-height: 1.5 !important">des: CBC模式的DES加密
            </span><span style="color: #800080;line-height: 1.5 !important">4.1</span>.<span style="color: #800080;line-height: 1.5 !important">2</span>) -<span style="line-height: 1.5 !important">des3: CBC模式的DES加密
            </span><span style="color: #800080;line-height: 1.5 !important">4.1</span>.<span style="color: #800080;line-height: 1.5 !important">3</span>) -<span style="line-height: 1.5 !important">aes128: CBC模式的AES128加密
            </span><span style="color: #800080;line-height: 1.5 !important">4.1</span>.<span style="color: #800080;line-height: 1.5 !important">4</span>) -<span style="line-height: 1.5 !important">aes192: CBC模式的AES192加密
            </span><span style="color: #800080;line-height: 1.5 !important">4.1</span>.<span style="color: #800080;line-height: 1.5 !important">5</span>) -<span style="line-height: 1.5 !important">aes256: CBC模式的AES256加密
        </span><span style="color: #800080;line-height: 1.5 !important">4.2</span>) -<span style="line-height: 1.5 !important">passout arg: arg为对称加密(des、des、aes)的密码(使用这个参数就省去了console交互提示输入密码的环节)
        </span><span style="color: #800080;line-height: 1.5 !important">4.3</span>) -out <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">: 输出证书私钥文件
        [numbits]: 密钥长度
    example: 生成一个1024位的RSA私钥,并用DES加密(密码为1111),保存为server.key文件
    openssl genrsa </span>-out server.key -passout pass:<span style="color: #800080;line-height: 1.5 !important">1111</span> -des3 <span style="color: #800080;line-height: 1.5 !important">1024</span> 

    <span style="color: #800080;line-height: 1.5 !important">5</span><span style="line-height: 1.5 !important">) rsa: RSA数据管理
    openssl rsa [options] </span><infile ><span style="line-height: 1.5 !important">outfile
        </span><span style="color: #800080;line-height: 1.5 !important">5.1</span>) -<span style="line-height: 1.5 !important">inform arg
        输入密钥文件格式:
            </span><span style="color: #800080;line-height: 1.5 !important">5.1</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER(ASN1)
            </span><span style="color: #800080;line-height: 1.5 !important">5.1</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) NET
            </span><span style="color: #800080;line-height: 1.5 !important">5.1</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) PEM(base64编码格式)
         </span><span style="color: #800080;line-height: 1.5 !important">5.2</span>) -<span style="line-height: 1.5 !important">outform arg
         输出密钥文件格式
            </span><span style="color: #800080;line-height: 1.5 !important">5.2</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">5.2</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) NET
            </span><span style="color: #800080;line-height: 1.5 !important">5.2</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">5.3</span>) -<span style="color: #0000ff;line-height: 1.5 !important">in</span><span style="line-height: 1.5 !important"> arg
        待处理密钥文件 
        </span><span style="color: #800080;line-height: 1.5 !important">5.4</span>) -<span style="line-height: 1.5 !important">passin arg
        输入这个加密密钥文件的解密密钥(如果在生成这个密钥文件的时候,选择了加密算法了的话)
        </span><span style="color: #800080;line-height: 1.5 !important">5.5</span>) -<span style="line-height: 1.5 !important">out arg
        待输出密钥文件
        </span><span style="color: #800080;line-height: 1.5 !important">5.6</span>) -<span style="line-height: 1.5 !important">passout arg  
        如果希望输出的密钥文件继续使用加密算法的话则指定密码 
        </span><span style="color: #800080;line-height: 1.5 !important">5.7</span>) -<span style="line-height: 1.5 !important">des: CBC模式的DES加密
        </span><span style="color: #800080;line-height: 1.5 !important">5.8</span>) -<span style="line-height: 1.5 !important">des3: CBC模式的DES加密
        </span><span style="color: #800080;line-height: 1.5 !important">5.9</span>) -<span style="line-height: 1.5 !important">aes128: CBC模式的AES128加密
        </span><span style="color: #800080;line-height: 1.5 !important">5.10</span>) -<span style="line-height: 1.5 !important">aes192: CBC模式的AES192加密
        </span><span style="color: #800080;line-height: 1.5 !important">5.11</span>) -<span style="line-height: 1.5 !important">aes256: CBC模式的AES256加密
        </span><span style="color: #800080;line-height: 1.5 !important">5.12</span>) -<span style="line-height: 1.5 !important">text: 以text形式打印密钥key数据 
        </span><span style="color: #800080;line-height: 1.5 !important">5.13</span>) -<span style="line-height: 1.5 !important">noout: 不打印密钥key数据 
        </span><span style="color: #800080;line-height: 1.5 !important">5.14</span>) -<span style="line-height: 1.5 !important">pubin: 检查待处理文件是否为公钥文件
        </span><span style="color: #800080;line-height: 1.5 !important">5.15</span>) -<span style="line-height: 1.5 !important">pubout: 输出公钥文件
    example1: 对私钥文件进行解密
    openssl rsa </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111</span> -<span style="line-height: 1.5 !important">out server_nopass.key
    example:</span><span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">: 利用私钥文件生成对应的公钥文件
    openssl rsa </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.key -passin pass:<span style="color: #800080;line-height: 1.5 !important">111</span> -pubout -<span style="line-height: 1.5 !important">out server_public.key

    </span><span style="color: #800080;line-height: 1.5 !important">6</span><span style="line-height: 1.5 !important">) x509:
    本指令是一个功能很丰富的证书处理工具。可以用来显示证书的内容,转换其格式,给CSR签名等X.509证书的管理工作
    openssl x509 [args]    
        </span><span style="color: #800080;line-height: 1.5 !important">6.1</span>) -<span style="line-height: 1.5 !important">inform arg
        待处理X509证书文件格式
            </span><span style="color: #800080;line-height: 1.5 !important">6.1</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">6.1</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) NET
            </span><span style="color: #800080;line-height: 1.5 !important">6.1</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">6.2</span>) -<span style="line-height: 1.5 !important">outform arg   
        待输出X509证书文件格式
            </span><span style="color: #800080;line-height: 1.5 !important">6.2</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER
            </span><span style="color: #800080;line-height: 1.5 !important">6.2</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) NET
            </span><span style="color: #800080;line-height: 1.5 !important">6.2</span>.<span style="color: #800080;line-height: 1.5 !important">3</span><span style="line-height: 1.5 !important">) PEM
        </span><span style="color: #800080;line-height: 1.5 !important">6.3</span>) -<span style="color: #0000ff;line-height: 1.5 !important">in</span><span style="line-height: 1.5 !important"> arg 
        待处理X509证书文件
        </span><span style="color: #800080;line-height: 1.5 !important">6.4</span>) -<span style="line-height: 1.5 !important">out arg       
        待输出X509证书文件
        </span><span style="color: #800080;line-height: 1.5 !important">6.5</span>) -<span style="line-height: 1.5 !important">req            
        表明输入文件是一个</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="color: #800000;line-height: 1.5 !important">请求签发证书文件(CSR)</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="line-height: 1.5 !important">,等待进行签发 
        </span><span style="color: #800080;line-height: 1.5 !important">6.6</span>) -<span style="line-height: 1.5 !important">days arg       
        表明将要签发的证书的有效时间 
        </span><span style="color: #800080;line-height: 1.5 !important">6.7</span>) -<span style="line-height: 1.5 !important">CA arg 
        指定用于签发请求证书的根CA证书 
        </span><span style="color: #800080;line-height: 1.5 !important">6.8</span>) -<span style="line-height: 1.5 !important">CAform arg     
        根CA证书格式(默认是PEM) 
        </span><span style="color: #800080;line-height: 1.5 !important">6.9</span>) -<span style="line-height: 1.5 !important">CAkey arg      
        指定用于签发请求证书的CA私钥证书文件,如果这个option没有参数输入,那么缺省认为私有密钥在CA证书文件里有
        </span><span style="color: #800080;line-height: 1.5 !important">6.10</span>) -<span style="line-height: 1.5 !important">CAkeyform arg  
        指定根CA私钥证书文件格式(默认为PEM格式)
        </span><span style="color: #800080;line-height: 1.5 !important">6.11</span>) -<span style="line-height: 1.5 !important">CAserial arg   
        指定序列号文件(serial number </span><span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">)
        </span><span style="color: #800080;line-height: 1.5 !important">6.12</span>) -<span style="line-height: 1.5 !important">CAcreateserial 
        如果序列号文件(serial number </span><span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">)没有指定,则自动创建它     
    example1: 转换DER证书为PEM格式
    openssl x509 </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> cert.cer -inform DER -outform PEM -<span style="line-height: 1.5 !important">out cert.pem
    example2: 使用根CA证书对</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="color: #800000;line-height: 1.5 !important">请求签发证书</span><span style="color: #800000;line-height: 1.5 !important">"</span><span style="line-height: 1.5 !important">进行签发,生成x509格式证书
    openssl x509 </span>-req -days <span style="color: #800080;line-height: 1.5 !important">3650</span> -<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -<span style="line-height: 1.5 !important">out server.crt
    example3: 打印出证书的内容
    openssl x509 </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> server.crt -noout -<span style="line-height: 1.5 !important">text 

    </span><span style="color: #800080;line-height: 1.5 !important">7</span><span style="line-height: 1.5 !important">) crl: crl是用于管理CRL列表 
    openssl crl [args]
        </span><span style="color: #800080;line-height: 1.5 !important">7.1</span>) -<span style="line-height: 1.5 !important">inform arg
        输入文件的格式
            </span><span style="color: #800080;line-height: 1.5 !important">7.1</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER(DER编码的CRL对象)
            </span><span style="color: #800080;line-height: 1.5 !important">7.1</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) PEM(默认的格式)(base64编码的CRL对象)
        </span><span style="color: #800080;line-height: 1.5 !important">7.2</span>) -<span style="line-height: 1.5 !important">outform arg
        指定文件的输出格式 
            </span><span style="color: #800080;line-height: 1.5 !important">7.2</span>.<span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) DER(DER编码的CRL对象)
            </span><span style="color: #800080;line-height: 1.5 !important">7.2</span>.<span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) PEM(默认的格式)(base64编码的CRL对象)
        </span><span style="color: #800080;line-height: 1.5 !important">7.3</span>) -<span style="line-height: 1.5 !important">text: 
        以文本格式来打印CRL信息值。
        </span><span style="color: #800080;line-height: 1.5 !important">7.4</span>) -<span style="color: #0000ff;line-height: 1.5 !important">in</span><span style="line-height: 1.5 !important"> filename
        指定的输入文件名。默认为标准输入。
        </span><span style="color: #800080;line-height: 1.5 !important">7.5</span>) -<span style="line-height: 1.5 !important">out filename
        指定的输出文件名。默认为标准输出。
        </span><span style="color: #800080;line-height: 1.5 !important">7.6</span>) -<span style="line-height: 1.5 !important">hash
        输出颁发者信息值的哈希值。这一项可用于在文件中根据颁发者信息值的哈希值来查询CRL对象。
        </span><span style="color: #800080;line-height: 1.5 !important">7.7</span>) -<span style="line-height: 1.5 !important">fingerprint
        打印CRL对象的标识。
        </span><span style="color: #800080;line-height: 1.5 !important">7.8</span>) -<span style="line-height: 1.5 !important">issuer
        输出颁发者的信息值。
        </span><span style="color: #800080;line-height: 1.5 !important">7.9</span>) -<span style="line-height: 1.5 !important">lastupdate
        输出上一次更新的时间。
        </span><span style="color: #800080;line-height: 1.5 !important">7.10</span>) -<span style="line-height: 1.5 !important">nextupdate
        打印出下一次更新的时间。 
        </span><span style="color: #800080;line-height: 1.5 !important">7.11</span>) -CAfile <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        指定CA文件,用来验证该CRL对象是否合法。 
        </span><span style="color: #800080;line-height: 1.5 !important">7.12</span>) -<span style="line-height: 1.5 !important">verify
        是否验证证书。        
    example1: 输出CRL文件,包括(颁发者信息HASH值、上一次更新的时间、下一次更新的时间)
    openssl crl </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> crl.crl -text -issuer -hash -<span style="line-height: 1.5 !important">lastupdate –nextupdate 
    example2: 将PEM格式的CRL文件转换为DER格式
    openssl crl </span>-<span style="color: #0000ff;line-height: 1.5 !important">in</span> crl.pem -outform DER -<span style="line-height: 1.5 !important">out crl.der  

    </span><span style="color: #800080;line-height: 1.5 !important">8</span><span style="line-height: 1.5 !important">) crl2pkcs7: 用于CRL和PKCS#7之间的转换 
    openssl crl2pkcs7 [options] </span><infile ><span style="line-height: 1.5 !important">outfile
    转换pem到spc
    openssl crl2pkcs7 </span>-nocrl -certfile venus.pem -outform DER -<span style="line-height: 1.5 !important">out venus.spc
    https:</span><span style="color: #008000;line-height: 1.5 !important">//</span><span style="color: #008000;line-height: 1.5 !important">www.openssl.org/docs/apps/crl2pkcs7.<a rel="noopener noreferrer nofollow" href="http://www.chhua.com/web-notetag/html" rel="noopener noreferrer nofollow" target="_blank" title="html">html</a></span>

    <span style="color: #800080;line-height: 1.5 !important">9</span><span style="line-height: 1.5 !important">) pkcs12: PKCS#12数据的管理
    pkcs12文件工具,能生成和分析pkcs12文件。PKCS#12文件可以被用于多个项目,例如包含Netscape、 MSIE 和 MS Outlook
    openssl pkcs12 [options] 
    http:</span><span style="color: #008000;line-height: 1.5 !important">//</span><span style="color: #008000;line-height: 1.5 !important">blog.csdn.net/as3luyuan123/article/details/16105475</span>
    https:<span style="color: #008000;line-height: 1.5 !important">//</span><span style="color: #008000;line-height: 1.5 !important">www.openssl.org/docs/apps/pkcs12.html</span>

    <span style="color: #800080;line-height: 1.5 !important">10</span><span style="line-height: 1.5 !important">) pkcs7: PCKS#7数据的管理 
    用于处理DER或者PEM格式的pkcs#7文件
    openssl pkcs7 [options] </span><infile ><span style="line-height: 1.5 !important">outfile
    http:</span><span style="color: #008000;line-height: 1.5 !important">//</span><span style="color: #008000;line-height: 1.5 !important">blog.csdn.net/as3luyuan123/article/details/16105407</span>
    https:<span style="color: #008000;line-height: 1.5 !important">//</span><span style="color: #008000;line-height: 1.5 !important">www.openssl.org/docs/apps/pkcs7.html</span>
 
<span style="color: #800080;line-height: 1.5 !important">2</span>. openssl list-message-digest-<span style="line-height: 1.5 !important">commands(消息摘要命令)
    </span><span style="color: #800080;line-height: 1.5 !important">1</span><span style="line-height: 1.5 !important">) dgst: dgst用于计算消息摘要 
    openssl dgst [args]
        </span><span style="color: #800080;line-height: 1.5 !important">1.1</span>) -<span style="line-height: 1.5 !important">hex           
        以16进制形式输出摘要
        </span><span style="color: #800080;line-height: 1.5 !important">1.2</span>) -<span style="line-height: 1.5 !important">binary        
        以二进制形式输出摘要
        </span><span style="color: #800080;line-height: 1.5 !important">1.3</span>) -sign <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">    
        以私钥文件对生成的摘要进行签名
        </span><span style="color: #800080;line-height: 1.5 !important">1.4</span>) -verify <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">    
        使用公钥文件对私钥签名过的摘要文件进行验证 
        </span><span style="color: #800080;line-height: 1.5 !important">1.5</span>) -prverify <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">  
        以私钥文件对公钥签名过的摘要文件进行验证
        verify a signature using private key </span><span style="color: #0000ff;line-height: 1.5 !important">in</span> <span style="color: #0000ff;line-height: 1.5 !important">file</span>
        <span style="color: #800080;line-height: 1.5 !important">1.6</span><span style="line-height: 1.5 !important">) 加密处理
            </span><span style="color: #800080;line-height: 1.5 !important">1.6</span>.<span style="color: #800080;line-height: 1.5 !important">1</span>) -<span style="line-height: 1.5 !important">md5: MD5 
            </span><span style="color: #800080;line-height: 1.5 !important">1.6</span>.<span style="color: #800080;line-height: 1.5 !important">2</span>) -<span style="line-height: 1.5 !important">md4: MD4         
            </span><span style="color: #800080;line-height: 1.5 !important">1.6</span>.<span style="color: #800080;line-height: 1.5 !important">3</span>) -<span style="line-height: 1.5 !important">sha1: SHA1 
            </span><span style="color: #800080;line-height: 1.5 !important">1.6</span>.<span style="color: #800080;line-height: 1.5 !important">4</span>) -<span style="line-height: 1.5 !important">ripemd160
    example1: 用SHA1算法计算文件file.txt的哈西值,输出到stdout
    openssl dgst </span>-sha1 <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">.txt
    example2: 用dss1算法验证file.txt的数字签名dsasign.bin,验证的private key为DSA算法产生的文件dsakey.pem
    openssl dgst </span>-dss1 -prverify dsakey.pem -signature dsasign.bin <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">.txt

    </span><span style="color: #800080;line-height: 1.5 !important">2</span><span style="line-height: 1.5 !important">) sha1: 用于进行RSA处理
    openssl sha1 [args] 
        </span><span style="color: #800080;line-height: 1.5 !important">2.1</span>) -sign <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        用于RSA算法的私钥文件 
        </span><span style="color: #800080;line-height: 1.5 !important">2.2</span>) -out <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">
        输出文件爱你
        </span><span style="color: #800080;line-height: 1.5 !important">2.3</span>) -<span style="line-height: 1.5 !important">hex   
        以16进制形式输出
        </span><span style="color: #800080;line-height: 1.5 !important">2.4</span>) -<span style="line-height: 1.5 !important">binary
        以二进制形式输出  
    example1: 用SHA1算法计算文件file.txt的HASH值,输出到文件digest.txt
    openssl sha1 </span>-out digest.txt <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">.txt
    example2: 用sha1算法为文件file.txt签名,输出到文件rsasign.bin,签名的private key为RSA算法产生的文件rsaprivate.pem
    openssl sha1 </span>-sign rsaprivate.pem -out rsasign.bin <span style="color: #0000ff;line-height: 1.5 !important">file</span><span style="line-height: 1.5 !important">.txt

</span><span style="color: #800080;line-height: 1.5 !important">3</span>. openssl list-cipher-<span style="line-height: 1.5 !important">commands (Cipher命令的列表)
    </span><span style="color: #800080;line-height: 1.5 !important">1</span>) aes-<span style="color: #800080;line-height: 1.5 !important">128</span>-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">2</span>) aes-<span style="color: #800080;line-height: 1.5 !important">128</span>-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">3</span>) aes-<span style="color: #800080;line-height: 1.5 !important">192</span>-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">4</span>) aes-<span style="color: #800080;line-height: 1.5 !important">192</span>-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">5</span>) aes-<span style="color: #800080;line-height: 1.5 !important">256</span>-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">6</span>) aes-<span style="color: #800080;line-height: 1.5 !important">256</span>-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">7</span><span style="line-height: 1.5 !important">) base64
    </span><span style="color: #800080;line-height: 1.5 !important">8</span><span style="line-height: 1.5 !important">) bf
    </span><span style="color: #800080;line-height: 1.5 !important">9</span>) bf-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">10</span>) bf-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">11</span>) bf-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">12</span>) bf-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">13</span><span style="line-height: 1.5 !important">) cast
    </span><span style="color: #800080;line-height: 1.5 !important">14</span>) cast-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">15</span>) cast5-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">16</span>) cast5-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">17</span>) cast5-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">18</span>) cast5-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">19</span><span style="line-height: 1.5 !important">) des
    </span><span style="color: #800080;line-height: 1.5 !important">20</span>) des-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">21</span>) des-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">22</span>) des-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">23</span>) des-<span style="line-height: 1.5 !important">ede
    </span><span style="color: #800080;line-height: 1.5 !important">24</span>) des-ede-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">25</span>) des-ede-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">26</span>) des-ede-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">27</span>) des-<span style="line-height: 1.5 !important">ede3
    </span><span style="color: #800080;line-height: 1.5 !important">28</span>) des-ede3-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">29</span>) des-ede3-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">30</span>) des-ede3-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">31</span>) des-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">32</span><span style="line-height: 1.5 !important">) des3
    </span><span style="color: #800080;line-height: 1.5 !important">33</span><span style="line-height: 1.5 !important">) desx
    </span><span style="color: #800080;line-height: 1.5 !important">34</span><span style="line-height: 1.5 !important">) rc2
    </span><span style="color: #800080;line-height: 1.5 !important">35</span>) rc2-<span style="color: #800080;line-height: 1.5 !important">40</span>-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">36</span>) rc2-<span style="color: #800080;line-height: 1.5 !important">64</span>-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">37</span>) rc2-<span style="line-height: 1.5 !important">cbc
    </span><span style="color: #800080;line-height: 1.5 !important">38</span>) rc2-<span style="line-height: 1.5 !important">cfb
    </span><span style="color: #800080;line-height: 1.5 !important">39</span>) rc2-<span style="line-height: 1.5 !important">ecb
    </span><span style="color: #800080;line-height: 1.5 !important">40</span>) rc2-<span style="line-height: 1.5 !important">ofb
    </span><span style="color: #800080;line-height: 1.5 !important">41</span><span style="line-height: 1.5 !important">) rc4
    </span><span style="color: #800080;line-height: 1.5 !important">42</span>) rc4-<span style="color: #800080;line-height: 1.5 !important">40</span>