linux openssl tool

openssl中RSA文件格式解析

私钥

私钥里面包含的内容有:
1.version:版本号
2.modulus:RSA的合数模n
3.public exponent:RSA的公开幂e
4.private exponent:RSA的私有幂d
5.prime1:n的素数因子p
6.prime2:n的素数因子q
7.exponent1:为d mod (p - 1)
8.exponent2:为d mod (q - 1)
9.coefficient:是CRT系数q-1 mod p
10.other prime infos:按顺序包含了其他素数r3,…,ru的信息。
如果version是0,它应该被忽略。
如果version是1,它至少包含一个other prime info。

other prime info里包含的内容:
1.prime:是n的一个素数因子ri,其中i>=3。
2.exponent:是di = d mod (ri - 1)。
3.coefficient:是CRT系数 ti = (r1r2…ri-1)-1 mod ri

linux下openssl生成RSA私钥:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
私钥无加密:
openssl genrsa -out rsa_private.key 2048

私钥加密(使用aes256加密):
openssl genrsa -aes256 -out rsa_aes_private.key 2048
然后输入aes加密的密码,或者
openssl genrsa -aes256 -passout pass:11111 -out rsa_aes_private.key 2048
其中 passout 代替shell 进行密码输入。
密钥生成后的内容如下:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,BF1965D1DF10F2C693CD549C3B0EAF81
Base64 Encoded Data
-----END RSA PRIVATE KEY-----

查看私钥明细:

1
2
3
openssl rsa -in rsa_private.key -noout -text
或:
openssl rsa -in rsa_aes_private.key -text -out private.txt

使用-pubin参数可查看公钥明细

公钥

公钥里面包含的内容有:
1.modulus:RSA的合数模n
2.public exponent:RSA的公开幂e

linux下openssl根据RSA私钥生成公钥:

1
2
3
4
5
6
7
8
私钥无加密:
openssl rsa -in rsa_private.key -pubout -out rsa_public.key

私钥加密:
openssl rsa -in rsa_aes_private.key -pubout -out rsa_public.key
然后输入aes加密的密码,或者
openssl rsa -in rsa_aes_private.key -passin pass:11111 -pubout -out rsa_public.key
其中 passout 代替shell 进行密码输入。

转换命令

1.私钥转非加密

1
openssl rsa -in rsa_aes_private.key -passin pass:11111 -out rsa_private.key

2.私钥转加密

1
openssl rsa -in rsa_private.key -aes256 -passout pass:11111 -out rsa_aes_private.key

3.私钥PEM转DER

1
openssl rsa -in rsa_private.key -outform der-out rsa_aes_private.der

-inform和-outform 参数制定输入输出格式,由der转pem格式同理。
4.私钥PKCS#1转PKCS#8

1
openssl pkcs8 -topk8 -in rsa_private.key -passout pass:111111 -out pkcs8_private.key

其中-passout指定了密码,输出的pkcs8格式密钥为加密形式,pkcs8默认采用des3 加密算法。
内容如下:

1
2
3
-----BEGIN ENCRYPTED PRIVATE KEY-----
Base64 Encoded Data
-----END ENCRYPTED PRIVATE KEY-----

使用-nocrypt参数可以输出无加密的pkcs8密钥,内容如下:

1
2
3
-----BEGIN PRIVATE KEY-----
Base64 Encoded Data
-----END PRIVATE KEY-----

自签名证书

1.生成 RSA 私钥和自签名证书:

1
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt

req是证书请求的子命令,-newkey rsa:2048 -keyout private_key.pem 表示生成私钥(PKCS8格式),-nodes 表示私钥不加密,若不带参数将提示输入密码;
-x509表示输出证书,-days365 为有效期,此后根据提示输入证书拥有者信息;
若执行自动输入,可使用-subj选项:

1
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=SH/L=SHZ/O=SHU/OU=lib/CN=mrbluyee/emailAddress=mr.bluyee@hotmail.com"

2.使用 已有RSA 私钥生成自签名证书

1
openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt

-new 指生成证书请求,加上-x509 表示直接输出证书,-key 指定私钥文件,其余选项与上述命令相同。

3.证书查看及转换
查看证书细节

1
openssl x509 -in cert.crt -noout -text

转换证书编码格式

1
openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem

合成 pkcs#12 证书(含私钥)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
a.将 pem 证书和私钥转 pkcs#12 证书:
openssl pkcs12 -export -in server.crt -inkey server.key -passin pass:11111 -password pass:11111 -out server.p12
其中-export指导出pkcs#12 证书,-inkey 指定了私钥文件,-passin 为私钥(文件)密码(nodes为无加密),-password 指定 p12文件的密码(导入导出)

b.将 pem 证书和私钥/CA 证书 合成pkcs#12 证书:
openssl pkcs12 -export -in server.crt -inkey server.key -passin pass:11111 \
    -chain -CAfile ca.crt -password pass:11111 -out server-all.p12
其中-chain指示同时添加证书链,-CAfile 指定了CA证书,导出的p12文件将包含多个证书。(其他选项:-name可用于指定server证书别名;-caname用于指定ca证书别名)

c.pcks#12 提取PEM文件(含私钥) 
openssl pkcs12 -in server.p12 -password pass:11111 -passout pass:11111 -out out/server.pem
其中-password 指定 p12文件的密码(导入导出),-passout指输出私钥的加密密码(nodes为无加密)
导出的文件为pem格式,同时包含证书和私钥(pkcs#8)

仅提取私钥
openssl pkcs12 -in server.p12 -password pass:11111 -passout pass:11111 -nocerts -out out/key.pem

仅提取证书(所有证书)
openssl pkcs12 -in server.p12 -password pass:11111 -nokeys -out out/key.pem

仅提取ca证书
openssl pkcs12 -in server-all.p12 -password pass:11111 -nokeys -cacerts -out out/cacert.pem 

仅提取server证书
openssl pkcs12 -in server-all.p12 -password pass:11111 -nokeys -clcerts -out out/cert.pem

签名请求及CA签名

使用 RSA私钥生成 CSR 签名请求

1
2
openssl genrsa -aes256 -passout pass:11111 -out server.key 2048
openssl req -new -key server.key -out server.csr

此后输入密码、server证书信息完成,也可以命令行指定各类参数。

1
openssl req -new -key server.key -passin pass:111111 -out server.csr -subj "/C=CN/ST=SH/L=SHZ/O=SHU/OU=lib/CN=mrbluyee/emailAddress=mr.bluyee@hotmail.com"

此时生成的 csr签名请求文件可提交至 CA进行签发

python openssl lib

依赖

1
openssl

证书操作

RSA2048

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# -*- coding: UTF-8 -*-

__author__ = 'Mr.Bluyee'

import OpenSSL
import os
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes

class Cert_File(object):

    """docstring for Cert_File"""

    def __init__(self, cert_file_name):
        super(Cert_File, self).__init__()
        self.cert_file_name = cert_file_name
        with open(self.cert_file_name) as f:
            self.cert_pem = f.read()
        self.cert_X509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,self.cert_pem)
        self.cert_X509_subject = self.cert_X509.get_subject()
        self.cert_X509_issuer = self.cert_X509.get_issuer()
        self.cert_X509_version = self.cert_X509.get_version()
        self.cert_X509_subject_components = self.cert_X509_subject.get_components()
        self.cert_X509_issuer_components = self.cert_X509_issuer.get_components()

        self.cert_X509_digest = self.cert_X509.digest('SHA256')
        self.cert_X509_hash = self.cert_X509.subject_name_hash()
        self.cert_X509_extension_count = self.cert_X509.get_extension_count()
        self.cert_X509_extension = []
        for i in range(self.cert_X509_extension_count):
            self.cert_X509_extension.append(self.cert_X509.get_extension(i))
        self.cert_X509_not_after = self.cert_X509.get_notAfter()
        self.cert_X509_not_before = self.cert_X509.get_notBefore()
        self.cert_X509_serial_number = self.cert_X509.get_serial_number()
        self.cert_X509_signature_algorithm = self.cert_X509.get_signature_algorithm()

        self.cert_X509_pubkey = self.cert_X509.get_pubkey()
        self.cert_X509_pubkey_bits = self.cert_X509_pubkey.bits()
        self.cert_X509_pubkey_type = self.cert_X509_pubkey.type()
        self.cert_X509_pubkey_dump = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, self.cert_X509_pubkey)
        self.cryptography_public_key = self.cert_X509_pubkey.to_cryptography_key()
        self.cryptography_public_key_numbers = self.cryptography_public_key.public_numbers()
        self.cryptography_public_key_numbers_n = self.cryptography_public_key_numbers.n
        self.cryptography_public_key_numbers_exponent = self.cryptography_public_key_numbers.e
        self.cryptography_public_key_numbers_modulus = self.cryptography_public_key_numbers_n.to_bytes(257, byteorder= 'big')

    def print_cert(self):
        print("Version: " + str(self.cert_X509_version))
        print("Serial Number: " + str(self.cert_X509_serial_number))
        print("Signature Algorithm: " + self.cert_X509_signature_algorithm.decode())
        Issuer = [item[0].decode() + "=" + item[1].decode() for item in self.cert_X509_issuer_components]
        print("Issuer: " + ", ".join(Issuer))
        print("Validity:")
        print("Not Before: " + self.cert_X509_not_before.decode())
        print("Not After : " + self.cert_X509_not_after.decode())
        Subject = [item[0].decode() + "=" + item[1].decode() for item in self.cert_X509_subject_components]
        print("Subject: " + ", ".join(Subject))  
        print("Public Key: (" + str(self.cert_X509_pubkey_bits) + "bytes)")
        if self.cert_X509_pubkey_type == OpenSSL.crypto.TYPE_RSA:
            print("Public Key type: RSA")
        elif self.cert_X509_pubkey_type == OpenSSL.crypto.TYPE_DSA:
            print("Public Key type: DSA")
        print(self.cert_X509_pubkey_dump.decode())
        print("Public Key modulus: ")
        l = [hex(i) for i in self.cryptography_public_key_numbers_modulus]
        print(l)
        print("Public Key exponent: " + str(self.cryptography_public_key_numbers_exponent))
        print("X509 extensions:")
        for index,value in enumerate(self.cert_X509_extension):
            if index == 0:
                print("X509v3 Subject Key Identifier: ")
            elif index == 1:
                print("X509v3 Authority Key Identifier: ")
            elif index == 2:
                print("X509v3 Basic Constraints: critical")
            print(value)

    def print_cert_to_file(self,filename = None):
        f_name = ''
        if filename != None:
            f_name = filename
        else:
            f_name = os.path.splitext(self.cert_file_name)[0] + '.txt'
        with open(f_name,"w") as f:
            f.write(self.cert_file_name + '\n')
            f.write("Version: " + str(self.cert_X509_version)+ '\n')
            f.write("Serial Number: " + str(self.cert_X509_serial_number)+ '\n')
            f.write("Signature Algorithm: " + self.cert_X509_signature_algorithm.decode() + '\r\n')
            Issuer = [item[0].decode() + "=" + item[1].decode() for item in self.cert_X509_issuer_components]
            f.write("Issuer: " + ", ".join(Issuer) + '\r\n')
            f.write("Validity:\n")
            f.write("Not Before: " + self.cert_X509_not_before.decode() + '\n')
            f.write("Not After : " + self.cert_X509_not_after.decode() + '\n')
            Subject = [item[0].decode() + "=" + item[1].decode() for item in self.cert_X509_subject_components]
            f.write("Subject: " + ", ".join(Subject) + '\r\n')
            f.write("Public Key: (" + str(self.cert_X509_pubkey_bits) + "bytes)" + '\n')
            if self.cert_X509_pubkey_type == OpenSSL.crypto.TYPE_RSA:
                f.write("Public Key type: RSA" + '\r\n')
            elif self.cert_X509_pubkey_type == OpenSSL.crypto.TYPE_DSA:
                f.write("Public Key type: DSA" + '\r\n')
            f.write("Public Key dump: \n")
            f.write(self.cert_X509_pubkey_dump.decode())
            f.write("\n")
            f.write("Public Key modulus: \n")
            f.write(','.join([hex(i) for i in self.cryptography_public_key_numbers_modulus]))
            f.write("\r\n")
            f.write("Public Key exponent: " + str(self.cryptography_public_key_numbers_exponent) + "\r\n")
            f.write("X509 extensions:\n")
            for index,value in enumerate(self.cert_X509_extension):
                if index == 0:
                    f.write("X509v3 Subject Key Identifier: \n")
                elif index == 1:
                    f.write("X509v3 Authority Key Identifier: \n")
                elif index == 2:
                    f.write("X509v3 Basic Constraints: critical\n")
                f.write(str(value))
                f.write("\n")
            f.write("\r\n")

    def verify(self,message,signature):
        return self.cryptography_public_key.verify( \
            signature, \
            message, \
            padding.PSS( \
            mgf=padding.MGF1(hashes.SHA256()), \
            salt_length=padding.PSS.MAX_LENGTH \
            ), \
            hashes.SHA256() \
        )
            
    def encrypt(self,message):
        return self.cryptography_public_key.encrypt( \
            message, \
            padding.OAEP( \
            mgf=padding.MGF1(algorithm=hashes.SHA256()), \
            algorithm=hashes.SHA256(), \
            label=None \
            )\
        )

def main():
    cert1 = Cert_File('cert.crt')
    cert1.print_cert()
    cert1.print_cert_to_file()

if __name__ == '__main__':
    main()

私钥操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# -*- coding: UTF-8 -*-

__author__ = 'Mr.Bluyee'

import OpenSSL
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
import os

class RSA_PRIVATE_KEY(object):

    """docstring for RSA_PRIVATE_KEY"""

    def __init__(self, key_filename, passwd = None):
        super(RSA_PRIVATE_KEY, self).__init__()
        self.key_filename = key_filename
        with open(self.key_filename,"rb") as f:
            self.private_key = serialization.load_pem_private_key( \
                f.read(), \
                password = passwd.encode(), \
                backend = default_backend() \
            )
        self.private_key_numbers = self.private_key.private_numbers()
        self.private_key_numbers_public_numbers = self.private_key_numbers.public_numbers
        self.private_key_numbers_modulus = self.private_key_numbers_public_numbers.n.to_bytes(257, byteorder= 'big')
        self.private_key_numbers_public_exponent = self.private_key_numbers_public_numbers.e
        self.private_key_numbers_dbytes = self.private_key_numbers.d.to_bytes(256, byteorder= 'big')
        self.private_key_numbers_pbytes = self.private_key_numbers.p.to_bytes(129, byteorder= 'big')
        self.private_key_numbers_qbytes = self.private_key_numbers.q.to_bytes(129, byteorder= 'big')
        self.private_key_numbers_dmp1 = self.private_key_numbers.dmp1.to_bytes(128, byteorder= 'big')
        self.private_key_numbers_dmq1 = self.private_key_numbers.dmq1.to_bytes(128, byteorder= 'big')
        self.private_key_numbers_iqmp = self.private_key_numbers.iqmp.to_bytes(129, byteorder= 'big')

    def print_key_message(self):
        print("key size: " + str(self.private_key.key_size))
        print("modulus:")
        print([hex(i) for i in self.private_key_numbers_modulus])
        print("public exponent: " + str(self.private_key_numbers_public_exponent))
        print("privateExponent INTEGER(d):")  #RSA的私有幂d。
        print([hex(i) for i in self.private_key_numbers_dbytes])
        print("prime1 INTEGER(p):")  #n的素数因子p。
        print([hex(i) for i in self.private_key_numbers_pbytes])
        print("prime2 INTEGER(q):")  #n的素数因子q。
        print([hex(i) for i in self.private_key_numbers_qbytes])
        print("exponent1:")  #等于d mod (p − 1)
        print([hex(i) for i in self.private_key_numbers_dmp1])
        print("exponent2:")  #等于d mod (q − 1)。
        print([hex(i) for i in self.private_key_numbers_dmq1])
        print("coefficient:")  #CRT系数 q–1 mod p。
        print([hex(i) for i in self.private_key_numbers_iqmp])

    def print_key_message_to_file(self,filename = None):
        f_name = ''
        if filename != None:
            f_name = filename
        else:
            f_name = os.path.splitext(self.key_filename)[0] + '.txt'
        with open(f_name,"w") as f:
            f.write(self.key_filename + '\r\n')
            f.write("key size: " + str(self.private_key.key_size))
            f.write("\r\n")
            f.write("modulus:\n")
            f.write(','.join([hex(i) for i in self.private_key_numbers_modulus]))
            f.write("\r\n")
            f.write("public exponent: " + str(self.private_key_numbers_public_exponent))
            f.write("\r\n")
            f.write("privateExponent INTEGER(d):\n")
            f.write(','.join([hex(i) for i in self.private_key_numbers_dbytes]))
            f.write("\r\n")
            f.write("prime1 INTEGER(p):\n")
            f.write(','.join([hex(i) for i in self.private_key_numbers_pbytes]))   
            f.write("\r\n") 
            f.write("prime2 INTEGER(q):\n")
            f.write(','.join([hex(i) for i in self.private_key_numbers_qbytes]))
            f.write("\r\n")
            f.write("exponent1:\n")      
            f.write(','.join([hex(i) for i in self.private_key_numbers_dmp1]))
            f.write("\r\n")
            f.write("exponent2:\n") 
            f.write(','.join([hex(i) for i in self.private_key_numbers_dmq1])) 
            f.write("\r\n")
            f.write("coefficient:\n") 
            f.write(','.join([hex(i) for i in self.private_key_numbers_iqmp])) 
            f.write("\r\n")

    def sign(self,message):
        return self.private_key.sign( \
            message, \
            padding.PSS( \
            mgf=padding.MGF1(hashes.SHA256()), \
            salt_length=padding.PSS.MAX_LENGTH \
            ), \
            hashes.SHA256() \
        )

    def decrypt(self,ciphertext):
        return self.private_key.decrypt( \
            ciphertext, \
            padding.OAEP( \
            mgf=padding.MGF1(algorithm=hashes.SHA256()), \
            algorithm=hashes.SHA256(), \
            label=None \
            ) \
        )

def main():
    rsa_private_key = RSA_PRIVATE_KEY("rsa_aes_private.key","1111")
    rsa_private_key.print_key_message()
    rsa_private_key.print_key_message_to_file()

if __name__ == '__main__':
    main()

公钥操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# -*- coding: UTF-8 -*-

__author__ = 'Mr.Bluyee'

import OpenSSL
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
import os

class RSA_PUBLIC_KEY(object):

    """docstring for RSA_PUBLIC_KEY"""

    def __init__(self, key_filename):
        super(RSA_PUBLIC_KEY, self).__init__()
        self.key_filename = key_filename
        with open(self.key_filename,"rb") as f:
            self.public_key = serialization.load_pem_public_key( \
                f.read(), \
                backend = default_backend() \
            )
        self.public_key_numbers = self.public_key.public_numbers()
        self.public_key_numbers_modulus = self.public_key_numbers.n.to_bytes(257, byteorder= 'big')
        self.public_key_numbers_exponent = self.public_key_numbers.e

    def print_key_message(self):
        print("key size: " + str(self.public_key.key_size))
        print("modulus:")
        print([hex(i) for i in self.public_key_numbers_modulus])
        print("public exponent: " + str(self.public_key_numbers_exponent))

    def print_key_message_to_file(self,filename = None):
        f_name = ''
        if filename != None:
            f_name = filename
        else:
            f_name = os.path.splitext(self.key_filename)[0] + '.txt'
        with open(f_name,"w") as f:
            f.write(self.key_filename + '\r\n')
            f.write("key size: " + str(self.public_key.key_size))
            f.write("\r\n")
            f.write("modulus:\n")
            f.write(','.join([hex(i) for i in self.public_key_numbers_modulus]))
            f.write("\r\n")
            f.write("public exponent: " + str(self.public_key_numbers_exponent))
            f.write("\r\n")

    def verify(self,message,signature):
        return self.public_key.verify( \
            signature, \
            message, \
            padding.PSS( \
            mgf=padding.MGF1(hashes.SHA256()), \
            salt_length=padding.PSS.MAX_LENGTH \
            ), \
            hashes.SHA256() \
        )
            
    def encrypt(self,message):
        return self.public_key.encrypt( \
            message, \
            padding.OAEP( \
            mgf=padding.MGF1(algorithm=hashes.SHA256()), \
            algorithm=hashes.SHA256(), \
            label=None \
            )\
        )

def main():
    rsa_public_key = RSA_PUBLIC_KEY("rsa_public.key")
    rsa_public_key.print_key_message()
    rsa_public_key.print_key_message_to_file()

if __name__ == '__main__':
    main()

RSA test

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# -*- coding: UTF-8 -*-

__author__ = 'Mr.Bluyee'

from rsa_private_key_handle import RSA_PRIVATE_KEY
from rsa_public_key_handle import RSA_PUBLIC_KEY
from rsa_cert_file_handle import Cert_File

def main():
    message = "hello mrbluyee."
    rsa_private_key = RSA_PRIVATE_KEY("rsa_aes_private.key","1111")
    rsa_public_key = RSA_PUBLIC_KEY("rsa_public.key")
    cert1 = Cert_File('cert.crt')

    message_sign = rsa_private_key.sign(message.encode())
    print("message_sign:")
    print([hex(i) for i in message_sign])

    message_encrypt0 = rsa_public_key.encrypt(message.encode())
    print("message_encrypt0:")
    print([hex(i) for i in message_encrypt0])

    message_verify0 = rsa_public_key.verify(message.encode(),message_sign)
    print("message verify0:")
    print(message_verify0)

    message_encrypt1 = cert1.encrypt(message.encode())
    print("message_encrypt1:")
    print([hex(i) for i in message_encrypt1])

    message_verify1 = cert1.verify(message.encode(),message_sign)
    print("message verify1:")
    print(message_verify1)    

    message_decrypt0 = rsa_private_key.decrypt(message_encrypt0)
    print("message decrypt0:")
    print(message_decrypt0.decode())

    message_decrypt1 = rsa_private_key.decrypt(message_encrypt1)
    print("message decrypt1:")
    print(message_decrypt1.decode())

if __name__ == '__main__':
    main()

运行结果显示:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
message_sign:
['0x80', '0x35', '0xb9', '0x97', '0x16', '0x70', '0x69', '0xb9', '0x99', '0x9f', '0xeb', '0x8b', '0x33', '0xd9', '0x3a', '0xf2', '0x17', '0x62', '0xbd', '0x33', '0xb7', '0xe8', '0x38', '0x24', '0xb1', '0x74', '0x28', '0xf8', '0xe9', '0xc3', '0xb5', '0x12', '0x2', '0x1', '0x64', '0xac', '0xf2', '0xa1', '0xef', '0xc5', '0xa6', '0x34', '0x5e', '0x18', '0x9b', '0x52', '0x12', '0xee', '0x17', '0x59', '0xdc', '0x2c', '0x6a', '0x8b', '0x26', '0x8d', '0xd1', '0xef', '0xb0', '0xf1', '0x44', '0x77', '0xad', '0x3', '0xe', '0xfb', '0x3f', '0x49', '0xd6', '0x1d', '0x57', '0xa9', '0x29', '0x69', '0xd7', '0x4c', '0xf7', '0x52', '0x53', '0x40', '0x61', '0x65', '0xe7', '0x18', '0x47', '0x5f', '0x5a', '0xa5', '0x60', '0x8f', '0x2b', '0x30', '0x48', '0x55', '0x11', '0x18', '0x92', '0x8b', '0xa9', '0xb5', '0xe6', '0x7', '0x78', '0xe4', '0x21', '0x5', '0xe1', '0x82', '0xd6', '0x9b', '0x59', '0x4c', '0x71', '0x90', '0x7b', '0x5', '0x72', '0x10', '0xe8', '0xee', '0xea', '0x74', '0x35', '0x6f', '0xbb', '0x17', '0x19', '0xf', '0xda', '0x14', '0xeb', '0xb6', '0x23', '0xe8', '0x8f', '0xaa', '0x9', '0xcf', '0x1f', '0x8', '0xdf', '0x8d', '0xe8', '0xdb', '0x25', '0xb8', '0x31', '0x60', '0x94', '0xce', '0x4c', '0xcc', '0x22', '0x3b', '0x12', '0x81', '0x8b', '0x25', '0x45', '0x94', '0xeb', '0xea', '0x10', '0xc2', '0xea', '0xb', '0x95', '0x3f', '0x58', '0x85', '0x7c', '0x7a', '0x9b', '0x66', '0x5b', '0x72', '0xcd', '0xf7', '0x7e', '0xb0', '0x40', '0x11', '0x7a', '0xc', '0xb4', '0x3b', '0xb9', '0xba', '0x9a', '0xce', '0x8f', '0x2f', '0x71', '0xaf', '0x9a', '0x43', '0x5a', '0x61', '0x6e', '0x96', '0xa5', '0x7e', '0xb0', '0x70', '0x17', '0xa6', '0xa7', '0xd3', '0x7b', '0x12', '0xba', '0xce', '0x14', '0xf5', '0x97', '0x32', '0xee', '0x66', '0xb2', '0x50', '0x87', '0x46', '0x3e', '0x4f', '0x3', '0x87', '0xb7', '0x4d', '0xb7', '0xc', '0xee', '0xff', '0xb3', '0xb6', '0x8b', '0x26', '0x9c', '0x3d', '0xab', '0x59', '0xb4', '0x77', '0xe8', '0xa0', '0x8c', '0x45', '0x25', '0xdf', '0x8d', '0x3a', '0x28', '0x6', '0x4f', '0xb2', '0xf4', '0xd1']
message_encrypt0:
['0x80', '0xd1', '0x32', '0xca', '0xee', '0x1d', '0x7', '0x7a', '0x30', '0x30', '0x1e', '0x21', '0xa3', '0x39', '0x7b', '0x89', '0x22', '0x49', '0xef', '0xfc', '0xf0', '0xcd', '0x60', '0xc6', '0xa', '0xc', '0x70', '0xd6', '0xc8', '0xb9', '0x6f', '0x3f', '0x2a', '0x74', '0x5a', '0x2d', '0xfd', '0x7d', '0xb5', '0xe7', '0xa', '0xd3', '0xb5', '0xb3', '0x9b', '0x82', '0xa6', '0xe6', '0x89', '0x1e', '0x5c', '0xd2', '0xa7', '0x5c', '0x6a', '0xd0', '0xe1', '0x6c', '0x66', '0xf8', '0x53', '0xc1', '0x7a', '0x66', '0x56', '0x32', '0xf6', '0xfd', '0x57', '0x31', '0xb2', '0xb5', '0x16', '0xe', '0x28', '0x6e', '0xcc', '0x63', '0x61', '0xed', '0x31', '0x5b', '0xb4', '0x80', '0xf9', '0xa8', '0xd8', '0xe5', '0x81', '0xda', '0x6', '0x49', '0xb2', '0xd9', '0x1d', '0xd5', '0x9f', '0x88', '0x3e', '0xb1', '0x7', '0x65', '0xe2', '0xce', '0x26', '0x98', '0x45', '0x40', '0x69', '0x62', '0x9d', '0x95', '0xa2', '0xf0', '0x56', '0xd9', '0xc', '0xe5', '0xea', '0x85', '0xf9', '0x7a', '0x96', '0x2a', '0x73', '0x7e', '0xb5', '0x94', '0xef', '0x12', '0xf1', '0x7b', '0x44', '0xdb', '0x4c', '0x9d', '0x9a', '0x3a', '0x78', '0x45', '0x11', '0xc0', '0x61', '0x5d', '0x4', '0xb7', '0x3d', '0x89', '0xb2', '0x51', '0xd3', '0xbc', '0x66', '0xb8', '0xb', '0xfd', '0xe4', '0x92', '0xc', '0x21', '0x7', '0x32', '0x61', '0x25', '0x5f', '0xaa', '0xf', '0xa8', '0x70', '0x14', '0x19', '0xb7', '0xab', '0x3', '0x4f', '0x3c', '0xef', '0x51', '0x56', '0x84', '0x67', '0xdd', '0x3a', '0x14', '0xea', '0x77', '0x0', '0x18', '0x5a', '0x59', '0x99', '0xb1', '0xb0', '0x56', '0x12', '0x8f', '0xf0', '0xab', '0x8b', '0xc4', '0x6a', '0x91', '0x62', '0xe1', '0x4d', '0xac', '0x61', '0x20', '0xe5', '0xf0', '0xc8', '0x17', '0x6', '0x72', '0x3e', '0xb8', '0x37', '0x0', '0x63', '0x5c', '0xde', '0x70', '0x37', '0x47', '0x19', '0x1c', '0x3d', '0xf3', '0x35', '0xcd', '0x0', '0xe1', '0xe3', '0x2b', '0x8a', '0xe1', '0x2f', '0xc7', '0xf2', '0xd3', '0xef', '0xae', '0xcc', '0x7a', '0x35', '0x38', '0xc4', '0x2e', '0x25', '0x31', '0x6d', '0x94', '0x5', '0xb8', '0xb1', '0x90']
message verify0:
None
message_encrypt1:
['0x68', '0xf9', '0x6b', '0xb2', '0xa3', '0x6b', '0x32', '0x8e', '0x52', '0x71', '0xb8', '0x68', '0x2b', '0x52', '0xb6', '0xca', '0x76', '0x9c', '0xba', '0xa5', '0x48', '0x4b', '0x5b', '0x5d', '0xb2', '0xce', '0xad', '0xea', '0x78', '0x4b', '0x6d', '0x2b', '0x99', '0xb8', '0xee', '0x22', '0x8b', '0xf4', '0xa8', '0xaf', '0x2e', '0xa1', '0xd9', '0xd7', '0x10', '0x9b', '0x12', '0x1f', '0xfb', '0x6d', '0x7b', '0xb0', '0x96', '0x41', '0xd0', '0x65', '0xba', '0x9', '0x51', '0xde', '0xa0', '0xa3', '0x70', '0x9d', '0xe', '0x68', '0xa7', '0x36', '0xb4', '0xef', '0xb5', '0x7e', '0x18', '0x31', '0x2', '0x79', '0x9f', '0xeb', '0x1d', '0x6', '0x7e', '0xde', '0x14', '0xa0', '0xb5', '0x9b', '0xb', '0x96', '0xf3', '0x5', '0x2e', '0x62', '0x56', '0x22', '0xe0', '0x6f', '0x25', '0x22', '0xc5', '0x46', '0x1e', '0x7a', '0xa6', '0x68', '0x29', '0x8c', '0xe5', '0x92', '0x47', '0x47', '0xb7', '0x3e', '0xc5', '0x47', '0xb4', '0x4b', '0x4d', '0xbf', '0x16', '0xcb', '0x9', '0x55', '0xff', '0xf9', '0x23', '0x99', '0xdd', '0x87', '0x80', '0xfe', '0xde', '0x2d', '0x2b', '0xa2', '0x80', '0x7', '0x47', '0x7b', '0x81', '0xb5', '0x36', '0x95', '0x1f', '0x6e', '0xea', '0xea', '0xd5', '0x3f', '0xd5', '0xc8', '0x58', '0x2f', '0xfc', '0x26', '0x1', '0x39', '0x87', '0x56', '0xa8', '0xed', '0xcc', '0x52', '0xad', '0x96', '0x19', '0xeb', '0xbf', '0x7b', '0x33', '0x74', '0xa3', '0xae', '0x23', '0x4d', '0xcf', '0xb', '0xbb', '0x19', '0xc1', '0x1a', '0xdf', '0x1c', '0xb5', '0xd8', '0x0', '0x21', '0x4f', '0x5a', '0xf7', '0xdf', '0xb0', '0xed', '0x6f', '0x58', '0x3d', '0xf9', '0x88', '0x9', '0x34', '0xa', '0xd5', '0xb0', '0xd6', '0xbd', '0xc8', '0xaf', '0x37', '0x15', '0xb7', '0x8c', '0x7d', '0xdc', '0xd4', '0xea', '0xad', '0xd9', '0xcd', '0x91', '0xeb', '0xe8', '0x85', '0xe5', '0xb0', '0xdd', '0xd9', '0xa9', '0x28', '0x2f', '0xcf', '0xd9', '0xa5', '0x1d', '0x21', '0x8a', '0x11', '0x54', '0xce', '0x92', '0x62', '0xb8', '0x9b', '0xd3', '0xad', '0x7d', '0x26', '0xa4', '0x1d', '0x57', '0x35', '0xa', '0xf', '0x33', '0x75', '0x60', '0x28', '0x9']
message verify1:
None
message decrypt0:
hello mrbluyee.
message decrypt1:
hello mrbluyee.

文章部分内容整理自:
使用 openssl 生成证书(含openssl详解)