[JAVA] Check once again about the OpenSSL command

It is OpenSSL that can create a private key and CSR, but I often do not understand the meaning of the command and tend to copy and paste, so check again

Creating a digest

Generate a SHA256 character string from the current date. Not sure if you need to specify an encryption algorithm here

$ date | openssl dgst -sha256 > sample.dat
$ less random.dat
(stdin)= fcc7bad796f3b5aa20c3481fa2790669ceb9d3d8565091d1f39a50083123ab52

Creating a private key

Create a 2048bit private key from the digest using 3DES (Triple DES).

$ openssl genrsa -rand sample.dat -des3 2048 > sample.key
$ less sample.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CB8C441AE01D6315
yLk0ZJhLYkl8sWJC170WJ2CKIixBy6zlGCEwJCq13N39GUj4Tr20HqRzlbmtKQtv
lz93DjRSQ4uhA2EjwD7JTlHtsxEwhLYW1iKsodzBZ40e0on0sk6kK9i3/WUEHuLK
<<abridgement>>
-----END RSA PRIVATE KEY-----

3DES is as follows. In other words, one encryption key is created using three encryption keys. .. ..

3DES is one of the processing methods devised to improve the security of the encryption method DES (Data Encryption Standard). It is difficult to decrypt by repeating the encryption and decryption process by DES three times using two or three different encryption keys. Source: What is 3DES (Triple DES) --IT Glossary

Creating a CSR

Create a CSR from the private key. The Base64-encoded CSR is called the "PKCS # 10" format. (See RFC-2986)

$ openssl req -new -sha256 -key sample.key -out sample.csr
$ less sample.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC0jCCAboCAQAwYzELMAkGA1UEBhMCYWExCzAJBgNVBAgMAmphMQswCQYDVQQH
DAJqYTELMAkGA1UECgwCamExDDAKBgNVBAsMA2FqYTEMMAoGA1UEAwwDYWphMREw
<<abridgement>>
-----END CERTIFICATE REQUEST-----

$ openssl req -in sample.csr -text

Recommended Posts

Check once again about the OpenSSL command
About the method
About the standard input stream (System.in) once closed
About the package
Output about the method # 2
About the StringBuilder class
Commentary: About the interface
About the asset pipeline
About the function double-java
About the ternary operator
About the length method
About the Kernel module
About the authenticate method.
About the map method
About the ancestors method
[Output] About the database
About the [ruby] operator
About the to_s method.
Command to check the number and status of Java threads