一、简介
消息摘要可以对任意长度的消息产生固定长度(16或20个字节)的信息摘要,理论基于单向HASH函数,根据消息摘要无法恢复出原文,所以是安全的;消息原文和消息摘要是一一对应的,所以又被称作指纹。
二、语法
openssl dgst[-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1] [-c] [-d] [-hex] [-binary] [-out filename] [-sign filename] [-keyform arg] [-passin arg] [-verify filename] [-prverify filename] [-signature filename] [-hmac key] [file...]
选项
-c to output the digest with separating colons
-r to output the digest in coreutils format
-d to output debug info
-hex output as hex dump
-binary output in binary form
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-out filename output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v signature parameter
-hmac key create hashed MAC with key
-mac algorithm create MAC (not neccessarily HMAC)
-macopt nm:v MAC algorithm parameters or key
-engine e use engine e, possibly a hardware device.
-md4 to use the md4 message digest algorithm
-md5 to use the md5 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
-sha to use the sha message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-whirlpool to use the whirlpool message digest algorithm
三、实例
1、对文件进行消息摘要
openssl dgst -md5 test.txt
2、用私钥对消息摘要进行签名,并用公钥进行验签
openssl dgst -md5 -sign prikey.pem -out sign.binary test.txt
openssl dgst -md5 -verify pubkey.pem -signature sign.binary test.txt
3、消息认证码
openssl dgst -md5 -hmac "" test.txt
