openssl中-nodes参数的目的是什么? [英] What is the purpose of the -nodes argument in openssl?

问题描述

openssl中-nodes参数的目的是什么?

What is the purpose of the -nodes argument in openssl?

推荐答案

选项-nodes不是英语单词"nodes"，而是"no DES".当作为参数给出时，这意味着OpenSSL不会对 PKCS#12 文件中的私钥进行加密

The option -nodes is not the English word "nodes", but rather is "no DES". When given as an argument, it means OpenSSL will not encrypt the private key in a PKCS#12 file.

要加密私钥，您可以省略-nodes，并且您的密钥将使用3DES-CBC进行加密.要加密密钥，OpenSSL会提示您输入密码，并使用该密码通过密钥派生功能 EVP_BytesToKey .

To encrypt the private key, you can omit -nodes and your key will be encrypted with 3DES-CBC. To encrypt the key, OpenSSL prompts you for a password and it uses that password to generate an encryption key using the key-derivation function EVP_BytesToKey.

根据您的OpenSSL版本和编译选项，您可能可以提供这些选项来代替-nodes:

Depending on your version of OpenSSL and compiled options, you may be able to provide these options in place of -nodes:

-des          encrypt private keys with DES
-des3         encrypt private keys with triple DES (default)
-idea         encrypt private keys with idea
-seed         encrypt private keys with seed
-aes128, -aes192, -aes256
              encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
              encrypt PEM output with cbc camellia

最终，在库级别，OpenSSL使用以下命令调用函数 PEM_write_bio_PrivateKey 您选择的加密算法(或缺少加密算法).

Ultimately at the library level OpenSSL calls the function PEM_write_bio_PrivateKey with the encryption algorithm (or lack thereof) you choose.

这篇关于openssl中-nodes参数的目的是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！