OpenSSL et RSA
Aller à la navigation
Aller à la recherche
On utilisera ici le concept de chiffrage asymetrique.
Génération de la paire de clés
Clé privée
On génère la clé privée : LA PLUS IMPORTANTE avec le commande
openssl genrsa -out private.pem 1024
Le fichier généré ressemble à ceci:
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDd6eQXChY6JDK13iDWE1iTIdV/Xqz3l9igNQJEvS9nnBpuMMpK
DdrbEK6TPXRThKiw28jK3DSJJLZP0xkXmDZyMVdPkn/AUopoi+wgbklU3EGSSN1U
ncYIAO3yJdTgLujGItEqppHmLe6XTz/By0v0WNvQQu9fMaylt2l9BvYn1QIDAQAB
AoGARTHP+Esh4SE2WrUXggjoPoB3RM7tmgpT9qhwu6RN6r2nFCLMgMjPLC2Iccrg
wcYEn5j4hCCjlPvIiR1mno/Msbv10z+o5ElN1gRznKbqVD1hsKFGS1PLvDe7Rqcc
I3R7e2E7QuXehdEkqTHiYd7Dniry/iXNIOJERcoztLSzzCUCQQD0sPliUmAGrZEi
iJvg++cTQpTWVXUyBZpmYNkQ/TbujNlUf9rYUOf1dli/1IXTgbpC0CfkXORaqVM7
tE0JSGzzAkEA6CttLsKHkVOF8QqbzxjmJAWd8B7CXlJF/5RYupv5Eat2yaY79d+I
Z0Q9Bmkew7HC8TZs6pbBc95Apo7njTmqFwJBAOHfsAXcBrqDZDNdqY8Q2akE0EHe
VzXayEFza0zsgdXJfSEseQcwAD+thJVoCDVLTnY4kmqSeVVbcvLtKCPGkJMCQQCV
fyEW8vwIgBfHVmVtvUKz/0nrzGKsCZ45LHTV9Ik074vV3MzPTdivZilFb3r32AcG
+1y20cxPp9VJast/DJqRAkEAlqYQa2pb3CeaXDYjiG7ahg67f2eIuqwwA5M33kC5
GkzQG0dbbPJ4LJ6RS8cNaxa+7rsNu6nytBib5TfZv+Q/Kw==
-----END RSA PRIVATE KEY-----
Ce fichier est assez indigeste. Pour en voir le contenu :
openssl rsa -in private.pem -text -noout
Qui nous donne
RSA Private-Key: (1024 bit, 2 primes)
modulus:
00:dd:e9:e4:17:0a:16:3a:24:32:b5:de:20:d6:13:
58:93:21:d5:7f:5e:ac:f7:97:d8:a0:35:02:44:bd:
2f:67:9c:1a:6e:30:ca:4a:0d:da:db:10:ae:93:3d:
74:53:84:a8:b0:db:c8:ca:dc:34:89:24:b6:4f:d3:
19:17:98:36:72:31:57:4f:92:7f:c0:52:8a:68:8b:
ec:20:6e:49:54:dc:41:92:48:dd:54:9d:c6:08:00:
ed:f2:25:d4:e0:2e:e8:c6:22:d1:2a:a6:91:e6:2d:
ee:97:4f:3f:c1:cb:4b:f4:58:db:d0:42:ef:5f:31:
ac:a5:b7:69:7d:06:f6:27:d5
publicExponent: 65537 (0x10001)
privateExponent:
45:31:cf:f8:4b:21:e1:21:36:5a:b5:17:82:08:e8:
3e:80:77:44:ce:ed:9a:0a:53:f6:a8:70:bb:a4:4d:
ea:bd:a7:14:22:cc:80:c8:cf:2c:2d:88:71:ca:e0:
c1:c6:04:9f:98:f8:84:20:a3:94:fb:c8:89:1d:66:
9e:8f:cc:b1:bb:f5:d3:3f:a8:e4:49:4d:d6:04:73:
9c:a6:ea:54:3d:61:b0:a1:46:4b:53:cb:bc:37:bb:
46:a7:1c:23:74:7b:7b:61:3b:42:e5:de:85:d1:24:
a9:31:e2:61:de:c3:9e:2a:f2:fe:25:cd:20:e2:44:
45:ca:33:b4:b4:b3:cc:25
prime1:
00:f4:b0:f9:62:52:60:06:ad:91:22:88:9b:e0:fb:
e7:13:42:94:d6:55:75:32:05:9a:66:60:d9:10:fd:
36:ee:8c:d9:54:7f:da:d8:50:e7:f5:76:58:bf:d4:
85:d3:81:ba:42:d0:27:e4:5c:e4:5a:a9:53:3b:b4:
4d:09:48:6c:f3
prime2:
00:e8:2b:6d:2e:c2:87:91:53:85:f1:0a:9b:cf:18:
e6:24:05:9d:f0:1e:c2:5e:52:45:ff:94:58:ba:9b:
f9:11:ab:76:c9:a6:3b:f5:df:88:67:44:3d:06:69:
1e:c3:b1:c2:f1:36:6c:ea:96:c1:73:de:40:a6:8e:
e7:8d:39:aa:17
exponent1:
00:e1:df:b0:05:dc:06:ba:83:64:33:5d:a9:8f:10:
d9:a9:04:d0:41:de:57:35:da:c8:41:73:6b:4c:ec:
81:d5:c9:7d:21:2c:79:07:30:00:3f:ad:84:95:68:
08:35:4b:4e:76:38:92:6a:92:79:55:5b:72:f2:ed:
28:23:c6:90:93
exponent2:
00:95:7f:21:16:f2:fc:08:80:17:c7:56:65:6d:bd:
42:b3:ff:49:eb:cc:62:ac:09:9e:39:2c:74:d5:f4:
89:34:ef:8b:d5:dc:cc:cf:4d:d8:af:66:29:45:6f:
7a:f7:d8:07:06:fb:5c:b6:d1:cc:4f:a7:d5:49:6a:
cb:7f:0c:9a:91
coefficient:
00:96:a6:10:6b:6a:5b:dc:27:9a:5c:36:23:88:6e:
da:86:0e:bb:7f:67:88:ba:ac:30:03:93:37:de:40:
b9:1a:4c:d0:1b:47:5b:6c:f2:78:2c:9e:91:4b:c7:
0d:6b:16:be:ee:bb:0d:bb:a9:f2:b4:18:9b:e5:37:
d9:bf:e4:3f:2b
Bon comme ça ça parait tout aussi obscur mais une personne qui comprends l'algorithme RSA comprendra!
Clé publique
En fait le fichier précédent contient la clé privée, il faut l'en extraire.
openssl rsa -in private.pem -pubout -out public.pem
La partie publique est plus courte
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDd6eQXChY6JDK13iDWE1iTIdV/
Xqz3l9igNQJEvS9nnBpuMMpKDdrbEK6TPXRThKiw28jK3DSJJLZP0xkXmDZyMVdP
kn/AUopoi+wgbklU3EGSSN1UncYIAO3yJdTgLujGItEqppHmLe6XTz/By0v0WNvQ
Qu9fMaylt2l9BvYn1QIDAQAB
-----END PUBLIC KEY-----
Nous avons notre paire de clés. On garde précieusement la clé privée et on envoie notre clé publique à tous nos interlocuteurs.
Avec cette clés ils pourront chiffrer les fichiers que seul ma clé privée saura déchiffrer.