开发学院操作系统 Linux/Unix AIX 6 加密文件系统（Encrypted File System），第... 阅读

AIX 6 加密文件系统（Encrypted File System），第 4 部分：用户管理（下）

　2008-09-06 08:20:07　来源：WEB开发网　　　

核心提示： 运行 efskeymgr -v 命令，以显示当前密钥存储库的内容，AIX 6 加密文件系统（Encrypted File System），第 4 部分：用户管理（下）(5)，已经删除了新的 2048 位密钥，使用 efskeymgr -e keyfile4 命令将密钥存储库的当前内容导出

运行 efskeymgr -v 命令，以显示当前密钥存储库的内容。已经删除了新的 2048 位密钥。

使用 efskeymgr -e keyfile4 命令将密钥存储库的当前内容导出到 keyfile4 中。

使用 OpenSSL 子命令 pkcs12 -in keyfile4 -info –nodes 验证 keyfile4 的内容。已经删除了新的 2048 位密钥。

示例 4 创建、弃用和删除私有 RSA 密钥

# efskeymgr -v Keystore content: Keystore owner ............: uid 0 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 04/18/07 at 04:08:43 Private key: Algorithm :RSA_1024 Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4 Validity :This key is valid. Access key to keystore group/security Access key to keystore admin/ # efskeymgr -e keyfile1 Enter password for the new PKCS#12-protected file: Enter the same password again: OpenSSL> pkcs12 -in keyfile1 -info -nodes Enter Import Password: MAC Iteration 2000 MAC verified OK PKCS7 Data Certificate bag Bag Attributes:<No Attributes> subject=/CN=CLiC v4.0 4613EBC8 issuer=/CN=CLiC v4.0 4613EBC8 -----BEGIN CERTIFICATE----- MIIBqjCCARMCBEYT68gwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu MCA0NjEzRUJDODAeFw0wNjA1MDgwMDAwMDBaFw0xNjA1MDgwMDAwMDBaMB0xGzAZ BgNVBAMTEkNMaUMgdjQuMCA0NjEzRUJDODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAvMey0sd1hh8YdoExhATlSR9KQP61zOQGQgp2c5aU97N30rxCqpwAcm6L dE4yzOl9WsQWRg8yJqkzE3J9G2547aq2vNxRuo/zgM5YZnK1JAnRZyZO0NGDooVf sb782Q9jL9n8sudFzEpIQ9jb68+kn7maXCGMHFImEnZjv3YGt0sCAwEAATANBgkq hkiG9w0BAQUFAAOBgQAhFp2ujXe9la4/9c25loqONgBot8kiJoH70BuXRC8UexoP w0Ip3Q17m8nyW3ymGcyfXtOUu2eC5NLWpr3W6orhr/ffwEVYJ6f7r5b4ADwBeHUL 3xYcQ4wnn/cO8E9NugmBM9ix5IyxPgZsy4VeN0sKY5YvtkNsWFX3vCqOUMA+Ig== -----END CERTIFICATE----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq nABybot0TjLM6X1axBZGDzImqTMTcn0bbnjtqra83FG6j/OAzlhmcrUkCdFnJk7Q 0YOihV+xvvzZD2Mv2fyy50XMSkhD2Nvrz6SfuZpcIYwcUiYSdmO/dga3SwIDAQAB AoGAHJ7KtyxYiSQiEXv7wE/9B616lJ5T0gOItAQhujDMVpNlvqlzvVRCYxbsWzks eCbhWNydTd4plHVBfO4gwS2/SnHGwnQwO6LcVgkqONSDqbf2yTJGBUDUwmZOq0xp HPrFsl99VzrJM+/pgEQcqEbdwc7l82NgCBcuPYtNpNSKL9ECQQD6X5os5wTbWdzo ukQlWTmKWpdn3K+muDwIwy2oGesSY2G24i5IZcrrsX5gzUlSI4Z22zG9m1JnaItC /b44Tl9bAkEAwQW/8OG4Vd216ULbLNoasoA1GVGfIiVJCzqzEO2nt19bQwwNwwrt zmzJVczCi8cEWSFQxbe/3geOAYiNfoT60QJBAO+1/IylGndQ0DpZq8j+ZiLanT8p gVrj5UaWZ+4b8n6GfBV2880I+IE0TMUthteHf8PoFPVt8jVjWIHpIugR0SUCQBUp XTa6eGwph3UQWFkdfEnPloK1GR40OkLZ56HWfEm1UZsTKjsU6qdz88rNTRLn+ckP xvw2PfnImEAAyYpyZ9ECQQDSx4/ZF2/Uk/l0Be5SOBkYKKDnVrioXBjLqn161ERa 8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s -----END RSA PRIVATE KEY----- # efskeymgr -R RSA_2048 # efskeymgr -v Keystore content: Keystore owner ............: uid 0 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 04/18/07 at 04:08:43 Private key: Algorithm :RSA_2048 Fingerprint :3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9 Validity :This key is valid. Private key: Algorithm :RSA_1024 Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4 Validity :This key was deprecated on 04/20/07 at 07:35:45. Access key to keystore group/security Access key to keystore admin/ # efskeymgr -e keyfile2 Enter password for the new PKCS#12-protected file: Enter the same password again: OpenSSL> pkcs12 -in keyfile2 -info -nodes Enter Import Password: MAC Iteration 2000 MAC verified OK PKCS7 Data Certificate bag Bag Attributes:<No Attributes> subject=/CN=CLiC v4.0 7F14828C issuer=/CN=CLiC v4.0 7F14828C -----BEGIN CERTIFICATE----- MIICrzCCAZcCBH8UgowwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu ... ... ... buDin1FTUmyt6cQ0eAnfaO8FMQ== -----END CERTIFICATE----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq ... ... ... 8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s -----END RSA PRIVATE KEY----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEApPRiwrebZ0ZNKEuxh8obBsmIYO/JLOLCRNCaJN3Xnw+SDhs1 ... ... ... C6t2lfrwq1aq2iZ6pkO4jpk7dsbeuUDHLoQIzZB3HVRrVhXfu/Ag -----END RSA PRIVATE KEY----- # efskeymgr -v Keystore content: Keystore owner ............: uid 0 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 04/18/07 at 04:08:43 Private key: Algorithm :RSA_4096 Fingerprint :f961c000:8305d1ba:65a72c48:eeafde52:b954bf78 Validity :This key is valid. Private key: Algorithm :RSA_2048 Fingerprint :3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9 Validity :This key was deprecated on 04/20/07 at 08:08:44. Private key: Algorithm :RSA_1024 Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4 Validity :This key was deprecated on 04/20/07 at 07:35:45. Access key to keystore group/security Access key to keystore admin/ # efskeymgr -e keyfile3 Enter password for the new PKCS#12-protected file: Enter the same password again: # OpenSSL> pkcs12 -in keyfile3 -info -nodes Enter Import Password: MAC Iteration 2000 MAC verified OK PKCS7 Data Certificate bag Bag Attributes:<No Attributes> subject=/CN=CLiC v4.0 17162B54 issuer=/CN=CLiC v4.0 17162B54 -----BEGIN CERTIFICATE----- MIIErzCCApcCBBcWK1QwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu ... ... ... rPpS/9ZtxfujJSjjIAQrNKjoHhewrBB0gq2JZ37PU+BB/TOmjWOd0DX4q5QJOcXG TUk7 -----END CERTIFICATE----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq ... ... ... 8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s -----END RSA PRIVATE KEY----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEApPRiwrebZ0ZNKEuxh8obBsmIYO/JLOLCRNCaJN3Xnw+SDhs1 ... ... ... C6t2lfrwq1aq2iZ6pkO4jpk7dsbeuUDHLoQIzZB3HVRrVhXfu/Ag -----END RSA PRIVATE KEY----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6qo7cNWI2bkLfbqYl0SYzXD/XtFdQHGjuk+EBnEyenSj7cq7 ... ... ... 86HBQ9Fgee+TkzDEj+ojwaZAyrH1G5oTmfaP2AlvHk8gBTPsOJuZjN2AXfE= -----END RSA PRIVATE KEY----- # efskeymgr -D 3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9 # efskeymgr -v Keystore content: Keystore owner ............: uid 0 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 04/18/07 at 04:08:43 Private key: Algorithm :RSA_4096 Fingerprint :f961c000:8305d1ba:65a72c48:eeafde52:b954bf78 Validity :This key is valid. Private key: Algorithm :RSA_1024 Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4 Validity :This key was deprecated on 04/20/07 at 07:35:45. Access key to keystore group/security Access key to keystore admin/ # # efskeymgr -e keyfile4 Enter password for the new PKCS#12-protected file: Enter the same password again: # OpenSSL> pkcs12 -in keyfile4 -info -nodes Enter Import Password: MAC Iteration 2000 MAC verified OK PKCS7 Data Certificate bag Bag Attributes:<No Attributes> subject=/CN=CLiC v4.0 17162B54 issuer=/CN=CLiC v4.0 17162B54 -----BEGIN CERTIFICATE----- MIIErzCCApcCBBcWK1QwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu ... ... ... rPpS/9ZtxfujJSjjIAQrNKjoHhewrBB0gq2JZ37PU+BB/TOmjWOd0DX4q5QJOcXG TUk7 -----END CERTIFICATE----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq ... ... ... 8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s -----END RSA PRIVATE KEY----- Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000 Bag Attributes:<No Attributes> Key Attributes:<No Attributes> -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA6qo7cNWI2bkLfbqYl0SYzXD/XtFdQHGjuk+EBnEyenSj7cq7 ... ... ... 86HBQ9Fgee+TkzDEj+ojwaZAyrH1G5oTmfaP2AlvHk8gBTPsOJuZjN2AXfE= -----END RSA PRIVATE KEY-----