AIX 6 加密文件系统(Encrypted File System),第 4 部分:用户管理(下)
2008-09-06 08:20:07 来源:WEB开发网运行 efskeymgr -v 命令,以显示当前密钥存储库的内容。已经删除了新的 2048 位密钥。
使用 efskeymgr -e keyfile4 命令将密钥存储库的当前内容导出到 keyfile4 中。
使用 OpenSSL 子命令 pkcs12 -in keyfile4 -info –nodes 验证 keyfile4 的内容。已经删除了新的 2048 位密钥。
示例 4 创建、弃用和删除私有 RSA 密钥
# efskeymgr -v
Keystore content:
Keystore owner ............: uid 0
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 04/18/07 at 04:08:43
Private key:
Algorithm :RSA_1024
Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4
Validity :This key is valid.
Access key to keystore group/security
Access key to keystore admin/
# efskeymgr -e keyfile1
Enter password for the new PKCS#12-protected file:
Enter the same password again:
OpenSSL> pkcs12 -in keyfile1 -info -nodes
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Certificate bag
Bag Attributes:<No Attributes>
subject=/CN=CLiC v4.0 4613EBC8
issuer=/CN=CLiC v4.0 4613EBC8
-----BEGIN CERTIFICATE-----
MIIBqjCCARMCBEYT68gwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu
MCA0NjEzRUJDODAeFw0wNjA1MDgwMDAwMDBaFw0xNjA1MDgwMDAwMDBaMB0xGzAZ
BgNVBAMTEkNMaUMgdjQuMCA0NjEzRUJDODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAvMey0sd1hh8YdoExhATlSR9KQP61zOQGQgp2c5aU97N30rxCqpwAcm6L
dE4yzOl9WsQWRg8yJqkzE3J9G2547aq2vNxRuo/zgM5YZnK1JAnRZyZO0NGDooVf
sb782Q9jL9n8sudFzEpIQ9jb68+kn7maXCGMHFImEnZjv3YGt0sCAwEAATANBgkq
hkiG9w0BAQUFAAOBgQAhFp2ujXe9la4/9c25loqONgBot8kiJoH70BuXRC8UexoP
w0Ip3Q17m8nyW3ymGcyfXtOUu2eC5NLWpr3W6orhr/ffwEVYJ6f7r5b4ADwBeHUL
3xYcQ4wnn/cO8E9NugmBM9ix5IyxPgZsy4VeN0sKY5YvtkNsWFX3vCqOUMA+Ig==
-----END CERTIFICATE-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq
nABybot0TjLM6X1axBZGDzImqTMTcn0bbnjtqra83FG6j/OAzlhmcrUkCdFnJk7Q
0YOihV+xvvzZD2Mv2fyy50XMSkhD2Nvrz6SfuZpcIYwcUiYSdmO/dga3SwIDAQAB
AoGAHJ7KtyxYiSQiEXv7wE/9B616lJ5T0gOItAQhujDMVpNlvqlzvVRCYxbsWzks
eCbhWNydTd4plHVBfO4gwS2/SnHGwnQwO6LcVgkqONSDqbf2yTJGBUDUwmZOq0xp
HPrFsl99VzrJM+/pgEQcqEbdwc7l82NgCBcuPYtNpNSKL9ECQQD6X5os5wTbWdzo
ukQlWTmKWpdn3K+muDwIwy2oGesSY2G24i5IZcrrsX5gzUlSI4Z22zG9m1JnaItC
/b44Tl9bAkEAwQW/8OG4Vd216ULbLNoasoA1GVGfIiVJCzqzEO2nt19bQwwNwwrt
zmzJVczCi8cEWSFQxbe/3geOAYiNfoT60QJBAO+1/IylGndQ0DpZq8j+ZiLanT8p
gVrj5UaWZ+4b8n6GfBV2880I+IE0TMUthteHf8PoFPVt8jVjWIHpIugR0SUCQBUp
XTa6eGwph3UQWFkdfEnPloK1GR40OkLZ56HWfEm1UZsTKjsU6qdz88rNTRLn+ckP
xvw2PfnImEAAyYpyZ9ECQQDSx4/ZF2/Uk/l0Be5SOBkYKKDnVrioXBjLqn161ERa
8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s
-----END RSA PRIVATE KEY-----
# efskeymgr -R RSA_2048
# efskeymgr -v
Keystore content:
Keystore owner ............: uid 0
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 04/18/07 at 04:08:43
Private key:
Algorithm :RSA_2048
Fingerprint :3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4
Validity :This key was deprecated on 04/20/07 at 07:35:45.
Access key to keystore group/security
Access key to keystore admin/
# efskeymgr -e keyfile2
Enter password for the new PKCS#12-protected file:
Enter the same password again:
OpenSSL> pkcs12 -in keyfile2 -info -nodes
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Certificate bag
Bag Attributes:<No Attributes>
subject=/CN=CLiC v4.0 7F14828C
issuer=/CN=CLiC v4.0 7F14828C
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCBH8UgowwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu
...
...
...
buDin1FTUmyt6cQ0eAnfaO8FMQ==
-----END CERTIFICATE-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq
...
...
...
8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s
-----END RSA PRIVATE KEY-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApPRiwrebZ0ZNKEuxh8obBsmIYO/JLOLCRNCaJN3Xnw+SDhs1
...
...
...
C6t2lfrwq1aq2iZ6pkO4jpk7dsbeuUDHLoQIzZB3HVRrVhXfu/Ag
-----END RSA PRIVATE KEY-----
# efskeymgr -v
Keystore content:
Keystore owner ............: uid 0
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 04/18/07 at 04:08:43
Private key:
Algorithm :RSA_4096
Fingerprint :f961c000:8305d1ba:65a72c48:eeafde52:b954bf78
Validity :This key is valid.
Private key:
Algorithm :RSA_2048
Fingerprint :3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9
Validity :This key was deprecated on 04/20/07 at 08:08:44.
Private key:
Algorithm :RSA_1024
Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4
Validity :This key was deprecated on 04/20/07 at 07:35:45.
Access key to keystore group/security
Access key to keystore admin/
# efskeymgr -e keyfile3
Enter password for the new PKCS#12-protected file:
Enter the same password again:
#
OpenSSL> pkcs12 -in keyfile3 -info -nodes
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Certificate bag
Bag Attributes:<No Attributes>
subject=/CN=CLiC v4.0 17162B54
issuer=/CN=CLiC v4.0 17162B54
-----BEGIN CERTIFICATE-----
MIIErzCCApcCBBcWK1QwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu
...
...
...
rPpS/9ZtxfujJSjjIAQrNKjoHhewrBB0gq2JZ37PU+BB/TOmjWOd0DX4q5QJOcXG
TUk7
-----END CERTIFICATE-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq
...
...
...
8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s
-----END RSA PRIVATE KEY-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApPRiwrebZ0ZNKEuxh8obBsmIYO/JLOLCRNCaJN3Xnw+SDhs1
...
...
...
C6t2lfrwq1aq2iZ6pkO4jpk7dsbeuUDHLoQIzZB3HVRrVhXfu/Ag
-----END RSA PRIVATE KEY-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA6qo7cNWI2bkLfbqYl0SYzXD/XtFdQHGjuk+EBnEyenSj7cq7
...
...
...
86HBQ9Fgee+TkzDEj+ojwaZAyrH1G5oTmfaP2AlvHk8gBTPsOJuZjN2AXfE=
-----END RSA PRIVATE KEY-----
# efskeymgr -D 3661bf34:530116eb:1861a3eb:0cf71b91:91ca25e9
# efskeymgr -v
Keystore content:
Keystore owner ............: uid 0
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 04/18/07 at 04:08:43
Private key:
Algorithm :RSA_4096
Fingerprint :f961c000:8305d1ba:65a72c48:eeafde52:b954bf78
Validity :This key is valid.
Private key:
Algorithm :RSA_1024
Fingerprint :47dab395:99d8aa70:82659beb:700a4a6e:e232c8e4
Validity :This key was deprecated on 04/20/07 at 07:35:45.
Access key to keystore group/security
Access key to keystore admin/
#
# efskeymgr -e keyfile4
Enter password for the new PKCS#12-protected file:
Enter the same password again:
#
OpenSSL> pkcs12 -in keyfile4 -info -nodes
Enter Import Password:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Certificate bag
Bag Attributes:<No Attributes>
subject=/CN=CLiC v4.0 17162B54
issuer=/CN=CLiC v4.0 17162B54
-----BEGIN CERTIFICATE-----
MIIErzCCApcCBBcWK1QwCwYJKoZIhvcNAQEBMB0xGzAZBgNVBAMTEkNMaUMgdjQu
...
...
...
rPpS/9ZtxfujJSjjIAQrNKjoHhewrBB0gq2JZ37PU+BB/TOmjWOd0DX4q5QJOcXG
TUk7
-----END CERTIFICATE-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC8x7LSx3WGHxh2gTGEBOVJH0pA/rXM5AZCCnZzlpT3s3fSvEKq
...
...
...
8ABuiz3EeI5knBx/sd8FVhNF+Izka5qcA4rd7XYvar1s
-----END RSA PRIVATE KEY-----
Shrouded Keybag:pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
Bag Attributes:<No Attributes>
Key Attributes:<No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA6qo7cNWI2bkLfbqYl0SYzXD/XtFdQHGjuk+EBnEyenSj7cq7
...
...
...
86HBQ9Fgee+TkzDEj+ojwaZAyrH1G5oTmfaP2AlvHk8gBTPsOJuZjN2AXfE=
-----END RSA PRIVATE KEY-----
更多精彩
赞助商链接