OpenSSLを使う
しむどん
:
2025-08-21
OpenSSLは暗号技術のツールキットであり、非常に広範囲に利用されている。その使用方法も様々だが、CLIから直接コマンドを実行することで利用する事もできる。
暗号技術自体の難しさや、ややこしさもあいまってなのか、たくさんのサブコマンドとオプションが用意されていて、全てを把握する事は難しい。
もちろん、それら全てを把握する必要はないのだけれど、どんなことをしたい時には、どのサブコマンドを使用すればよいのかという程度のことを把握しておきたい。そこでopensslコマンドを使用し、少しだけ使い方を眺めながら、理解を深めていく。
OpenSSLを用いて公開鍵暗号の鍵ペアを生成する
公開鍵暗号では秘匿すべき秘密鍵と、公開するための公開鍵という2つの鍵を作成し利用する。この2つの鍵を鍵ペアと呼ぶ。ここでは鍵ペアをopensslコマンドを用いて生成する。
秘密鍵を作る
まずは秘密鍵を作成する。鍵には長さがあり、長ければ長いほど暗号の強度が増す。例として公開鍵暗号の1種であるRSA暗号を用い、2048bitの長さを持つ秘密鍵を作成する。
openssl genrsa -out private.pem 2048
コマンドが正常に終了すると private.pem という名前で秘密鍵が作成される。出力するファイル名は -out private.pem で指定している。 private.pem の中身は次のような形式として出力される。
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0LsHKJjGRuNJ7zPqEip756Kd7eSj4cFmtMjfsc5Vv/biliDl
rDk4yqWTTp8iWN9i7R7xNYYhkgYxelsgXhkWXLspMpPHvipiFp+i/5m40jDjaIlP
c4wbPVS9UtMR1wMT4qNw2BY10oi9x1be0LZMbGEtUmv9HWONHGOyIpcEmhJ1cvH/
8pFLG+qJhQiSmJOHsAiEw8j0fZ2649EWKNj1ypXKeBK3Fq4dI6Bde8VmNvMtAKg+
7N82/37ulLGM/nqUQSxnGhF1N9BvloJG4mezcPk5epCTNfqJNVgxp4YKOdzXY4mH
Pwj86oHBe1PaqZQ6omFO8UGyG2oRZWA4JH7fMwIDAQABAoIBAQDMk9KjVoFXLyPi
v4YWQe9pCzgw1pxNAwpP/GVK1wmyeR6BuEKC9x6Td48WSuAWLPO/pkkRhaJXhZxu
6OujboE9Z+8r9C2cU9wJgnL2g8risCni5lmpzVNRXEGm8NqWWxzdUAWktLgR3hXr
T1hZRaNHwkLyeob9i/ndLlWEk3FeMxxrZKIcUbBqiZtXNeiHp2rF+HGi/mX4q8ET
RiufgC/t037AhjKByWcn/bXp3Yewgvmj1y93UWPNTjIG+NyRE4qvYQwFDpCJ7hHk
pjRrRcFcO8lhGGjAYDHaS0MYRLSMcnj/2U04wBrK/8Y1XMlVYn94jNm5Zl/keHBV
mur+kzY5AoGBAPxh/qKRTx3GwpNJ+d/JpY4EIgnLEfdbgAizodXCgUrL2EZ/r5eK
/rKpr7CwDFqx+N/1tg3tRq/GnULCjosmJgw7XIXVdsFxQbr+6MKnq7TqgNWJyLcy
9vAVWMNJEifk+kGhJXp0VavIThMX/N/trjvx4C06HC0bS8aX7WZBM7dnAoGBANO4
3wA6LHD3K5CxbfHbRdqIA5uecoGaS6prnoTWAC5E5CYHN6hHqEEU2knzCLBW19Fg
sdADdE/D61rGda8eU7IBlJwx7hGAG4R6/9kCyAckVsU0+CPoKf1NZWLqoZINHkgp
GoqS28N0/HkuY3iedlaEfMU+OfS58MRHtNdTevZVAoGACsCCAJsAK9yT3YKBSq9k
hjBW4uPr2AXl5nkApAKtT2pvxFEcQfCB+UqRWY2meRar656kKuO45zQm7vkq6XKu
nEbLIkh9zq/shPLnJ6PNBOAYrQA5tNRPANtn9KngRCLVJoae+iCKpc7axKV4+HE/
wv4C9upK2QEYsVU3n+uXMHECgYBsl6/ZX/0XW88+gaLQoBTuB0FCejxk+QzCNjyy
CUlCchdK4fzMFSTZbKahs0PLnl9Hhv7soDjyCJ0YjB4kWbu321Or4XgoBbsXcjbz
yZdrAlp2/7oeQJ/4yc+ssod4b74OaPayCK0rTT+JsB9Y6H3t1jpguI/lU9GH+vdo
UesJmQKBgBHNYJ5pX8KVWNInQM0+U4+TtDsvsrit1UR7DFYEa28ZDfxpvAOWruVz
7gHBD7xhvGhHdrlicrcnLwErLI9PHFz5h3yLbmMm06pPiROe9La6lw83GRSmdn0P
1+dKNFaPAOje+Wqpk0c5qniR0HQ9onK1JHCzlyw8mctfP1bolpbr
-----END RSA PRIVATE KEY-----ここで生成した鍵は何にも利用しないので掲載するが、通常、秘密鍵は誰にも見せてはいけない。もし、見せてしまったなら、ただちに鍵ペアを作り直し入れ替えたほうがよい。それができないか、しにくいこともあるかもしれないが、見られてしまった秘密鍵を使い続ける限り、セキュリティ的なリスクがずっと付きまとう。 ただ、何かしらの事故により秘密鍵が漏洩してしまうということも考えられるため、システムを開発または構築する場合はそれを考慮し、交換可能なようにしておくことは重要だろう。
公開鍵を作る
先ほど生成した秘密鍵を利用し公開鍵を生成する。
openssl rsa -pubout -in private.pem -out public.pem
コマンドが正常に終了すると public.pem という名前で秘密鍵が作成される。出力するファイル名は -out public.pem で指定している。 public.pem の中身は次のような形式として出力される。
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LsHKJjGRuNJ7zPqEip7
56Kd7eSj4cFmtMjfsc5Vv/biliDlrDk4yqWTTp8iWN9i7R7xNYYhkgYxelsgXhkW
XLspMpPHvipiFp+i/5m40jDjaIlPc4wbPVS9UtMR1wMT4qNw2BY10oi9x1be0LZM
bGEtUmv9HWONHGOyIpcEmhJ1cvH/8pFLG+qJhQiSmJOHsAiEw8j0fZ2649EWKNj1
ypXKeBK3Fq4dI6Bde8VmNvMtAKg+7N82/37ulLGM/nqUQSxnGhF1N9BvloJG4mez
cPk5epCTNfqJNVgxp4YKOdzXY4mHPwj86oHBe1PaqZQ6omFO8UGyG2oRZWA4JH7f
MwIDAQAB
-----END PUBLIC KEY-----この鍵は誰に見せても良く、必要な人が取得できるように配置する。公開鍵はインターネットに公開してもよく、通常は公開することで、向こうから送信される通信を公開鍵を用いて暗号化してもらい、それを受信し秘密鍵を用いて複合化を行う。またこちらの秘密鍵を用いて暗号化しその情報を送信すると、それを受信した側は公開鍵を用いて複合化できるため、データが改竄されていないことを確認できる。この手法はデジタル署名という。
秘密鍵と公開鍵は1対1の対応となる。つまり1つの秘密鍵に対し、複数の公開鍵を作ることはできない。
クライアント証明書から鍵付き証明書を抜き出す
クライアント証明書から鍵を抜き出す。
openssl pkcs12 -in foo.p12 -out key.pem -nocerts実行するとkey.pemに出力される。
証明書を抜き出す。
openssl pkcs12 -in foo.p12 -out cert.pem -clcertsk実行するとcert.pemに出力される。
使用可能なアルゴリズムの一覧を確認する
opensslにはさまざまな値の一覧を、listというサブコマンドで出力できる。ここでは使用可能なアルゴリズムの一覧を見てみる。
openssl list -all-algorithms
これは、あくまでその環境にインストールされたopensslが使用可能なアルゴリズムを出力している。opensslのビルド時の環境やオプションによって、使用可能なアルゴリズムは変わり、同様に openssl list -all-algorithms の出力も変わる。
出力は要素によって次のようなグループによって分類され、出力される。
-
Digests(ダイジェスト)
- **概要**:ハッシュ関数(メッセージダイジェスト)を列挙したカテゴリ。
- **役割**:データの整合性確認や署名のハッシュ計算に使われる。
- **例**:SHA-256、SHA-512、MD5(非推奨)、SHA-3 など。
-
Symmetric Ciphers(対称鍵暗号)
- **概要**:同じ鍵を使ってデータの暗号と復号を行う暗号方式。
- **役割**:データの暗号化・復号に使われる。
- **例**:AES、ChaCha20、DES、Camellia など。
-
KDFs and PDFs(KDFとPDF)
- **概要**:鍵導出関数(Key Derivation Functions)、およびパスワードダイジェスト(Password Derivation Functions)。
- **役割**:パスワードや秘密鍵から新しい鍵を導き出す。
- **例**:PBKDF2、HKDF、scrypt など。
-
MACs(Message Authentication Codes)
- **概要**:メッセージ認証コード(MAC)のアルゴリズム一覧。
- **役割**:データの認証と改ざん防止に使う。
- **例**:HMAC-SHA256、CMAC-AES など。
-
Asymmetric Encryption(非対称暗号)
- **概要**:公開鍵と秘密鍵を使った暗号化。
- **役割**:データの暗号化や署名に使われる。
- **例**:RSA、ECDSA、Ed25519 など。
-
Key Exchange(鍵交換)
- **概要**:安全な通信を確立するための鍵交換アルゴリズム。
- **役割**: SSL/TLS等の通信の鍵交換に使われる。
- **例**:Diffie-Hellman、ECDH、X25519 など。
-
Provided Signatures(署名)
- **概要**:デジタル署名アルゴリズム。
- **役割**:データの署名や認証に使う。
- **例**:RSA署名、ECDSA、ED25519署名 など。
-
Key Encapsulation(鍵カプセル化)
- **概要**:鍵のエンクapsulation(封入)に使うアルゴリズム。
- **役割**:公開鍵暗号方式での鍵共有やセッション鍵の安全な配布。
- **例**:ECIES(Elliptic Curve Integrated Encryption Scheme)、RSA-KEMなど。
-
Key Managers(鍵管理)
- **概要**:鍵の生成、保存、管理に関わる機能やアルゴリズム。
- **役割**:鍵のライフサイクル管理など。
- **例**:PKCS#11、PKCS#12、HSM連携機能。
-
ENCODERs / DECODERs(エンコーダ・デコーダ)
- **概要**:データのエンコード・デコードの方式。
- **役割**:データフォーマットや通信規格変換。
- **例**:Base64エンコーディング、DER/PEMフォーマット。
-
STORE LOADERs(ストアローダー)
- **概要**:キーや証明書のストレージ(保存・読み出し)機能。
- **役割**:ハードウェアトークンやキーストアの管理。
- **例**:PKCS#12、PKCS#11、Smartcardインターフェース。
以下に出力例を示す。
Digests:
Legacy:
RSA-MD4 => MD4
RSA-MD5 => MD5
RSA-MDC2 => MDC2
RSA-RIPEMD160 => RIPEMD160
RSA-SHA1 => SHA1
RSA-SHA1-2 => RSA-SHA1
RSA-SHA224 => SHA224
RSA-SHA256 => SHA256
RSA-SHA3-224 => SHA3-224
RSA-SHA3-256 => SHA3-256
RSA-SHA3-384 => SHA3-384
RSA-SHA3-512 => SHA3-512
RSA-SHA384 => SHA384
RSA-SHA512 => SHA512
RSA-SHA512/224 => SHA512-224
RSA-SHA512/256 => SHA512-256
RSA-SM3 => SM3
BLAKE2b512
BLAKE2s256
id-rsassa-pkcs1-v1_5-with-sha3-224 => SHA3-224
id-rsassa-pkcs1-v1_5-with-sha3-256 => SHA3-256
id-rsassa-pkcs1-v1_5-with-sha3-384 => SHA3-384
id-rsassa-pkcs1-v1_5-with-sha3-512 => SHA3-512
MD4
md4WithRSAEncryption => MD4
MD5
MD5-SHA1
md5WithRSAEncryption => MD5
MDC2
mdc2WithRSA => MDC2
ripemd => RIPEMD160
RIPEMD160
ripemd160WithRSA => RIPEMD160
rmd160 => RIPEMD160
SHA1
sha1WithRSAEncryption => SHA1
SHA224
sha224WithRSAEncryption => SHA224
SHA256
sha256WithRSAEncryption => SHA256
SHA3-224
SHA3-256
SHA3-384
SHA3-512
SHA384
sha384WithRSAEncryption => SHA384
SHA512
SHA512-224
sha512-224WithRSAEncryption => SHA512-224
SHA512-256
sha512-256WithRSAEncryption => SHA512-256
sha512WithRSAEncryption => SHA512
SHAKE128
SHAKE256
SM3
sm3WithRSAEncryption => SM3
ssl3-md5 => MD5
ssl3-sha1 => SHA1
whirlpool
Provided:
NULL @ default
{ 2.16.840.1.101.3.4.2.6, SHA-512/256, SHA2-512/256, SHA512-256 } @ default
{ 2.16.840.1.101.3.4.2.4, SHA-224, SHA2-224, SHA224 } @ default
{ 1.3.14.3.2.26, SHA-1, SHA1, SSL3-SHA1 } @ default
{ 2.16.840.1.101.3.4.2.7, SHA3-224 } @ default
{ 2.16.840.1.101.3.4.2.9, SHA3-384 } @ default
{ 1.3.36.3.2.1, RIPEMD, RIPEMD-160, RIPEMD160, RMD160 } @ default
{ 2.16.840.1.101.3.4.2.3, SHA-512, SHA2-512, SHA512 } @ default
{ 2.16.840.1.101.3.4.2.5, SHA-512/224, SHA2-512/224, SHA512-224 } @ default
{ 2.16.840.1.101.3.4.2.12, SHAKE-256, SHAKE256 } @ default
{ 2.16.840.1.101.3.4.2.2, SHA-384, SHA2-384, SHA384 } @ default
{ 1.2.156.10197.1.401, SM3 } @ default
{ 2.16.840.1.101.3.4.2.8, SHA3-256 } @ default
{ 1.2.840.113549.2.5, MD5, SSL3-MD5 } @ default
{ 1.3.6.1.4.1.1722.12.2.2.8, BLAKE2S-256, BLAKE2s256 } @ default
{ 2.16.840.1.101.3.4.2.1, SHA-256, SHA2-256, SHA256 } @ default
{ 1.3.6.1.4.1.1722.12.2.1.16, BLAKE2B-512, BLAKE2b512 } @ default
MD5-SHA1 @ default
{ 2.16.840.1.101.3.4.2.11, SHAKE-128, SHAKE128 } @ default
{ SHA-256/192, SHA2-256/192, SHA256-192 } @ default
KECCAK-224 @ default
KECCAK-256 @ default
KECCAK-384 @ default
KECCAK-512 @ default
{ KECCAK-KMAC-128, KECCAK-KMAC128 } @ default
{ KECCAK-KMAC-256, KECCAK-KMAC256 } @ default
{ 2.16.840.1.101.3.4.2.10, SHA3-512 } @ default
Symmetric Ciphers:
Legacy:
AES-128-CBC
id-aes128-CCM
AES-128-CFB
AES-128-CFB1
AES-128-CFB8
AES-128-CTR
AES-128-ECB
id-aes128-GCM
AES-128-OCB
AES-128-OFB
AES-128-XTS
AES-192-CBC
id-aes192-CCM
AES-192-CFB
AES-192-CFB1
AES-192-CFB8
AES-192-CTR
AES-192-ECB
id-aes192-GCM
AES-192-OCB
AES-192-OFB
AES-256-CBC
id-aes256-CCM
AES-256-CFB
AES-256-CFB1
AES-256-CFB8
AES-256-CTR
AES-256-ECB
id-aes256-GCM
AES-256-OCB
AES-256-OFB
AES-256-XTS
aes128 => AES-128-CBC
aes128-wrap => id-aes128-wrap
aes128-wrap-pad => id-aes128-wrap-pad
aes192 => AES-192-CBC
aes192-wrap => id-aes192-wrap
aes192-wrap-pad => id-aes192-wrap-pad
aes256 => AES-256-CBC
aes256-wrap => id-aes256-wrap
aes256-wrap-pad => id-aes256-wrap-pad
ARIA-128-CBC
ARIA-128-CCM
ARIA-128-CFB
ARIA-128-CFB1
ARIA-128-CFB8
ARIA-128-CTR
ARIA-128-ECB
ARIA-128-GCM
ARIA-128-OFB
ARIA-192-CBC
ARIA-192-CCM
ARIA-192-CFB
ARIA-192-CFB1
ARIA-192-CFB8
ARIA-192-CTR
ARIA-192-ECB
ARIA-192-GCM
ARIA-192-OFB
ARIA-256-CBC
ARIA-256-CCM
ARIA-256-CFB
ARIA-256-CFB1
ARIA-256-CFB8
ARIA-256-CTR
ARIA-256-ECB
ARIA-256-GCM
ARIA-256-OFB
aria128 => ARIA-128-CBC
aria192 => ARIA-192-CBC
aria256 => ARIA-256-CBC
bf => BF-CBC
BF-CBC
BF-CFB
BF-ECB
BF-OFB
blowfish => BF-CBC
CAMELLIA-128-CBC
CAMELLIA-128-CFB
CAMELLIA-128-CFB1
CAMELLIA-128-CFB8
CAMELLIA-128-CTR
CAMELLIA-128-ECB
CAMELLIA-128-OFB
CAMELLIA-192-CBC
CAMELLIA-192-CFB
CAMELLIA-192-CFB1
CAMELLIA-192-CFB8
CAMELLIA-192-CTR
CAMELLIA-192-ECB
CAMELLIA-192-OFB
CAMELLIA-256-CBC
CAMELLIA-256-CFB
CAMELLIA-256-CFB1
CAMELLIA-256-CFB8
CAMELLIA-256-CTR
CAMELLIA-256-ECB
CAMELLIA-256-OFB
camellia128 => CAMELLIA-128-CBC
camellia192 => CAMELLIA-192-CBC
camellia256 => CAMELLIA-256-CBC
cast => CAST5-CBC
cast-cbc => CAST5-CBC
CAST5-CBC
CAST5-CFB
CAST5-ECB
CAST5-OFB
ChaCha20
ChaCha20-Poly1305
des => DES-CBC
DES-CBC
DES-CFB
DES-CFB1
DES-CFB8
DES-ECB
DES-EDE
DES-EDE-CBC
DES-EDE-CFB
des-ede-ecb => DES-EDE
DES-EDE-OFB
DES-EDE3
DES-EDE3-CBC
DES-EDE3-CFB
DES-EDE3-CFB1
DES-EDE3-CFB8
des-ede3-ecb => DES-EDE3
DES-EDE3-OFB
DES-OFB
des3 => DES-EDE3-CBC
des3-wrap => id-smime-alg-CMS3DESwrap
desx => DESX-CBC
DESX-CBC
id-aes128-CCM
id-aes128-GCM
id-aes128-wrap
id-aes128-wrap-pad
id-aes192-CCM
id-aes192-GCM
id-aes192-wrap
id-aes192-wrap-pad
id-aes256-CCM
id-aes256-GCM
id-aes256-wrap
id-aes256-wrap-pad
id-smime-alg-CMS3DESwrap
idea => IDEA-CBC
IDEA-CBC
IDEA-CFB
IDEA-ECB
IDEA-OFB
rc2 => RC2-CBC
rc2-128 => RC2-CBC
rc2-40 => RC2-40-CBC
RC2-40-CBC
rc2-64 => RC2-64-CBC
RC2-64-CBC
RC2-CBC
RC2-CFB
RC2-ECB
RC2-OFB
RC4
RC4-40
RC4-HMAC-MD5
seed => SEED-CBC
SEED-CBC
SEED-CFB
SEED-ECB
SEED-OFB
sm4 => SM4-CBC
SM4-CBC
SM4-CFB
SM4-CTR
SM4-ECB
SM4-OFB
Provided:
ChaCha20-Poly1305 @ default
{ 2.16.840.1.101.3.4.1.4, AES-128-CFB } @ default
{ 1.2.410.200046.1.1.38, ARIA-192-CCM } @ default
{ 1.2.410.200046.1.1.1, ARIA-128-ECB } @ default
{ 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } @ default
{ 2.16.840.1.101.3.4.1.24, AES-192-CFB } @ default
{ 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } @ default
{ 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } @ default
{ 1.2.410.200046.1.1.35, ARIA-192-GCM } @ default
{ 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } @ default
{ 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } @ default
{ 1.2.410.200046.1.1.36, ARIA-256-GCM } @ default
{ 1.3.111.2.1619.0.1.2, AES-256-XTS } @ default
{ 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } @ default
{ 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } @ default
{ 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } @ default
{ 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } @ default
{ 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } @ default
{ 2.16.840.1.101.3.4.1.41, AES-256-ECB } @ default
{ 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } @ default
{ 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } @ default
{ 2.16.840.1.101.3.4.1.6, aes-128-gcm, id-aes128-GCM } @ default
{ 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } @ default
{ 2.16.840.1.101.3.4.1.44, AES-256-CFB } @ default
{ 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } @ default
{ 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } @ default
{ 1.2.410.200046.1.1.39, ARIA-256-CCM } @ default
{ 1.2.410.200046.1.1.14, ARIA-256-OFB } @ default
{ 2.16.840.1.101.3.4.1.46, aes-256-gcm, id-aes256-GCM } @ default
{ 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } @ default
{ 2.16.840.1.101.3.4.1.23, AES-192-OFB } @ default
{ 1.2.156.10197.1.104.1, SM4-ECB } @ default
{ 2.16.840.1.101.3.4.1.7, aes-128-ccm, id-aes128-CCM } @ default
{ 2.16.840.1.101.3.4.1.47, aes-256-ccm, id-aes256-CCM } @ default
{ 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } @ default
{ 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } @ default
{ 1.2.410.200046.1.1.15, ARIA-256-CTR } @ default
{ 1.2.410.200046.1.1.3, ARIA-128-CFB } @ default
{ 1.2.410.200046.1.1.34, ARIA-128-GCM } @ default
{ 1.2.410.200046.1.1.6, ARIA-192-ECB } @ default
{ 2.16.840.1.101.3.4.1.26, aes-192-gcm, id-aes192-GCM } @ default
{ 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } @ default
{ 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } @ default
{ 1.2.156.10197.1.104.2, SM4, SM4-CBC } @ default
{ 1.2.410.200046.1.1.37, ARIA-128-CCM } @ default
{ 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } @ default
{ 2.16.840.1.101.3.4.1.27, aes-192-ccm, id-aes192-CCM } @ default
{ 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } @ default
{ 1.2.410.200046.1.1.11, ARIA-256-ECB } @ default
{ 1.3.111.2.1619.0.1.1, AES-128-XTS } @ default
{ 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } @ default
{ 2.16.840.1.101.3.4.1.3, AES-128-OFB } @ default
{ 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } @ default
{ 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } @ default
{ 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } @ default
{ 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } @ default
{ 1.2.410.200046.1.1.10, ARIA-192-CTR } @ default
{ 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } @ default
{ 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } @ default
{ 1.2.410.200046.1.1.9, ARIA-192-OFB } @ default
{ 1.2.410.200046.1.1.13, ARIA-256-CFB } @ default
{ 2.16.840.1.101.3.4.1.1, AES-128-ECB } @ default
{ 1.2.410.200046.1.1.8, ARIA-192-CFB } @ default
{ 1.2.156.10197.1.104.7, SM4-CTR } @ default
{ 2.16.840.1.101.3.4.1.43, AES-256-OFB } @ default
{ 1.2.410.200046.1.1.4, ARIA-128-OFB } @ default
{ 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } @ default
{ 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } @ default
{ 1.2.410.200046.1.1.5, ARIA-128-CTR } @ default
{ 2.16.840.1.101.3.4.1.21, AES-192-ECB } @ default
NULL @ default
AES-128-CBC-CTS @ default
AES-192-CBC-CTS @ default
AES-256-CBC-CTS @ default
AES-256-CFB1 @ default
AES-192-CFB1 @ default
AES-128-CFB1 @ default
AES-256-CFB8 @ default
AES-192-CFB8 @ default
AES-128-CFB8 @ default
AES-256-CTR @ default
AES-192-CTR @ default
AES-128-CTR @ default
AES-256-OCB @ default
AES-192-OCB @ default
AES-128-OCB @ default
AES-128-SIV @ default
AES-192-SIV @ default
AES-256-SIV @ default
AES-128-GCM-SIV @ default
AES-192-GCM-SIV @ default
AES-256-GCM-SIV @ default
{ AES-256-WRAP-INV, AES256-WRAP-INV } @ default
{ AES-192-WRAP-INV, AES192-WRAP-INV } @ default
{ AES-128-WRAP-INV, AES128-WRAP-INV } @ default
{ AES-256-WRAP-PAD-INV, AES256-WRAP-PAD-INV } @ default
{ AES-192-WRAP-PAD-INV, AES192-WRAP-PAD-INV } @ default
{ AES-128-WRAP-PAD-INV, AES128-WRAP-PAD-INV } @ default
ARIA-256-CFB1 @ default
ARIA-192-CFB1 @ default
ARIA-128-CFB1 @ default
ARIA-256-CFB8 @ default
ARIA-192-CFB8 @ default
ARIA-128-CFB8 @ default
CAMELLIA-128-CBC-CTS @ default
CAMELLIA-192-CBC-CTS @ default
CAMELLIA-256-CBC-CTS @ default
CAMELLIA-256-CFB1 @ default
CAMELLIA-192-CFB1 @ default
CAMELLIA-128-CFB1 @ default
CAMELLIA-256-CFB8 @ default
CAMELLIA-192-CFB8 @ default
CAMELLIA-128-CFB8 @ default
{ DES-EDE3, DES-EDE3-ECB } @ default
DES-EDE3-OFB @ default
DES-EDE3-CFB @ default
DES-EDE3-CFB8 @ default
DES-EDE3-CFB1 @ default
DES-EDE-CBC @ default
DES-EDE-OFB @ default
DES-EDE-CFB @ default
{ 1.2.156.10197.1.104.8, SM4-GCM } @ default
{ 1.2.156.10197.1.104.9, SM4-CCM } @ default
{ 1.2.156.10197.1.104.10, SM4-XTS } @ default
ChaCha20 @ default
{ 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } @ default
Provided KDFs and PDFs:
ARGON2ID @ default
TLS13-KDF @ default
SSKDF @ default
{ 1.2.840.113549.1.5.12, PBKDF2 } @ default
PKCS12KDF @ default
SSHKDF @ default
{ X942KDF-CONCAT, X963KDF } @ default
TLS1-PRF @ default
KBKDF @ default
{ X942KDF, X942KDF-ASN1 } @ default
{ 1.3.6.1.4.1.11591.4.11, id-scrypt, SCRYPT } @ default
KRB5KDF @ default
HMAC-DRBG-KDF @ default
ARGON2I @ default
ARGON2D @ default
HKDF @ default
Provided MACs:
POLY1305 @ default
{ 1.3.6.1.4.1.1722.12.2.2, BLAKE2SMAC } @ default
CMAC @ default
{ 1.0.9797.3.4, GMAC } @ default
HMAC @ default
{ 2.16.840.1.101.3.4.2.19, KMAC-128, KMAC128 } @ default
{ 2.16.840.1.101.3.4.2.20, KMAC-256, KMAC256 } @ default
SIPHASH @ default
{ 1.3.6.1.4.1.1722.12.2.1, BLAKE2BMAC } @ default
Provided Asymmetric Encryption:
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default
{ 1.2.156.10197.1.301, SM2 } @ default
Provided Key Exchange:
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default
{ 1.3.101.110, X25519 } @ default
{ 1.3.101.111, X448 } @ default
HKDF @ default
TLS1-PRF @ default
{ 1.3.6.1.4.1.11591.4.11, id-scrypt, SCRYPT } @ default
ECDH @ default
Provided Signatures:
{ 2.16.840.1.101.3.4.3.12, ECDSA-SHA3-512, ecdsa_with_SHA3-512, id-ecdsa-with-sha3-512 } @ default
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default
{ 1.2.840.10040.4.3, 1.3.14.3.2.27, DSA-SHA, DSA-SHA-1, DSA-SHA1, DSA-SHA1-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default
{ 1.3.101.112, ED25519 } @ default
{ 1.3.101.113, ED448 } @ default
{ 1.2.156.10197.1.301, SM2 } @ default
CMAC @ default
HMAC @ default
SIPHASH @ default
POLY1305 @ default
{ 2.16.840.1.101.3.4.3.1, DSA-SHA2-224, DSA-SHA224, dsa_with_SHA224 } @ default
{ 2.16.840.1.101.3.4.3.2, DSA-SHA2-256, DSA-SHA256, dsa_with_SHA256 } @ default
{ 1.2.840.1.101.3.4.3.3, DSA-SHA2-384, DSA-SHA384, dsa_with_SHA384, id-dsa-with-sha384 } @ default
{ 1.2.840.1.101.3.4.3.4, DSA-SHA2-512, DSA-SHA512, dsa_with_SHA512, id-dsa-with-sha512 } @ default
{ 2.16.840.1.101.3.4.3.5, DSA-SHA3-224, dsa_with_SHA3-224, id-dsa-with-sha3-224 } @ default
{ 2.16.840.1.101.3.4.3.6, DSA-SHA3-256, dsa_with_SHA3-256, id-dsa-with-sha3-256 } @ default
{ 2.16.840.1.101.3.4.3.7, DSA-SHA3-384, dsa_with_SHA3-384, id-dsa-with-sha3-384 } @ default
{ 2.16.840.1.101.3.4.3.8, DSA-SHA3-512, dsa_with_SHA3-512, id-dsa-with-sha3-512 } @ default
{ 1.3.36.3.3.1.2, ripemd160WithRSA, RSA-RIPEMD160 } @ default
{ 1.2.840.113549.1.1.5, RSA-SHA-1, RSA-SHA1, sha1WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.14, RSA-SHA2-224, RSA-SHA224, sha224WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.11, RSA-SHA2-256, RSA-SHA256, sha256WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.12, RSA-SHA2-384, RSA-SHA384, sha384WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.13, RSA-SHA2-512, RSA-SHA512, sha512WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.15, RSA-SHA2-512/224, RSA-SHA512-224, sha512-224WithRSAEncryption } @ default
{ 1.2.840.113549.1.1.16, RSA-SHA2-512/256, RSA-SHA512-256, sha512-256WithRSAEncryption } @ default
{ 2.16.840.1.101.3.4.3.13, id-rsassa-pkcs1-v1_5-with-sha3-224, RSA-SHA3-224 } @ default
{ 2.16.840.1.101.3.4.3.14, id-rsassa-pkcs1-v1_5-with-sha3-256, RSA-SHA3-256 } @ default
{ 2.16.840.1.101.3.4.3.15, id-rsassa-pkcs1-v1_5-with-sha3-384, RSA-SHA3-384 } @ default
{ 2.16.840.1.101.3.4.3.16, id-rsassa-pkcs1-v1_5-with-sha3-512, RSA-SHA3-512 } @ default
{ 1.2.156.10197.1.504, RSA-SM3, sm3WithRSAEncryption } @ default
ED25519ph @ default
ED25519ctx @ default
ED448ph @ default
ECDSA @ default
{ 1.2.840.10045.4.1, ECDSA-SHA-1, ECDSA-SHA1, ecdsa-with-SHA1 } @ default
{ 1.2.840.10045.4.3.1, ECDSA-SHA2-224, ECDSA-SHA224, ecdsa-with-SHA224 } @ default
{ 1.2.840.10045.4.3.2, ECDSA-SHA2-256, ECDSA-SHA256, ecdsa-with-SHA256 } @ default
{ 1.2.840.10045.4.3.3, ECDSA-SHA2-384, ECDSA-SHA384, ecdsa-with-SHA384 } @ default
{ 1.2.840.10045.4.3.4, ECDSA-SHA2-512, ECDSA-SHA512, ecdsa-with-SHA512 } @ default
{ 2.16.840.1.101.3.4.3.9, ECDSA-SHA3-224, ecdsa_with_SHA3-224, id-ecdsa-with-sha3-224 } @ default
{ 2.16.840.1.101.3.4.3.10, ECDSA-SHA3-256, ecdsa_with_SHA3-256, id-ecdsa-with-sha3-256 } @ default
{ 2.16.840.1.101.3.4.3.11, ECDSA-SHA3-384, ecdsa_with_SHA3-384, id-ecdsa-with-sha3-384 } @ default
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default
Provided Key encapsulation:
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default
{ 1.3.101.110, X25519 } @ default
{ 1.3.101.111, X448 } @ default
Provided Key managers:
Name: OpenSSL POLY1305 via EVP_PKEY implementation
Type: Provider Algorithm
IDs: POLY1305 @ default
Name: OpenSSL PKCS#3 DH implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default
Name: OpenSSL DSA implementation
Type: Provider Algorithm
IDs: { 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default
Name: OpenSSL EC implementation
Type: Provider Algorithm
IDs: { 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default
Name: OpenSSL RSA-PSS implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default
Name: OpenSSL X9.42 DH implementation
Type: Provider Algorithm
IDs: { 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default
Name: OpenSSL X25519 implementation
Type: Provider Algorithm
IDs: { 1.3.101.110, X25519 } @ default
Name: OpenSSL X448 implementation
Type: Provider Algorithm
IDs: { 1.3.101.111, X448 } @ default
Name: OpenSSL ED25519 implementation
Type: Provider Algorithm
IDs: { 1.3.101.112, ED25519 } @ default
Name: OpenSSL ED448 implementation
Type: Provider Algorithm
IDs: { 1.3.101.113, ED448 } @ default
Name: OpenSSL SM2 implementation
Type: Provider Algorithm
IDs: { 1.2.156.10197.1.301, SM2 } @ default
Name: OpenSSL HKDF via EVP_PKEY implementation
Type: Provider Algorithm
IDs: HKDF @ default
Name: OpenSSL TLS1_PRF via EVP_PKEY implementation
Type: Provider Algorithm
IDs: TLS1-PRF @ default
Name: OpenSSL SCRYPT via EVP_PKEY implementation
Type: Provider Algorithm
IDs: { 1.3.6.1.4.1.11591.4.11, id-scrypt, SCRYPT } @ default
Name: OpenSSL CMAC via EVP_PKEY implementation
Type: Provider Algorithm
IDs: CMAC @ default
Name: OpenSSL HMAC via EVP_PKEY implementation
Type: Provider Algorithm
IDs: HMAC @ default
Name: OpenSSL SIPHASH via EVP_PKEY implementation
Type: Provider Algorithm
IDs: SIPHASH @ default
Name: OpenSSL RSA implementation
Type: Provider Algorithm
IDs: { 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default
Provided ENCODERs:
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=type-specific)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=type-specific)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=msblob)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pvk)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=rsa)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=rsa)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=der,structure=pkcs1)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=pem,structure=pkcs1)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=text)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=type-specific)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=type-specific)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=dh)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=dh)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=der,structure=pkcs3)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,output=pem,structure=pkcs3)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=text)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=der,structure=type-specific)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pem,structure=type-specific)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=msblob)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pvk)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=der,structure=dsa)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,output=pem,structure=dsa)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=text)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=type-specific)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=type-specific)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=blob)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=ec)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=ec)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=der,structure=X9.62)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,output=pem,structure=X9.62)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=text)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=der,structure=pkcs1)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,output=pem,structure=pkcs1)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=text)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=type-specific)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=type-specific)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=dhx)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=dhx)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=der,structure=X9.42)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,output=pem,structure=X9.42)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=text)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=text)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=text)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=text)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=der,structure=PrivateKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=pem,structure=PrivateKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,output=pem,structure=SubjectPublicKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=text)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=der,structure=type-specific)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=pem,structure=type-specific)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=blob)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=pem,structure=EncryptedPrivateKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=der,structure=PrivateKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=pem,structure=PrivateKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,output=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,output=text)
Provided DECODERs:
DER @ default (provider=default,fips=yes,input=der,structure=EncryptedPrivateKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=der,structure=type-specific)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=der,structure=rsa)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=msblob)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=pvk)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,input=der,structure=type-specific)
{ 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default (provider=default,fips=yes,input=der,structure=dh)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=der,structure=type-specific)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=der,structure=dsa)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=msblob)
{ 1.2.840.10040.4.1, 1.3.14.3.2.12, DSA, DSA-old, dsaEncryption, dsaEncryption-old } @ default (provider=default,fips=yes,input=pvk)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,input=der,structure=type-specific)
{ 1.2.840.10045.2.1, EC, id-ecPublicKey } @ default (provider=default,fips=yes,input=der,structure=ec)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.2.840.113549.1.1.10, RSA-PSS, RSASSA-PSS, rsassaPss } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,input=der,structure=type-specific)
{ 1.2.840.10046.2.1, dhpublicnumber, DHX, X9.42 DH } @ default (provider=default,fips=yes,input=der,structure=dhx)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.3.101.110, X25519 } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.3.101.111, X448 } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.3.101.112, ED25519 } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
{ 1.3.101.113, ED448 } @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,input=der,structure=PrivateKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,input=der,structure=SubjectPublicKeyInfo)
{ 1.2.156.10197.1.301, SM2 } @ default (provider=default,fips=no,input=der,structure=type-specific)
DER @ default (provider=default,fips=yes,input=der,structure=SubjectPublicKeyInfo)
DER @ default (provider=default,fips=yes,input=pem)
{ 1.2.840.113549.1.1.1, 2.5.8.1.1, RSA, rsaEncryption } @ default (provider=default,fips=yes,input=der,structure=PrivateKeyInfo)
Provided STORE LOADERs:
file @ default
Heartbleed
OpenSSLで脆弱性が発見されると大きなニュースとなる。2014年に発見され「Heartbleed」と呼ばれるようになった脆弱性(CVE-2014-0160)のニュースは印象的だった。
参考資料
- https://www.openssl.org/
- https://pkiwithadcs.com/rsa_key_using_openssl/
- https://weblabo.oscasierra.net/openssl-genrsa-secret-1/
- https://weblabo.oscasierra.net/openssl-genrsa-public-1/
- https://uzimihsr.github.io/post/2020-05-20-public-key-practice/#%E7%A7%98%E5%AF%86%E9%8D%B5%E3%81%A8%E5%85%AC%E9%96%8B%E9%8D%B5%E3%82%92%E4%BD%9C%E3%82%8B
- https://www.hitachi-solutions.co.jp/oms/sp/blog/2022021505/
- https://ja.wikipedia.org/wiki/%E3%83%87%E3%82%B8%E3%82%BF%E3%83%AB%E7%BD%B2%E5%90%8D
- https://sehermitage.web.fc2.com/crypto/safety.html