openssl创建证书

安装

brew install openssl

使用

root@MACdeMBP rem_key # openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Generating a 4096 bit RSA private key
................................................................................................++
.................................++
writing new private key to 'key.pem'
Enter PEM pass phrase:    # 这边输入你要设置的密码，比如123456
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN  # 国家名称
State or Province Name (full name) []:Shanghai  # 省份
Locality Name (eg, city) []:shanghai # 城市
Organization Name (eg, company) []:py # 组织机构
Organizational Unit Name (eg, section) []:py  # 机构部门
Common Name (eg, fully qualified host name) []:*.lw.com # 域名
Email Address []:[email protected] # 邮箱

# 上面操作完成后会在当前目录下生成cert.pem	key.pem两个文件

# 生成pubkey.pem文件
root@MACdeMBP rem_key # openssl x509 -pubkey -noout -in cert.pem > pubkey.pem  
root@MACdeMBP rem_key # ls
cert.pem	key.pem		pubkey.pem
# 生成privkey.pem文件，要输入之前设置的密码
root@MACdeMBP rem_key # openssl rsa -in key.pem -out privkey.pem
Enter pass phrase for key.pem:
writing RSA key

# 文件说明
cert.pem 文件包含证书
pubkey.pem 文件包含从证书提取的公钥
key.pem 文件包含RSA私钥，加密的
privkey.pem 文件包含RSA私钥，非加密的

使用jwt进行加密解密

import jwt

with open('pubkey.pem') as f:
    PUBKEY = f.read()

with open('privkey.pem') as f:
    PRIVKEY = f.read()


def create_token(**data):
    return jwt.encode(data, PRIVKEY, algorithm='RS512')


def read_token(token):
    return jwt.decode(token, PUBKEY, algorithms='RS512')


token = create_token(some='data', inthe='token')
print(token)
# eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoiZGF0YSIsImludGhlIjoidG9rZW4ifQ.WH7pak1eGR7-C_WfHcOma3UpHHQucb5VDR2hcJTaFx80F4ny53ETuIpdWB0tJuW6QvI2F7OBUwJaYzlreV2-e8gUX2mZKoXj99YKmvlOg_mskahLVBmQQwgoIXAqsNiAcHUFG5QeJvN10HLoLVCnvalXyIYI_yEOCU3JXUaSnawKmhgDKA--S0EtGOiV4fxw-S8yGK8W-nLhTwSZqAGpg27fJZcdsv5YaV8LR-ledltqCLEKrYvf-1p28TQLLKHxCFU1cJyYK_zA4jtR_tOa7zrLPaE0iiQpkx16YxoqWEHM4f_nKBIi1Wf9Gvh71DjEdmLOo_4LrXKhsg-OWjoDSc0FoFjJv70GPgF-uBKC-4FmR9N4EzIyAhcDssQuYtJLc0_V0lmd-kw4xjKmNmDSlUIHKyrzm_GnILo23T7BplYeUzDHi1XIwP9qnZuOaN4jkCdfUPDyNouHhFhHb5QypJaWAZIkBIESqTTQeuQVv_K_8CGNPzzNP9AtWrUJjMwen87yNN2X4JbKI_reJblGGTCwhQ5HF5OStpyfGrJwgtKZJVNoE3EQv5RrCxVk6VNUHu33EyDIiN-15FR8PyN6Fc0w-g5_j7TIjGA-ZBnJ_UuDMymuMwUB7sat14Bx7tdQ6sX22fw5xlCH5hx5YJ9viIX8W00N3ePAXaYNXn1VogA


read = read_token(token)
print(read)  # {'some': 'data', 'inthe': 'token'}

-------------------------------------------

个性签名：代码过万，键盘敲烂！！！