RSAPrivateKey ::= SEQUENCE {
版本 版本,
模数 INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 整数, -- p
prime2 INTEGER, -- q
指数 1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
系数 INTEGER, -- (q 的倒数) mod p
otherPrimeInfos 其他PrimeInfos 可选
}
In most software that generates RSA private keys, including OpenSSL's, the private key is represented as a PKCS#1 RSAPrivatekey object or some variant thereof:
A.1.2 RSA private key syntax
An RSA private key should be represented with the ASN.1 type RSAPrivateKey:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
As you can see, this format has a number of fields including the modulus and public exponent and thus is a strict superset of the information in an RSA public key.
openssl rsa -in private.pem -text -noout | less
modulus - n
privateExponent - d
publicExponent - e
prime1 - p
prime2 - q
exponent1 - d mod (p-1)
exponent2 - d mod (q-1)
coefficient - (q^-1) mod p
# Convert the key from PEM to DER (binary) format
openssl rsa -in private.pem -outform der -out private.der
# Print private.der private key contents as binary stream
xxd -p private.der
# Now compare the output of the above command with output
# of the earlier openssl command that outputs private key
# components. If you stare at both outputs long enough
# you should be able to confirm that all components are
# indeed lurking somewhere in the binary stream
openssl rsa -in private.pem -text -noout | less
My answer below is a bit lengthy, but hopefully it provides some details that are missing in previous answers. I'll start with some related statements and finally answer the initial question.
To encrypt something using RSA algorithm you need modulus and encryption (public) exponent pair (n, e). That's your public key. To decrypt something using RSA algorithm you need modulus and decryption (private) exponent pair (n, d). That's your private key.
To encrypt something using RSA public key you treat your plaintext as a number and raise it to the power of e modulus n:
ciphertext = ( plaintext^e ) mod n
To decrypt something using RSA private key you treat your ciphertext as a number and raise it to the power of d modulus n:
plaintext = ( ciphertext^d ) mod n
To generate private (d,n) key using openssl you can use the following command:
openssl genrsa -out private.pem 1024
To generate public (e,n) key from the private key using openssl you can use the following command:
To dissect the contents of the private.pem private RSA key generated by the openssl command above run the following (output truncated to labels here):
openssl rsa -in private.pem -text -noout | less
modulus - n
privateExponent - d
publicExponent - e
prime1 - p
prime2 - q
exponent1 - d mod (p-1)
exponent2 - d mod (q-1)
coefficient - (q^-1) mod p
Shouldn't private key consist of (n, d) pair only? Why are there 6 extra components? It contains e (public exponent) so that public RSA key can be generated/extracted/derived from the private.pem private RSA key. The rest 5 components are there to speed up the decryption process. It turns out that by pre-computing and storing those 5 values it is possible to speed the RSA decryption by the factor of 4. Decryption will work without those 5 components, but it can be done faster if you have them handy. The speeding up algorithm is based on the Chinese Remainder Theorem.
Yes, private.pem RSA private key actually contains all of those 8 values; none of them are generated on the fly when you run the previous command. Try running the following commands and compare output:
# Convert the key from PEM to DER (binary) format
openssl rsa -in private.pem -outform der -out private.der
# Print private.der private key contents as binary stream
xxd -p private.der
# Now compare the output of the above command with output
# of the earlier openssl command that outputs private key
# components. If you stare at both outputs long enough
# you should be able to confirm that all components are
# indeed lurking somewhere in the binary stream
openssl rsa -in private.pem -text -noout | less
This structure of the RSA private key is recommended by the PKCS#1 v1.5 as an alternative (second) representation. PKCS#1 v2.0 standard excludes e and d exponents from the alternative representation altogether. PKCS#1 v2.1 and v2.2 propose further changes to the alternative representation, by optionally including more CRT-related components.
To see the contents of the public.pem public RSA key run the following (output truncated to labels here):
openssl rsa -in public.pem -text -pubin -noout
Modulus - n
Exponent (public) - e
No surprises here. It's just (n, e) pair, as promised.
Now finally answering the initial question: As was shown above private RSA key generated using openssl contains components of both public and private keys and some more. When you generate/extract/derive public key from the private key, openssl copies two of those components (e,n) into a separate file which becomes your public key.
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
The Public Key is not stored in the PEM file as some people think. The following DER structure is present on the Private Key File:
openssl rsa -text -in mykey.pem
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
So there is enough data to calculate the Public Key (modulus and public exponent), which is what openssl rsa -in mykey.pem -pubout does
here in this code first we are creating RSA key which is private but it has pair of its public key as well so to get your actual public key we simply do this
Randomly pick two random probable primes of the appropriate size (p and q).
Multiply the two primes together to produce the modulus (n).
Pick a public exponent (e).
Do some math with the primes and the public exponent to produce the private exponent (d).
The public key consists of the modulus and the public exponent.
A minimal private key would consist of the modulus and the private exponent. There is no computationally feasible surefire way to go from a known modulus and private exponent to the corresponding public exponent.
However:
Practical private key formats nearly always store more than n and d.
e is normally not picked randomly, one of a handful of well-known values is used. If e is one of the well-known values and you know d then it would be easy to figure out e by trial and error.
So in most practical RSA implementations you can get the public key from the private key. It would be possible to build a RSA based cryptosystem where this was not possible, but it is not the done thing.
openssl genrsa -out private.pem 1024 #generate private key file
openssl rsa -in private.pem -text #view info in the private key file
openssl rsa -in private.pem -pubout -out public.pem #extract public key to file
openssl rsa -in public.pem -pubin -text #view info in the public key file
您将看到该私钥文件包含素数和所有其他信息,而公共文件仅包含模数和公共指数。
The file called "private key" includes much more information than the private key alone, it includes all the data (primes, modulus, exponents, etc..) needed to generate private/public key pair.
And it is very easy to see see this information:
openssl genrsa -out private.pem 1024 #generate private key file
openssl rsa -in private.pem -text #view info in the private key file
openssl rsa -in private.pem -pubout -out public.pem #extract public key to file
openssl rsa -in public.pem -pubin -text #view info in the public key file
You will see that that private key file includes the primes with all other information while the public file includes only the modulus and the public exponent.
Seems to be a common feature of the prevalent asymmetric cryptography; the generation of public/private keys involves generating the private key, which contains the key pair:
The public component is involved in decryption, and keeping it as part of the private key makes decryption faster; it can be removed from the private key and calculated when needed (for decryption), as an alternative or complement to encrypting or protecting the private key with a password/key/phrase. eg.
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
.............+++
..................................................................................................................................................................+++
writing new private key to 'mycert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
If you check there will be a file created by the name : mycert.pem
openssl rsa -in mycert.pem -pubout > mykey.txt
writing RSA key
If you check the same file location a new public key mykey.txt has been created.
发布评论
评论(10)
实际上会产生一个公钥-私钥对。该对存储在生成的
mykey.pem文件中。将提取公钥并将其打印出来。 这里是一个更好地描述这一点的页面链接。
编辑:检查示例部分此处。仅输出私钥的公共部分:
要获取用于 SSH 目的的可用公钥,请使用 ssh-keygen:
will actually produce a public - private key pair. The pair is stored in the generated
mykey.pemfile.will extract the public key and print that out. Here is a link to a page that describes this better.
EDIT: Check the examples section here. To just output the public part of a private key:
To get a usable public key for SSH purposes, use ssh-keygen:
寻找 SSH 公钥的人...
如果您希望提取用于 OpenSSH 的公钥,则需要以稍微不同的方式获取公钥。
此公钥格式与 OpenSSH 兼容。将公钥附加到
remote:~/.ssh/authorized_keys中,您就可以从
SSH-KEYGEN(1)获取文档-y 此选项将读取私有 OpenSSH 格式文件并将 OpenSSH 公钥打印到标准输出。
People looking for SSH public key...
If you're looking to extract the public key for use with OpenSSH, you will need to get the public key a bit differently
This public key format is compatible with OpenSSH. Append the public key to
remote:~/.ssh/authorized_keysand you'll be good to godocs from
SSH-KEYGEN(1)-y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.
在大多数生成 RSA 私钥的软件(包括 OpenSSL)中,私钥表示为 PKCS#1 RSAPrivatekey 对象或其某些变体:
如您所见,此格式具有许多字段,包括模数和公共指数,因此是 RSA 公钥。
In most software that generates RSA private keys, including OpenSSL's, the private key is represented as a PKCS#1 RSAPrivatekey object or some variant thereof:
As you can see, this format has a number of fields including the modulus and public exponent and thus is a strict superset of the information in an RSA public key.
我的下面的答案有点冗长,但希望它提供了以前答案中缺少的一些细节。我将从一些相关的陈述开始,最后回答最初的问题。
要使用 RSA 算法加密某些内容,您需要模数和加密(公共)指数对 (n, e)。那是你的公钥。要使用 RSA 算法解密某些内容,您需要模数和解密(私有)指数对 (n, d)。那是你的私钥。
要使用 RSA 公钥加密某些内容,请将明文视为数字并将其提高到 e 模 n 次方:
要使用 RSA 私钥解密某些内容,您将密文视为数字并将其提高到 d 模 n 次方:
要使用 openssl 生成私钥 (d,n),您可以使用以下命令:
要使用 openssl 从私钥生成公钥 (e,n) 密钥,您可以使用以下命令:
要剖析 private.pem 私钥的内容上面的 openssl 命令生成的 RSA 密钥运行以下命令(此处输出被截断为标签):
私钥不应该仅由 (n, d) 对组成吗?为什么有 6 个额外的组件?它包含 e(公共指数),以便可以从 private.pem 私有 RSA 密钥生成/提取/派生公共 RSA 密钥。其余 5 个组件用于加快解密过程。事实证明,通过预先计算和存储这 5 个值,可以将 RSA 解密速度提高 4 倍。解密无需这 5 个组件即可工作,但如果您手头有它们,解密速度会更快。加速算法基于中国剩余定理。
是的,private.pem RSA 私钥实际上包含所有这 8 个值;当您运行上一个命令时,它们都不是即时生成的。尝试运行以下命令并比较输出:
PKCS#1 v1.5 作为替代(第二)表示。 PKCS#1 v2.0 标准从替代方案中排除 e 和 d 指数完全代表。 PKCS#1 v2.1 和 v2.2 建议对替代表示进行进一步更改,可选择包含更多与 CRT 相关的组件。
要查看 public.pem 公共 RSA 密钥的内容,请运行以下命令(此处的输出被截断为标签):
这里没有什么意外。正如所承诺的,这只是 (n, e) 对。
现在终于回答最初的问题:如上所示,使用 openssl 生成的私钥 RSA 密钥包含公钥和私钥的组件以及更多内容。当您从私钥生成/提取/派生公钥时,openssl 会将其中两个组件 (e,n) 复制到一个单独的文件中,该文件将成为您的公钥。
My answer below is a bit lengthy, but hopefully it provides some details that are missing in previous answers. I'll start with some related statements and finally answer the initial question.
To encrypt something using RSA algorithm you need modulus and encryption (public) exponent pair (n, e). That's your public key. To decrypt something using RSA algorithm you need modulus and decryption (private) exponent pair (n, d). That's your private key.
To encrypt something using RSA public key you treat your plaintext as a number and raise it to the power of e modulus n:
To decrypt something using RSA private key you treat your ciphertext as a number and raise it to the power of d modulus n:
To generate private (d,n) key using openssl you can use the following command:
To generate public (e,n) key from the private key using openssl you can use the following command:
To dissect the contents of the private.pem private RSA key generated by the openssl command above run the following (output truncated to labels here):
Shouldn't private key consist of (n, d) pair only? Why are there 6 extra components? It contains e (public exponent) so that public RSA key can be generated/extracted/derived from the private.pem private RSA key. The rest 5 components are there to speed up the decryption process. It turns out that by pre-computing and storing those 5 values it is possible to speed the RSA decryption by the factor of 4. Decryption will work without those 5 components, but it can be done faster if you have them handy. The speeding up algorithm is based on the Chinese Remainder Theorem.
Yes, private.pem RSA private key actually contains all of those 8 values; none of them are generated on the fly when you run the previous command. Try running the following commands and compare output:
This structure of the RSA private key is recommended by the PKCS#1 v1.5 as an alternative (second) representation. PKCS#1 v2.0 standard excludes e and d exponents from the alternative representation altogether. PKCS#1 v2.1 and v2.2 propose further changes to the alternative representation, by optionally including more CRT-related components.
To see the contents of the public.pem public RSA key run the following (output truncated to labels here):
No surprises here. It's just (n, e) pair, as promised.
Now finally answering the initial question: As was shown above private RSA key generated using openssl contains components of both public and private keys and some more. When you generate/extract/derive public key from the private key, openssl copies two of those components (e,n) into a separate file which becomes your public key.
公钥并不像某些人想象的那样存储在 PEM 文件中。私钥文件中存在以下 DER 结构:
因此有足够的数据来计算公钥(模数和公共指数),这就是 openssl rsa -in mykey.pem -pubout 的作用
The Public Key is not stored in the PEM file as some people think. The following DER structure is present on the Private Key File:
So there is enough data to calculate the Public Key (modulus and public exponent), which is what
openssl rsa -in mykey.pem -puboutdoes在此代码中,我们首先创建 RSA 密钥,该密钥是私有的,但它也有一对公钥,因此为了获取您的实际公钥,我们只需这样做,
希望您能获取更多信息 检查此
here in this code first we are creating RSA key which is private but it has pair of its public key as well so to get your actual public key we simply do this
hope you get it for more info check this
首先快速回顾一下 RSA 密钥生成。
公钥由模数和公共指数组成。
最小私钥将由模数和私有指数组成。没有计算上可行的可靠方法可以从已知模数和私有指数转换为相应的公共指数。
然而:
因此,在大多数实际的 RSA 实现中,您可以从私钥中获取公钥。构建一个基于 RSA 的密码系统是可能的,而这是不可能的,但它还没有完成。
Firstly a quick recap on RSA key generation.
The public key consists of the modulus and the public exponent.
A minimal private key would consist of the modulus and the private exponent. There is no computationally feasible surefire way to go from a known modulus and private exponent to the corresponding public exponent.
However:
So in most practical RSA implementations you can get the public key from the private key. It would be possible to build a RSA based cryptosystem where this was not possible, but it is not the done thing.
称为“私钥”的文件包含的信息比单独的私钥多得多,它包含生成私钥/公钥对所需的所有数据(素数、模数、指数等)。
很容易看到这些信息:
您将看到该私钥文件包含素数和所有其他信息,而公共文件仅包含模数和公共指数。
The file called "private key" includes much more information than the private key alone, it includes all the data (primes, modulus, exponents, etc..) needed to generate private/public key pair.
And it is very easy to see see this information:
You will see that that private key file includes the primes with all other information while the public file includes only the modulus and the public exponent.
似乎是流行的非对称密码学的共同特征;公钥/私钥的生成涉及生成私钥,其中包含密钥对:
然后发布公钥:
或
DSA & EC 加密密钥具有相同的功能:
例如。
然后
或者
公共部分参与解密,将其保留为私钥的一部分使得解密速度更快;它可以从私钥中删除并在需要时计算(用于解密),作为使用密码/密钥/短语加密或保护私钥的替代或补充。例如。
或
您可以将第一个参数“aes-128-cbc”替换为任何其他有效的 openssl 密码名称< /a>
Seems to be a common feature of the prevalent asymmetric cryptography; the generation of public/private keys involves generating the private key, which contains the key pair:
Then publish the public key:
or
DSA & EC crypto keys have same feature:
eg.
Then
or
The public component is involved in decryption, and keeping it as part of the private key makes decryption faster; it can be removed from the private key and calculated when needed (for decryption), as an alternative or complement to encrypting or protecting the private key with a password/key/phrase. eg.
or
You can replace the first argument "aes-128-cbc" with any other valid openssl cipher name
使用以下命令:
openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem如果您检查,将会创建一个名为 : <代码>mycert.pem
openssl rsa -in mycert.pem -pubout > 的文件。 mykey.txt如果您检查同一文件位置,则已创建新的公钥
mykey.txt。Use the following commands:
openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout mycert.pem -out mycert.pemIf you check there will be a file created by the name :
mycert.pemopenssl rsa -in mycert.pem -pubout > mykey.txtIf you check the same file location a new public key
mykey.txthas been created.