将 RSA 私钥导出到 RSAPublicKey 的命令行工具
今天我发现有两种带有PEM格式标头的公钥格式,例如
X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
对应于短标头形式;
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN
cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY
qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF
/8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah
EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1
hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h
pwIDAQAB
-----END PUBLIC KEY-----
和
PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
对应于较长的形式;
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn
+7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId
LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85
fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o
+P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW
3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB
-----END RSA PUBLIC KEY-----
我想验证后一种格式的一些公钥,但是我看不到 openssl 命令行工具显然可以做到这一点。 -pubout 导出第一个格式,pubin 格式拒绝第二个标头;
#openssl rsa -pubin -in rsa.pub -modulus -noout
unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY
关于 openssl 的正确命令是什么,或者是否有一些工具可以从命令行执行此操作,有什么建议吗?
Today I discover that there are 2 public key formats with PEM format headers, eg
X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
which correspond to the short header form;
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN
cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY
qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF
/8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah
EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1
hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h
pwIDAQAB
-----END PUBLIC KEY-----
and
PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
which correspond to the longer form;
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn
+7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId
LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85
fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o
+P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW
3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB
-----END RSA PUBLIC KEY-----
I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;
#openssl rsa -pubin -in rsa.pub -modulus -noout
unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY
Any suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不认为 openssl 命令行程序(rsa)可以读取 PKCS#1 格式。正如此处所解释的区别PKCS#1 和 PKCS#8 格式之间是算法标识符。 RSA 加密的算法标识符是“1.2.840.113549.1.1.1”,其 Base64 版本是“MIIBIjANBgkqhkiG9w0BAQEFAOCAQ8A”,您可以安全地使用 RSA 公钥的 Base64 前缀,并将页眉/页脚从“BEGIN RSA PUBLIC”更改密钥”/“结束 RSA 公钥”到“开始”公钥”/“结束公钥”。
I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".
openssl 命令行程序可以读取 PKCS#1 格式...
如果您使用
它将从 426 字节长的 rsa 公钥生成 451 字节长的公钥。
openssl command line program can read PKCS#1 format...
If you use
It will generate 451 byte long public key from 426 byte long rsa public key.