非对称密钥沉思系列 收官篇:证书格式与编码的部分总结
原创
ASN.1规范
ASN.1 – Abstract Syntax Notation dot one 抽象记法1
数字1被ISO加在ASN的后边,是为了保持ASN的开放性,可以让以后功能更加强大的ASN被命名为ASN.2等,但至今也没有出现。
ASN.1支持的编码规则:
基本编码规则(Basic Encoding Rules,BER)
规范编码规则(Distinguished Encoding Rules,CER)
识别名编码规则(Generic String Encoding Rules,DER)
压缩编码规则(Aligned Packed Encoding Rules,PER)
XML编码规则(XML Encoding Rules,XER)
Generic String Encoding Rules (GSER)
JSON Encoding Rules (JER)
Basic Octet Encoding Rules (OER)
Unaligned Packed Encoding Rules (UPER)BER、CER、DER,是ASN.1的三种最常用的编码格式。
CER、DER、CRT、PEM的关系:
- 所有X.509都是DER编码,DER是指ASN.1的编码规则,.der证书文件一般是二进制文件。
- CER可用于PKCS#7证书(p7b)的编码,但一般是指证书的文件后缀,.cer证书可以是纯BASE64文件或二进制文件。
- PEM通常也是指文件的后缀,为内容使用BASE64编码且带头带尾的特定格式,二进制的文件不应该命名为pem。
- CRT是微软的证书后缀名,和.CER是一回事。 微软的CryptAPI很强大,证书的各种格式都可以识别,比如纯BASE64编码的、标准PEM格式的、非标识PEM格式的(不是64字节换行、没有头尾等)、二进制格式的。
PKCS标准
参考:https://www.cnblogs.com/littleatp/p/7384706.html
PKCS (Public Key Cryptography Standards),定义见维基百科-PKCS
是一套公钥密码学标准,其定义范围涵盖了证书签名、加密算法、填充模式及校验流程等。
常见PKCS标准:
- PKCS#1 RFC8017,定义了公钥私钥的编码格式(ASN.1编码),包括基础算法及编码/填充模式、签名校验,openssl的默认标准格式
- PKCS#3 DiffieHellman Key Agreement,定义了DH 密钥交换标准
- PKCS#5 RFC8018,基于密码的加密标准,定义了PBKDF2算法
- PKCS#7 RFC2315,定义密钥信息语法标准,PKI体系下的信息签名及加密标准,是S/MIME的一部分
- PKCS#8 RFC5958,定义私钥信息语法标准,用于描述证书密钥对的通用格式(不限RSA)
- PKCS#11 定义了密钥 Token接口,常用于单点登录/公钥算法/磁盘加密系统.(硬件加密)
- PKCS#12 RFC7292,个人信息交换语法标准,定义了私钥和公钥证书的存储方式(支持密码),常用PFX简称,Java Key Store的编码格式。
openssl工具操作RSA公私钥编码示例
使用openssl生成一对RSA密钥:
openssl genrsa -out private_pkcs1.pem 2048
从生成的RSA密钥中提取RSA公钥:
openssl rsa -in private_pkcs1.pem -out public_pkcs1.pem -pubout -RSAPublicKey_out
查看生成的公钥格式(私钥格式类似):
# 我们得到了一个PKCS#1形式、PEM格式文件的RSA公钥:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAmCYCfpVpCtnZjlH+OVP4sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu9
6bocV2gVSxaLJ+b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slBJn8IhX3w
12orJZZTnjDRJlg3FUfoDmmkWe1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQ
a5B6iLfpJ+o/dP3g2dsSCjyS5oFqufQ/NJnMzLFDWOpjDs4N+VdZgkwe492L3sDf
+aqBYbuvz2iBR/d+bAiX4mzHi2SmOETyP43b1+VaVZHCSXS4vY97iU167j1EJqO0
NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPpEwIDAQAB
-----END RSA PUBLIC KEY-----将PEM格式的密钥转换成DER格式的密钥
openssl rsa -in private_pkcs1.pem -out public_pkcs1.der -pubout -RSAPublicKey_out -outform DER
对public_pkcs1.der进行base64编码:
cat public_pkcs1.der|base64
最终得到:
MIIBCgKCAQEAmCYCfpVpCtnZjlH+OVP4sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaL
J+b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmk
We1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ+o/dP3g2dsSCjyS5oFqufQ/NJnM
zLFDWOpjDs4N+VdZgkwe492L3sDf+aqBYbuvz2iBR/d+bAiX4mzHi2SmOETyP43b1+VaVZHCSXS4
vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPpEwIDAQAB结论:PEM就是把DER格式的数据用base64编码后,然后再在头尾加上一段"-----"开始的标记而已。
查看密钥的n、e、d值
openssl rsa -in private_pkcs1.pem -text -noout
最终得到:
Private-Key: (2048 bit, 2 primes)
modulus:
00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
e9:13
publicExponent: 65537 (0x10001)
privateExponent:
0c:d7:02:bb:e1:6a:9f:d9:b4:0a:bd:63:43:3d:de:
67:03:9d:af:cc:32:67:38:65:a1:fc:75:17:66:54:
8a:45:b5:44:a6:ae:6d:09:83:dc:b8:be:c4:f3:96:
97:a3:88:4c:a1:dc:93:3f:49:20:d5:59:43:1e:62:
9e:ef:00:cf:c6:c5:88:4f:45:fc:88:61:fa:2c:84:
e0:9a:90:d7:40:7a:e8:f2:ac:84:53:7b:a2:d3:d8:
f8:1b:f9:e4:54:9b:53:86:fb:4c:a6:8f:23:5a:a3:
2a:c1:a5:01:65:d8:d0:a4:7e:d2:8b:3a:1d:28:c0:
10:92:cd:f4:2d:79:68:ab:e6:a5:25:d7:00:35:08:
b5:de:aa:26:12:94:ff:f4:fc:33:52:5f:98:73:49:
b5:dc:58:dd:ec:07:2b:31:3e:b0:14:d1:30:02:c3:
be:80:64:80:ca:98:80:d0:42:b5:d6:66:51:ac:92:
39:3d:3e:22:ae:97:ed:a8:e2:76:54:1c:a3:1c:e1:
d2:a8:10:30:a7:27:c3:da:3d:14:a0:e8:6f:2b:4e:
58:6a:07:ae:9d:b7:26:fc:be:92:69:ab:82:5e:7d:
8f:1f:90:9e:a1:63:e3:1a:c1:0c:29:0f:7c:02:26:
e4:34:ca:58:62:c7:38:3e:4a:ef:32:ea:4c:b7:21:
c9
prime1:
00:c3:a8:bd:69:fe:4e:87:e5:df:2c:73:06:42:fa:
d7:05:af:14:c6:34:89:1a:50:4d:6f:30:75:3b:9d:
4f:e2:f6:e9:d3:9a:14:15:06:87:10:db:8a:68:e8:
68:28:ba:39:d5:0a:16:86:7d:26:eb:47:83:89:85:
7d:d5:f2:ba:ef:5c:61:fe:eb:82:19:30:5c:f8:e0:
6b:d5:d7:ae:ec:c4:1b:8f:45:f7:13:3d:2b:53:12:
af:7b:5a:4d:b3:06:c7:d7:73:1e:fd:e2:78:2f:54:
15:3d:5e:5e:d1:e7:90:48:69:8e:6e:94:20:91:a2:
c5:c0:9e:8a:95:61:99:3e:4b
prime2:
00:c7:12:1b:fc:9e:91:ac:c6:c3:9e:b5:e3:33:63:
0d:19:67:7a:13:0e:e8:0b:ce:da:6d:eb:85:f7:3e:
0f:88:cb:b3:59:65:16:6f:ca:b6:d5:00:f0:e3:6b:
47:76:ab:a5:65:3e:9e:72:24:3c:4b:8b:10:e9:74:
0c:7c:1d:bd:86:d8:e4:71:93:bd:62:75:ad:9a:91:
16:88:8b:be:a0:4c:b8:f1:18:b8:4c:42:41:f6:2f:
dd:55:88:75:e9:26:52:a2:30:5a:af:b7:be:67:da:
78:c6:2a:17:15:c6:95:0a:ab:04:bf:81:05:97:5a:
c4:26:45:04:9e:b6:bb:23:59
exponent1:
23:b1:c0:fc:79:3c:72:66:69:54:7e:97:81:d8:a9:
29:8c:4b:49:ed:83:a5:9d:48:c3:24:1f:ff:04:2f:
f2:c4:00:dc:6d:9b:84:4a:70:91:8e:bb:ad:6f:d8:
b0:b5:68:9f:88:fb:9b:05:71:f8:32:4f:b8:e2:f5:
95:f6:76:4b:fc:9a:94:1a:fa:dd:05:89:b0:8d:a0:
9e:9e:7e:77:0b:3f:cb:df:83:b7:aa:cd:20:96:a4:
14:e8:e0:8b:ec:8c:c0:ad:6b:d5:fd:5e:d7:a3:8b:
4c:6a:ce:f9:94:39:2a:3c:b7:93:4c:ca:b4:46:f1:
b4:b6:37:aa:10:e8:18:09
exponent2:
00:9d:43:1c:22:e4:2d:d6:dd:2a:da:ad:7b:f0:33:
76:bc:b3:f7:47:29:06:7d:95:8b:0f:3c:f9:97:09:
4b:02:59:51:b4:f4:5b:d6:32:c1:5e:e2:20:6a:b8:
6c:3b:3e:7c:29:d0:5f:21:72:a8:c3:50:f8:2a:45:
08:3b:e0:ce:c1:c1:84:2e:89:75:1a:5c:36:aa:1d:
a6:3c:76:91:40:57:7b:de:d3:15:7d:00:f6:d5:02:
99:0a:a2:03:ec:0c:df:48:cb:84:48:be:92:47:be:
da:9c:49:d1:f4:dc:ed:0f:01:6d:7d:cf:f2:57:d0:
57:96:97:fd:7f:58:81:db:f9
coefficient:
00:b0:83:ee:d0:d7:45:a2:80:3e:ac:2d:b6:70:cc:
0d:70:9d:c7:d6:cf:1e:45:4c:e9:13:d5:ec:28:f6:
e7:bf:35:a4:fb:c1:01:37:b2:7d:e4:f6:a3:f1:c1:
36:e5:39:4d:8d:f7:2d:20:55:e2:f9:cb:28:bd:ac:
91:e2:e0:3b:86:ad:50:b4:91:9e:3b:6b:f5:1f:12:
94:7a:f9:24:48:2e:f0:ce:d9:0d:3e:83:7a:ff:62:
d6:81:cd:ce:1b:fa:8b:78:e2:79:8e:60:44:7c:b4:
1b:fd:26:33:3f:ac:18:19:32:1a:16:e3:16:58:65:
df:a9:42:87:a8:82:a9:2f:fe对密钥进行ASN.1解析
openssl asn1parse -in public_pkcs1.pem
openssl asn1parse -in public_pkcs1.der -inform der
公钥DER编码结构:
0:d=0 hl=4 l= 266 cons: SEQUENCE
4:d=1 hl=4 l= 257 prim: INTEGER :9826027E95690AD9D98E51FE3953F8B0C31155CC0765C0BF1BFE752560B92D1E460C8A9D68CBBDE9BA1C5768154B168B27E6FC9F176F1BC0AF061B829F7F45E80CDF7336A577A564BB8A8DB320DEDAC941267F08857DF0D76A2B2596539E30D12658371547E80E69A459ED55D5052E1C5791A4E669194C825029C67DF9EAD108CA8EB1FD5820906B907A88B7E927EA3F74FDE0D9DB120A3C92E6816AB9F43F3499CCCCB14358EA630ECE0DF95759824C1EE3DD8BDEC0DFF9AA8161BBAFCF688147F77E6C0897E26CC78B64A63844F23F8DDBD7E55A5591C24974B8BD8F7B894D7AEE3D4426A3B4341FFF15E550C27FFA504D8D7F6A82051CA05675CAB493E913
265:d=1 hl=2 l= 3 prim: INTEGER :010001openssl asn1parse -in private_pkcs1.pem
openssl asn1parse -in private_pkcs1.der -inform der
私钥DER编码结构:
0:d=0 hl=4 l=1214 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l=1192 prim: OCTET STRING [HEX DUMP]:308204A402010002820101009826027E95690AD9D98E51FE3953F8B0C31155CC0765C0BF1BFE752560B92D1E460C8A9D68CBBDE9BA1C5768154B168B27E6FC9F176F1BC0AF061B829F7F45E80CDF7336A577A564BB8A8DB320DEDAC941267F08857DF0D76A2B2596539E30D12658371547E80E69A459ED55D5052E1C5791A4E669194C825029C67DF9EAD108CA8EB1FD5820906B907A88B7E927EA3F74FDE0D9DB120A3C92E6816AB9F43F3499CCCCB14358EA630ECE0DF95759824C1EE3DD8BDEC0DFF9AA8161BBAFCF688147F77E6C0897E26CC78B64A63844F23F8DDBD7E55A5591C24974B8BD8F7B894D7AEE3D4426A3B4341FFF15E550C27FFA504D8D7F6A82051CA05675CAB493E9130203010001028201000CD702BBE16A9FD9B40ABD63433DDE67039DAFCC32673865A1FC751766548A45B544A6AE6D0983DCB8BEC4F39697A3884CA1DC933F4920D559431E629EEF00CFC6C5884F45FC8861FA2C84E09A90D7407AE8F2AC84537BA2D3D8F81BF9E4549B5386FB4CA68F235AA32AC1A50165D8D0A47ED28B3A1D28C01092CDF42D7968ABE6A525D7003508B5DEAA261294FFF4FC33525F987349B5DC58DDEC072B313EB014D13002C3BE806480CA9880D042B5D66651AC92393D3E22AE97EDA8E276541CA31CE1D2A81030A727C3DA3D14A0E86F2B4E586A07AE9DB726FCBE9269AB825E7D8F1F909EA163E31AC10C290F7C0226E434CA5862C7383E4AEF32EA4CB721C902818100C3A8BD69FE4E87E5DF2C730642FAD705AF14C634891A504D6F30753B9D4FE2F6E9D39A1415068710DB8A68E86828BA39D50A16867D26EB478389857DD5F2BAEF5C61FEEB8219305CF8E06BD5D7AEECC41B8F45F7133D2B5312AF7B5A4DB306C7D7731EFDE2782F54153D5E5ED1E79048698E6E942091A2C5C09E8A9561993E4B02818100C7121BFC9E91ACC6C39EB5E333630D19677A130EE80BCEDA6DEB85F73E0F88CBB35965166FCAB6D500F0E36B4776ABA5653E9E72243C4B8B10E9740C7C1DBD86D8E47193BD6275AD9A9116888BBEA04CB8F118B84C4241F62FDD558875E92652A2305AAFB7BE67DA78C62A1715C6950AAB04BF8105975AC42645049EB6BB235902818023B1C0FC793C726669547E9781D8A9298C4B49ED83A59D48C3241FFF042FF2C400DC6D9B844A70918EBBAD6FD8B0B5689F88FB9B0571F8324FB8E2F595F6764BFC9A941AFADD0589B08DA09E9E7E770B3FCBDF83B7AACD2096A414E8E08BEC8CC0AD6BD5FD5ED7A38B4C6ACEF994392A3CB7934CCAB446F1B4B637AA10E81809028181009D431C22E42DD6DD2ADAAD7BF03376BCB3F74729067D958B0F3CF997094B025951B4F45BD632C15EE2206AB86C3B3E7C29D05F2172A8C350F82A45083BE0CEC1C1842E89751A5C36AA1DA63C769140577BDED3157D00F6D502990AA203EC0CDF48CB8448BE9247BEDA9C49D1F4DCED0F016D7DCFF257D0579697FD7F5881DBF902818100B083EED0D745A2803EAC2DB670CC0D709DC7D6CF1E454CE913D5EC28F6E7BF35A4FBC10137B27DE4F6A3F1C136E5394D8DF72D2055E2F9CB28BDAC91E2E03B86AD50B4919E3B6BF51F12947AF924482EF0CED90D3E837AFF62D681CDCE1BFA8B78E2798E60447CB41BFD26333FAC1819321A16E3165865DFA94287A882A92FFEPKCS#8
PKCS#1形式的密钥专指RSA的密钥,ECC的密钥无法用PKCS#1形式来表达。
PKCS#8形式的密钥,既可以表示RSA密钥,又可以表示ECC的密钥。
将pkcs1形式的密钥转换为pkcs8形式
openssl rsa -in private_pkcs1.pem -out public_pkcs8.pem -pubout
查看生成的公钥格式(私钥格式类似):
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH+OVP4
sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ+b8nxdvG8CvBhuCn39F
6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUu
HFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ+o/dP3g2dsSCjyS5oFqufQ/
NJnMzLFDWOpjDs4N+VdZgkwe492L3sDf+aqBYbuvz2iBR/d+bAiX4mzHi2SmOETy
P43b1+VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPp
EwIDAQAB
-----END PUBLIC KEY-----私钥由pkcs1转成pkcs8:
openssl pkcs8 -in private_pkcs1.pem -out private_pkcs8.pem -topk8 -nocrypt
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYJgJ+lWkK2dmO
Uf45U/iwwxFVzAdlwL8b/nUlYLktHkYMip1oy73puhxXaBVLFosn5vyfF28bwK8G
G4Kff0XoDN9zNqV3pWS7io2zIN7ayUEmfwiFffDXaislllOeMNEmWDcVR+gOaaRZ
7VXVBS4cV5Gk5mkZTIJQKcZ9+erRCMqOsf1YIJBrkHqIt+kn6j90/eDZ2xIKPJLm
gWq59D80mczMsUNY6mMOzg35V1mCTB7j3YvewN/5qoFhu6/PaIFH935sCJfibMeL
ZKY4RPI/jdvX5VpVkcJJdLi9j3uJTXruPUQmo7Q0H/8V5VDCf/pQTY1/aoIFHKBW
dcq0k+kTAgMBAAECggEADNcCu+Fqn9m0Cr1jQz3eZwOdr8wyZzhlofx1F2ZUikW1
RKaubQmD3Li+xPOWl6OITKHckz9JINVZQx5inu8Az8bFiE9F/Ihh+iyE4JqQ10B6
6PKshFN7otPY+Bv55FSbU4b7TKaPI1qjKsGlAWXY0KR+0os6HSjAEJLN9C15aKvm
pSXXADUItd6qJhKU//T8M1JfmHNJtdxY3ewHKzE+sBTRMALDvoBkgMqYgNBCtdZm
UaySOT0+Iq6X7ajidlQcoxzh0qgQMKcnw9o9FKDobytOWGoHrp23Jvy+kmmrgl59
jx+QnqFj4xrBDCkPfAIm5DTKWGLHOD5K7zLqTLchyQKBgQDDqL1p/k6H5d8scwZC
+tcFrxTGNIkaUE1vMHU7nU/i9unTmhQVBocQ24po6GgoujnVChaGfSbrR4OJhX3V
8rrvXGH+64IZMFz44GvV167sxBuPRfcTPStTEq97Wk2zBsfXcx794ngvVBU9Xl7R
55BIaY5ulCCRosXAnoqVYZk+SwKBgQDHEhv8npGsxsOeteMzYw0ZZ3oTDugLztpt
64X3Pg+Iy7NZZRZvyrbVAPDja0d2q6VlPp5yJDxLixDpdAx8Hb2G2ORxk71ida2a
kRaIi76gTLjxGLhMQkH2L91ViHXpJlKiMFqvt75n2njGKhcVxpUKqwS/gQWXWsQm
RQSetrsjWQKBgCOxwPx5PHJmaVR+l4HYqSmMS0ntg6WdSMMkH/8EL/LEANxtm4RK
cJGOu61v2LC1aJ+I+5sFcfgyT7ji9ZX2dkv8mpQa+t0FibCNoJ6efncLP8vfg7eq
zSCWpBTo4IvsjMCta9X9Xteji0xqzvmUOSo8t5NMyrRG8bS2N6oQ6BgJAoGBAJ1D
HCLkLdbdKtqte/Azdryz90cpBn2Viw88+ZcJSwJZUbT0W9YywV7iIGq4bDs+fCnQ
XyFyqMNQ+CpFCDvgzsHBhC6JdRpcNqodpjx2kUBXe97TFX0A9tUCmQqiA+wM30jL
hEi+kke+2pxJ0fTc7Q8BbX3P8lfQV5aX/X9Ygdv5AoGBALCD7tDXRaKAPqwttnDM
DXCdx9bPHkVM6RPV7Cj25781pPvBATeyfeT2o/HBNuU5TY33LSBV4vnLKL2skeLg
O4atULSRnjtr9R8SlHr5JEgu8M7ZDT6Dev9i1oHNzhv6i3jieY5gRHy0G/0mMz+s
GBkyGhbjFlhl36lCh6iCqS/+
-----END PRIVATE KEY-----pkcs8形式转der形式
openssl rsa -pubin -in public_pkcs8.pem -out public_pkcs8.der -outform DER
cat public_pkcs8.der|base64
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH+OVP4sMMRVcwHZcC/
G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ+b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slB
Jn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6
iLfpJ+o/dP3g2dsSCjyS5oFqufQ/NJnMzLFDWOpjDs4N+VdZgkwe492L3sDf+aqBYbuvz2iBR/d+
bAiX4mzHi2SmOETyP43b1+VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXK
tJPpEwIDAQAB查看pkcs8形式的asn1结构
openssl rsa -in public_pkcs8.pem -text -pubin
Public-Key: (2048 bit)
Modulus:
00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
e9:13
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH+OVP4
sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ+b8nxdvG8CvBhuCn39F
6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUu
HFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ+o/dP3g2dsSCjyS5oFqufQ/
NJnMzLFDWOpjDs4N+VdZgkwe492L3sDf+aqBYbuvz2iBR/d+bAiX4mzHi2SmOETy
P43b1+VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPp
EwIDAQAB
-----END PUBLIC KEY-----openssl rsa -in private_pkcs8.pem -text
Private-Key: (2048 bit, 2 primes)
modulus:
00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
e9:13
publicExponent: 65537 (0x10001)
privateExponent:
0c:d7:02:bb:e1:6a:9f:d9:b4:0a:bd:63:43:3d:de:
67:03:9d:af:cc:32:67:38:65:a1:fc:75:17:66:54:
8a:45:b5:44:a6:ae:6d:09:83:dc:b8:be:c4:f3:96:
97:a3:88:4c:a1:dc:93:3f:49:20:d5:59:43:1e:62:
9e:ef:00:cf:c6:c5:88:4f:45:fc:88:61:fa:2c:84:
e0:9a:90:d7:40:7a:e8:f2:ac:84:53:7b:a2:d3:d8:
f8:1b:f9:e4:54:9b:53:86:fb:4c:a6:8f:23:5a:a3:
2a:c1:a5:01:65:d8:d0:a4:7e:d2:8b:3a:1d:28:c0:
10:92:cd:f4:2d:79:68:ab:e6:a5:25:d7:00:35:08:
b5:de:aa:26:12:94:ff:f4:fc:33:52:5f:98:73:49:
b5:dc:58:dd:ec:07:2b:31:3e:b0:14:d1:30:02:c3:
be:80:64:80:ca:98:80:d0:42:b5:d6:66:51:ac:92:
39:3d:3e:22:ae:97:ed:a8:e2:76:54:1c:a3:1c:e1:
d2:a8:10:30:a7:27:c3:da:3d:14:a0:e8:6f:2b:4e:
58:6a:07:ae:9d:b7:26:fc:be:92:69:ab:82:5e:7d:
8f:1f:90:9e:a1:63:e3:1a:c1:0c:29:0f:7c:02:26:
e4:34:ca:58:62:c7:38:3e:4a:ef:32:ea:4c:b7:21:
c9
prime1:
00:c3:a8:bd:69:fe:4e:87:e5:df:2c:73:06:42:fa:
d7:05:af:14:c6:34:89:1a:50:4d:6f:30:75:3b:9d:
4f:e2:f6:e9:d3:9a:14:15:06:87:10:db:8a:68:e8:
68:28:ba:39:d5:0a:16:86:7d:26:eb:47:83:89:85:
7d:d5:f2:ba:ef:5c:61:fe:eb:82:19:30:5c:f8:e0:
6b:d5:d7:ae:ec:c4:1b:8f:45:f7:13:3d:2b:53:12:
af:7b:5a:4d:b3:06:c7:d7:73:1e:fd:e2:78:2f:54:
15:3d:5e:5e:d1:e7:90:48:69:8e:6e:94:20:91:a2:
c5:c0:9e:8a:95:61:99:3e:4b
prime2:
00:c7:12:1b:fc:9e:91:ac:c6:c3:9e:b5:e3:33:63:
0d:19:67:7a:13:0e:e8:0b:ce:da:6d:eb:85:f7:3e:
0f:88:cb:b3:59:65:16:6f:ca:b6:d5:00:f0:e3:6b:
47:76:ab:a5:65:3e:9e:72:24:3c:4b:8b:10:e9:74:
0c:7c:1d:bd:86:d8:e4:71:93:bd:62:75:ad:9a:91:
16:88:8b:be:a0:4c:b8:f1:18:b8:4c:42:41:f6:2f:
dd:55:88:75:e9:26:52:a2:30:5a:af:b7:be:67:da:
78:c6:2a:17:15:c6:95:0a:ab:04:bf:81:05:97:5a:
c4:26:45:04:9e:b6:bb:23:59
exponent1:
23:b1:c0:fc:79:3c:72:66:69:54:7e:97:81:d8:a9:
29:8c:4b:49:ed:83:a5:9d:48:c3:24:1f:ff:04:2f:
f2:c4:00:dc:6d:9b:84:4a:70:91:8e:bb:ad:6f:d8:
b0:b5:68:9f:88:fb:9b:05:71:f8:32:4f:b8:e2:f5:
95:f6:76:4b:fc:9a:94:1a:fa:dd:05:89:b0:8d:a0:
9e:9e:7e:77:0b:3f:cb:df:83:b7:aa:cd:20:96:a4:
14:e8:e0:8b:ec:8c:c0:ad:6b:d5:fd:5e:d7:a3:8b:
4c:6a:ce:f9:94:39:2a:3c:b7:93:4c:ca:b4:46:f1:
b4:b6:37:aa:10:e8:18:09
exponent2:
00:9d:43:1c:22:e4:2d:d6:dd:2a:da:ad:7b:f0:33:
76:bc:b3:f7:47:29:06:7d:95:8b:0f:3c:f9:97:09:
4b:02:59:51:b4:f4:5b:d6:32:c1:5e:e2:20:6a:b8:
6c:3b:3e:7c:29:d0:5f:21:72:a8:c3:50:f8:2a:45:
08:3b:e0:ce:c1:c1:84:2e:89:75:1a:5c:36:aa:1d:
a6:3c:76:91:40:57:7b:de:d3:15:7d:00:f6:d5:02:
99:0a:a2:03:ec:0c:df:48:cb:84:48:be:92:47:be:
da:9c:49:d1:f4:dc:ed:0f:01:6d:7d:cf:f2:57:d0:
57:96:97:fd:7f:58:81:db:f9
coefficient:
00:b0:83:ee:d0:d7:45:a2:80:3e:ac:2d:b6:70:cc:
0d:70:9d:c7:d6:cf:1e:45:4c:e9:13:d5:ec:28:f6:
e7:bf:35:a4:fb:c1:01:37:b2:7d:e4:f6:a3:f1:c1:
36:e5:39:4d:8d:f7:2d:20:55:e2:f9:cb:28:bd:ac:
91:e2:e0:3b:86:ad:50:b4:91:9e:3b:6b:f5:1f:12:
94:7a:f9:24:48:2e:f0:ce:d9:0d:3e:83:7a:ff:62:
d6:81:cd:ce:1b:fa:8b:78:e2:79:8e:60:44:7c:b4:
1b:fd:26:33:3f:ac:18:19:32:1a:16:e3:16:58:65:
df:a9:42:87:a8:82:a9:2f:fe
writing RSA key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYJgJ+lWkK2dmO
Uf45U/iwwxFVzAdlwL8b/nUlYLktHkYMip1oy73puhxXaBVLFosn5vyfF28bwK8G
G4Kff0XoDN9zNqV3pWS7io2zIN7ayUEmfwiFffDXaislllOeMNEmWDcVR+gOaaRZ
7VXVBS4cV5Gk5mkZTIJQKcZ9+erRCMqOsf1YIJBrkHqIt+kn6j90/eDZ2xIKPJLm
gWq59D80mczMsUNY6mMOzg35V1mCTB7j3YvewN/5qoFhu6/PaIFH935sCJfibMeL
ZKY4RPI/jdvX5VpVkcJJdLi9j3uJTXruPUQmo7Q0H/8V5VDCf/pQTY1/aoIFHKBW
dcq0k+kTAgMBAAECggEADNcCu+Fqn9m0Cr1jQz3eZwOdr8wyZzhlofx1F2ZUikW1
RKaubQmD3Li+xPOWl6OITKHckz9JINVZQx5inu8Az8bFiE9F/Ihh+iyE4JqQ10B6
6PKshFN7otPY+Bv55FSbU4b7TKaPI1qjKsGlAWXY0KR+0os6HSjAEJLN9C15aKvm
pSXXADUItd6qJhKU//T8M1JfmHNJtdxY3ewHKzE+sBTRMALDvoBkgMqYgNBCtdZm
UaySOT0+Iq6X7ajidlQcoxzh0qgQMKcnw9o9FKDobytOWGoHrp23Jvy+kmmrgl59
jx+QnqFj4xrBDCkPfAIm5DTKWGLHOD5K7zLqTLchyQKBgQDDqL1p/k6H5d8scwZC
+tcFrxTGNIkaUE1vMHU7nU/i9unTmhQVBocQ24po6GgoujnVChaGfSbrR4OJhX3V
8rrvXGH+64IZMFz44GvV167sxBuPRfcTPStTEq97Wk2zBsfXcx794ngvVBU9Xl7R
55BIaY5ulCCRosXAnoqVYZk+SwKBgQDHEhv8npGsxsOeteMzYw0ZZ3oTDugLztpt
64X3Pg+Iy7NZZRZvyrbVAPDja0d2q6VlPp5yJDxLixDpdAx8Hb2G2ORxk71ida2a
kRaIi76gTLjxGLhMQkH2L91ViHXpJlKiMFqvt75n2njGKhcVxpUKqwS/gQWXWsQm
RQSetrsjWQKBgCOxwPx5PHJmaVR+l4HYqSmMS0ntg6WdSMMkH/8EL/LEANxtm4RK
cJGOu61v2LC1aJ+I+5sFcfgyT7ji9ZX2dkv8mpQa+t0FibCNoJ6efncLP8vfg7eq
zSCWpBTo4IvsjMCta9X9Xteji0xqzvmUOSo8t5NMyrRG8bS2N6oQ6BgJAoGBAJ1D
HCLkLdbdKtqte/Azdryz90cpBn2Viw88+ZcJSwJZUbT0W9YywV7iIGq4bDs+fCnQ
XyFyqMNQ+CpFCDvgzsHBhC6JdRpcNqodpjx2kUBXe97TFX0A9tUCmQqiA+wM30jL
hEi+kke+2pxJ0fTc7Q8BbX3P8lfQV5aX/X9Ygdv5AoGBALCD7tDXRaKAPqwttnDM
DXCdx9bPHkVM6RPV7Cj25781pPvBATeyfeT2o/HBNuU5TY33LSBV4vnLKL2skeLg
O4atULSRnjtr9R8SlHr5JEgu8M7ZDT6Dev9i1oHNzhv6i3jieY5gRHy0G/0mMz+s
GBkyGhbjFlhl36lCh6iCqS/+
-----END PRIVATE KEY-----X.509证书
生成
# 生成证书签名请求(CSR)
openssl req -new -key private_pkcs1.pem -out certificate_csr.csr
# 使用上一步的证书签名请求签发证书(PEM / DER)
openssl x509 -req -days 365 -in certificate_csr.csr -signkey private_pkcs1.pem -out certificate.pem
openssl x509 -req -days 365 -in certificate_csr.csr -signkey private_pkcs1.pem -out certificate.der -outform DER
# 输出得到:
Certificate request self-signature ok
subject=C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com查看证书
openssl x509 -in certificate.pem -text -noout (不输出文件本身内容)
openssl x509 -in certificate.der -inform DER -text
# 输出:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
03:2f:56:fc:13:b7:04:02:8d:cf:4a:b5:47:55:04:77:ca:df:fb:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com
Validity
Not Before: Jul 18 08:10:00 2022 GMT
Not After : Jul 18 08:10:00 2023 GMT
Subject: C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
e9:13
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7f:7a:ce:00:f2:51:7a:37:0b:56:65:da:1c:00:b4:17:6b:73:
2e:cc:a5:bd:60:77:fc:1f:89:21:c3:6c:b3:69:26:3e:d8:0d:
e7:5e:57:d3:b3:48:d8:9e:ff:1b:39:d5:6d:f8:1a:a7:47:03:
2e:25:9a:75:3e:86:32:b3:f4:13:9e:34:a2:b7:3f:16:14:99:
40:9f:22:bd:5b:c3:b7:7a:13:df:31:30:1e:5e:66:f2:e4:fe:
70:64:6c:d9:09:04:a6:c8:32:9b:72:46:5b:28:f7:01:d6:ad:
eb:57:7b:8b:67:f9:07:8e:ac:ee:41:cc:2a:d1:83:cb:d5:61:
5c:da:a8:d7:79:b6:76:fc:2a:c6:4c:12:bf:0d:77:57:62:f6:
4e:22:2f:46:44:71:88:6f:1f:b0:b5:12:23:b4:17:28:1a:38:
2f:7e:21:2f:51:4e:38:cd:c7:3e:9d:78:55:17:e3:ac:bd:83:
52:09:ff:d1:7a:13:e8:97:0f:0d:0a:64:34:ac:4b:54:5c:89:
b5:9a:75:25:fb:54:4a:be:31:cb:17:2f:7c:b4:4b:a6:0b:d3:
a6:c5:fe:fe:81:d4:ec:3c:45:f2:7c:72:76:cb:51:db:1b:04:
df:7d:06:b5:f8:87:5d:f1:37:22:27:80:f6:f7:88:8b:63:ad:
e3:d2:47:5f原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
密钥管理系统
密钥管理系统(Key Management Service,KMS)是一款安全管理类服务,可以让您轻松创建和管理密钥,保护密钥的保密性、完整性和可用性,满足用户多应用多业务的密钥管理需求,符合合规要求。
腾讯云开发者
