RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)
RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)
Format | Name | Description |
---|---|---|
PKCS #7 | Cryptographic Message Syntax Standard | A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b , .p7c |
PKCS #8 | Private-Key Information Syntax Standard. | Used to carry private certificate keypairs (encrypted or unencrypted). |
PKCS #12 | Personal Information Exchange Syntax Standard. | Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft. |
DER | Distinguished Encoding Rules | A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690. |
PEM | Privacy Enhanced Mail | Base64 encoded DER certificates or keys, with additional header and footer lines.
The PEM private key format uses the header and footer lines: The PEM public key format uses the header and footer lines: The PEM certificate uses the header and footer lines: |
RSA Public Key file (PKCS#1)
The RSA Public key PEM file is specific for RSA keys.
It starts and ends with the tags:
- -----BEGIN RSA PUBLIC KEY-----
- BASE64 ENCODED DATA
- -----END RSA PUBLIC KEY-----
Within the base64 encoded data the following DER structure is present:
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER -- e
- }
Public Key file (PKCS#8)
Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.
It starts and ends with the tags:
- -----BEGIN PUBLIC KEY-----
- BASE64 ENCODED DATA
- -----END PUBLIC KEY-----
Within the base64 encoded data the following DER structure is present:
- PublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- PublicKey BIT STRING
- }
- AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
- }
So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.
RSA Private Key file (PKCS#1)
The RSA private key PEM file is specific for RSA keys.
It starts and ends with the tags:
- -----BEGIN RSA PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END RSA PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- RSAPrivateKey ::= SEQUENCE {
- version Version,
- modulus INTEGER, -- n
- publicExponent INTEGER, -- e
- privateExponent INTEGER, -- d
- prime1 INTEGER, -- p
- prime2 INTEGER, -- q
- exponent1 INTEGER, -- d mod (p-1)
- exponent2 INTEGER, -- d mod (q-1)
- coefficient INTEGER, -- (inverse of q) mod p
- otherPrimeInfos OtherPrimeInfos OPTIONAL
- }
Private Key file (PKCS#8)
Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.
The unencrypted PKCS#8 encoded data starts and ends with the tags:
- -----BEGIN PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- PrivateKeyInfo ::= SEQUENCE {
- version Version,
- algorithm AlgorithmIdentifier,
- PrivateKey BIT STRING
- }
- AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
- }
So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.
The encrypted PKCS#8 encoded data start and ends with the tags:
- -----BEGIN ENCRYPTED PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END ENCRYPTED PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- EncryptedPrivateKeyInfo ::= SEQUENCE {
- encryptionAlgorithm EncryptionAlgorithmIdentifier,
- encryptedData EncryptedData
- }
- EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
- EncryptedData ::= OCTET STRING
The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).
RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)的更多相关文章
- mac中使用终端生成RSA私钥和公钥文件
1.打开终端输入:cd Desktop/ //进入桌面 2.OpenSSL //打开 OpenSSL 3.生成私钥pem, 执行命令 genrsa -out rsa_private_ke ...
- 求求你们不要再用 RSA 私钥加密公钥解密了,这非常不安全!
最近经常在网上看到有人说巨硬的 CNG(Cryptography Next Generation 即下一代加密技术) 只提供 RSA 公钥加密私钥解密,没有提供 RSA 私钥加密公钥解密,他们要自己封 ...
- C#.NET RSA 私钥签名 公钥验证签名
C#.NET RSA 私钥签名 公钥验证签名 公钥验签 1.待签名字符串转为byte数组时,一般使用UTF8. 2.将私钥字符串(PKCS8或PKCS1格式)转为C#.NET的RSACryptoSer ...
- openssl mac中使用终端生成RSA私钥和公钥文件
RSA密钥生成命令生成RSA私钥openssl>genrsa -out rsa_private_key.pem 1024生成RSA公钥openssl>rsa -in rsa_private ...
- 银联手机支付(.Net Csharp),3DES加密解密,RSA加密解密,RSA私钥加密公钥解密,.Net RSA 3DES C#
前段时间做的银联支付,折腾了好久,拼凑的一些代码,有需要的朋友可以参考,本人.Net新手,不保证准确性! 这个银联手机支付没有SDK提供,技术支持也没有.Net的,真心不好搞! RSA加解密,这里有个 ...
- OpenSSL-Win32,rsa,私钥,公钥,1024,2048
默认是rsa_private_key1024.pem , PEM格式私钥,C# ,PHP 用. 再生成 pkcs8 格式私钥, JAVA 用. 公钥无格式区分. 1024 的: openssl.exe ...
- 生成 RSA 私钥及公钥
$ openssl # 进入 OpenSSL 程序 OpenSSL> genrsa -out rsa_private_key.pem 1024 # 生成私钥 OpenSSL> pkcs8 ...
- RSA私钥加密公钥解密、各种密钥格式转换
此随笔解决RSA加解密相关的3个问题,详情可以查看源码. 1.公钥加密.私钥解密2.各种格式RSA密钥之间的转换3.不限制加密原文的长度
- 使用mac终端生成RSA私钥和公钥文件
89:~ zhangwenquan$ 89:~ zhangwenquan$ openssl OpenSSL> genrsa -out rsa_private_key.pem 1024 Gener ...
随机推荐
- OpenResty初涉
关于openresty可参考官方文档: http://openresty.org/cn/download.html 1.这个是什么? 在互联网公司,Nginx可以说是标配组件,但是主要场景还是负载均衡 ...
- 11.UiAutomator 相关JAVA知识
一.封装方法与模块化用例 1.方法: 在JAVA中,方法就好比日常生活中的一个动作,由动作组合成一系列完整的操作. 方法结构: 方法修饰符 方法返回值类型 方法名 { 方法体 } 比如: public ...
- Kubernetes的Endpoints
在之前的博文中,我们演示过如何通过ceph来实现kubernetes的持久存储,以使得像mysql这种有状态服务可以在kubernetes中运行并保存数据.这看起来很美妙,然而在实际的生产环境使用中, ...
- 「Django」rest_framework学习系列-API访问跨域问题
#以中间件方式解决API数据访问跨域问题1.API下新建文件夹下写PY文件a.引入内置类继承: from django.middleware.common import MiddlewareMixin ...
- 「Python」5个开源项目
1-OpenAI universe Universe是一个能在世界上所有的游戏.网站和其他应用中,衡量和训练AI通用智能的软件平台. Universe,AI代理通过称为虚拟网络计算或VNC发送模拟的鼠 ...
- 「Python」_init_理解与学习
Python是面向对象的编程语言,因此我从Class.Instance以及属性(property/attribute)的角度出发解释. _init_根据其英文意思(initialize),用来初始化一 ...
- js返回上一页的实现方法
下面是常用代码: <a href="<a href="javascript :history.back(-1)">返回上一页</a> < ...
- spring boot 使用logback日志系统的详细说明
springboot按照profile进行打印日志 log4j logback slf4j区别? 首先谈到日志,我们可能听过log4j logback slf4j这三个名词,那么它们之间的关系是怎么样 ...
- 面试C++失败
到今天,面试已经整整一周,一个offer没有收到,mmp. 无奈,痛苦,迷茫. 以前活的太安逸,太舒适了. 自以为是,异想天开. 要重新振作起来. 要不断学习,保持强大,未来之路才会越走越宽.
- NYOJ 739 笨蛋难题四 (数学)
题目链接 描述 这些日子笨蛋一直研究股票,经过调研,终于发现xxx公司股票规律,更可喜的是 笨蛋推算出这家公司每天的股价,为了防止别人发现他的秘密.他决定对于这家公司的 股票最多买一次,现在笨蛋已经将 ...