RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)
RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)
Format | Name | Description |
---|---|---|
PKCS #7 | Cryptographic Message Syntax Standard | A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b , .p7c |
PKCS #8 | Private-Key Information Syntax Standard. | Used to carry private certificate keypairs (encrypted or unencrypted). |
PKCS #12 | Personal Information Exchange Syntax Standard. | Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft. |
DER | Distinguished Encoding Rules | A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690. |
PEM | Privacy Enhanced Mail | Base64 encoded DER certificates or keys, with additional header and footer lines.
The PEM private key format uses the header and footer lines: The PEM public key format uses the header and footer lines: The PEM certificate uses the header and footer lines: |
RSA Public Key file (PKCS#1)
The RSA Public key PEM file is specific for RSA keys.
It starts and ends with the tags:
- -----BEGIN RSA PUBLIC KEY-----
- BASE64 ENCODED DATA
- -----END RSA PUBLIC KEY-----
Within the base64 encoded data the following DER structure is present:
- RSAPublicKey ::= SEQUENCE {
- modulus INTEGER, -- n
- publicExponent INTEGER -- e
- }
Public Key file (PKCS#8)
Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.
It starts and ends with the tags:
- -----BEGIN PUBLIC KEY-----
- BASE64 ENCODED DATA
- -----END PUBLIC KEY-----
Within the base64 encoded data the following DER structure is present:
- PublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- PublicKey BIT STRING
- }
- AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
- }
So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.
RSA Private Key file (PKCS#1)
The RSA private key PEM file is specific for RSA keys.
It starts and ends with the tags:
- -----BEGIN RSA PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END RSA PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- RSAPrivateKey ::= SEQUENCE {
- version Version,
- modulus INTEGER, -- n
- publicExponent INTEGER, -- e
- privateExponent INTEGER, -- d
- prime1 INTEGER, -- p
- prime2 INTEGER, -- q
- exponent1 INTEGER, -- d mod (p-1)
- exponent2 INTEGER, -- d mod (q-1)
- coefficient INTEGER, -- (inverse of q) mod p
- otherPrimeInfos OtherPrimeInfos OPTIONAL
- }
Private Key file (PKCS#8)
Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.
The unencrypted PKCS#8 encoded data starts and ends with the tags:
- -----BEGIN PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- PrivateKeyInfo ::= SEQUENCE {
- version Version,
- algorithm AlgorithmIdentifier,
- PrivateKey BIT STRING
- }
- AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
- }
So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.
The encrypted PKCS#8 encoded data start and ends with the tags:
- -----BEGIN ENCRYPTED PRIVATE KEY-----
- BASE64 ENCODED DATA
- -----END ENCRYPTED PRIVATE KEY-----
Within the base64 encoded data the following DER structure is present:
- EncryptedPrivateKeyInfo ::= SEQUENCE {
- encryptionAlgorithm EncryptionAlgorithmIdentifier,
- encryptedData EncryptedData
- }
- EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
- EncryptedData ::= OCTET STRING
The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).
RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)的更多相关文章
- mac中使用终端生成RSA私钥和公钥文件
1.打开终端输入:cd Desktop/ //进入桌面 2.OpenSSL //打开 OpenSSL 3.生成私钥pem, 执行命令 genrsa -out rsa_private_ke ...
- 求求你们不要再用 RSA 私钥加密公钥解密了,这非常不安全!
最近经常在网上看到有人说巨硬的 CNG(Cryptography Next Generation 即下一代加密技术) 只提供 RSA 公钥加密私钥解密,没有提供 RSA 私钥加密公钥解密,他们要自己封 ...
- C#.NET RSA 私钥签名 公钥验证签名
C#.NET RSA 私钥签名 公钥验证签名 公钥验签 1.待签名字符串转为byte数组时,一般使用UTF8. 2.将私钥字符串(PKCS8或PKCS1格式)转为C#.NET的RSACryptoSer ...
- openssl mac中使用终端生成RSA私钥和公钥文件
RSA密钥生成命令生成RSA私钥openssl>genrsa -out rsa_private_key.pem 1024生成RSA公钥openssl>rsa -in rsa_private ...
- 银联手机支付(.Net Csharp),3DES加密解密,RSA加密解密,RSA私钥加密公钥解密,.Net RSA 3DES C#
前段时间做的银联支付,折腾了好久,拼凑的一些代码,有需要的朋友可以参考,本人.Net新手,不保证准确性! 这个银联手机支付没有SDK提供,技术支持也没有.Net的,真心不好搞! RSA加解密,这里有个 ...
- OpenSSL-Win32,rsa,私钥,公钥,1024,2048
默认是rsa_private_key1024.pem , PEM格式私钥,C# ,PHP 用. 再生成 pkcs8 格式私钥, JAVA 用. 公钥无格式区分. 1024 的: openssl.exe ...
- 生成 RSA 私钥及公钥
$ openssl # 进入 OpenSSL 程序 OpenSSL> genrsa -out rsa_private_key.pem 1024 # 生成私钥 OpenSSL> pkcs8 ...
- RSA私钥加密公钥解密、各种密钥格式转换
此随笔解决RSA加解密相关的3个问题,详情可以查看源码. 1.公钥加密.私钥解密2.各种格式RSA密钥之间的转换3.不限制加密原文的长度
- 使用mac终端生成RSA私钥和公钥文件
89:~ zhangwenquan$ 89:~ zhangwenquan$ openssl OpenSSL> genrsa -out rsa_private_key.pem 1024 Gener ...
随机推荐
- bzoj 1528 [POI2005]sam-Toy Cars 堆维护+贪心
1528: [POI2005]sam-Toy Cars Time Limit: 5 Sec Memory Limit: 64 MBSubmit: 716 Solved: 306[Submit][S ...
- Qt ------ 获取 wifi 信息
QProcess:可以调用外部进程 netsh wlan show interfaces:可以查看连接哪个wifi netsh wlan show networks:显示所有可用的wifi netsh ...
- Java常量池详解之Integer缓存
一个Java question,求输出结果 public class IntegerTest { public static void main(String[] args) { objPoolT ...
- css之display:inline-block布局--转
css之使用display:inline-block来布局 css之display:inline-block布局 1.解释一下display的几个常用的属性值,inline , block, in ...
- HDU 2588 思维 容斥
求满足$1<=X<=N ,(X,N)>=M$的个数,其中$N, M (2<=N<=1000000000, 1<=M<=N)$. 首先,假定$(x, n)=m$ ...
- 【CODEVS】2800 送外卖
[算法]最短路(floyd)+状态压缩型动态规划 [题解] 经典的TSP问题(货郎担问题):求最小权哈密顿回路(遍历全图点一次且仅一次).本题稍作改动,先说原TSP问题解法:状压DP. 状态用二进制表 ...
- 【BZOJ】4316: 小C的独立集 静态仙人掌
[题意]给定仙人掌图,求最大独立集(选择最大的点集使得点间无连边).n<=50000,m<=60000. [算法]DFS处理仙人掌图 [题解]参考:[BZOJ]1023: [SHOI200 ...
- 【转载】iPhone系统概览
iPhone OS OverviewiPhone系统概览iPhone OS comprises the operating system and technologies that you use t ...
- Node.js的开源博客系统Ghost搭建教程
准备工作 Node.js版本:0.10.x.0.12.x.4.2.x.安装步骤可参考:Node.js环境搭建 Ghost版本:0.7.4:中文集成版(33.6M),中文标准版(3.39M),英文原版( ...
- mysql跨节点join——federated引擎
一. 什么是federated引擎 mysql中的federated类似于oracle中的dblink. federated是一个专门针对远程数据库的实现,一般情况下在本地数据库中建表会在数据库目录中 ...