转自:https://tls.mbed.org/kb/cryptography/asn1-key-structures-in-der-and-pem

Introduction

Everybody loves PEM and the very documented ASN.1 structures that are used in saving cryptographic keys and certificates in a portable format. Well.. Everybody would if they would actually be documented. But it is rather a big feat to find what the structure is inside each DER or PEM formatted file.

As we need this information, we will share it here as well, to help others in their quest for knowledge and understanding ;)

ASN.1 and DER encoding

Within the RSA, PKCS#1 and SSL/TLS communities the Distinguished Encoding Rules (DER)encoding of ASN.1 is used to represent keys, certificates and such in a portable format. Although ASN.1 is not the easiest to understand representation formats and brings a lot of complexity, it does have its merits. The certificate or key information is stored in the binary DER for ASN.1 and applications providing RSA, SSL and TLS should handle DER encoding to read in the information.

PEM files

Because DER encoding results in a truly binary representation of the encoded data, a format has been devised for being able to send these in an encoding of printable characters so you can actually mail these things. The format I focus on now is the PEM format.

Most PEM formatted files we will see are generated by OpenSSL when generating or exporting an RSA private or public key and X509 certificates.

In essence PEM files are just base64 encoded versions of the DER encoded data. In order to distinguish from the outside what kind of data is inside the DER encoded string, a header and footer are present around the data. An example of a PEM encoded file is:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMYfnvWtC8Id5bPKae5yXSxQTt
+Zpul6AnnZWfI2TtIarvjHBFUtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL91
4/srnyf6sh9c8Zk04xEOpK1ypvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUI
yQjtQ8mbDOsiLLvh7wIDAQAB
-----END PUBLIC KEY-----

The first and last line indicate the DER format that should be expected inside. The data inside is a base64 encoded version of the DER encoded information.

Formats

So that's all nice and well. But what IS the structure you should expect in each different file? Look below for explanation of different formats.

RSA Public Key file (PKCS#1)

The RSA Public key PEM file is specific for RSA keys.

It starts and ends with the tags:

-----BEGIN RSA PUBLIC KEY-----
BASE64 ENCODED DATA
-----END RSA PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}

Public Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.

It starts and ends with the tags:

-----BEGIN PUBLIC KEY-----
BASE64 ENCODED DATA
-----END PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

PublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
PublicKey BIT STRING
} AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}

So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.

RSA Private Key file (PKCS#1)

The RSA private key PEM file is specific for RSA keys.

It starts and ends with the tags:

-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}

Private Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.

The unencrypted PKCS#8 encoded data starts and ends with the tags:

-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

PrivateKeyInfo ::= SEQUENCE {
version Version,
algorithm AlgorithmIdentifier,
PrivateKey BIT STRING
} AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}

So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

The encrypted PKCS#8 encoded data start and ends with the tags:

-----BEGIN ENCRYPTED PRIVATE KEY-----
BASE64 ENCODED DATA
-----END ENCRYPTED PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData EncryptedData
} EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData ::= OCTET STRING

The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).

ASN.1 key structures in DER and PEM的更多相关文章

  1. JAVA解析各种编码密钥对(DER、PEM、openssh公钥)

    一.DER编码密钥对 先说下DER编码,是因为JCE本身是支持DER编码密钥对的解析的,可以参见PKCS8EncodedKeySpec和X509EncodedKeySpec. DER编码是ASN.1编 ...

  2. ios php RSA 非对称加密解密 der 和pem生成

    ios 使用public_key.der加密 php 使用 private_key.pem解密 openssl req -x509 -out public_key.der -outform der - ...

  3. RSA 格式 - 转载

    转载自 RSA(三) 密钥的格式 https://www.shangyang.me/2017/05/24/encrypt-rsa-keyformat/#%E5%89%8D%E8%A8%80 PEM 和 ...

  4. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  5. .NET Core RSA 指南与增强扩展 RSAExtensions

    一. 前言 RSA 作为最常用的非对称加密算法,在我们的实际使用中还是比较常见的,特别是对接支付十有八九都会遇到,或者是其他需要数据安全的业务场景.在 .NET Framework 以及 .NET C ...

  6. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  7. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  8. 关于x509、crt、cer、key、csr、pem、der、ssl、tls 、openssl等

    关于x509.crt.cer.key.csr.pem.der.ssl.tls .openssl等 TLS:传输层安全协议 Transport Layer Security的缩写 TLS是传输层安全协议 ...

  9. OpenSSL使用2(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12概念说明)(转)

    SSL SSL - Secure Sockets Layer,现在应该叫"TLS",但由于习惯问题,我们还是叫"SSL"比较多.http协议默认情况下是不加密内 ...

随机推荐

  1. UVA1637Double Patience(概率 + 记忆化搜索)

    训练指南P327 题意:36张牌分成9堆, 每堆4张牌.每次拿走某两堆顶部的牌,但需要点数相同.如果出现多种拿法则等概率的随机拿. 如果最后拿完所有的牌则游戏成功,求成功的概率. 开个9维数组表示每一 ...

  2. AngularJS版本下载

    大家可以从下面地址获取AngularJS所以版本: https://code.angularjs.org/

  3. 中国计算机学会CCF推荐国际学术会议

    中国计算机学会推荐国际学术会议 (计算机系统与高性能计算) 一.A类 序号 会议简称 会议全称 出版社 网址 1 ASPLOS Architectural Support for Programmin ...

  4. Python之路【第二十四篇】Python算法排序一

    什么是算法 1.什么是算法 算法(algorithm):就是定义良好的计算过程,他取一个或一组的值为输入,并产生出一个或一组值作为输出.简单来说算法就是一系列的计算步骤,用来将输入数据转化成输出结果. ...

  5. Apache Shiro 学习记录3

    晚上看了教程的第三章....感觉Shiro字符串权限很好用....但是教程举的例子太少了.....而且有些地方讲的不是很清楚....所以我也自己测试了一下....记录一下测试的结果.... (1) * ...

  6. Standard C 语言标准函数库介绍

    全面巩固所知所学,往精通方向迈进! Standard C 语言标准函数库速查 (Cheat Sheet) from:http://ganquan.info/standard-c/function/ C ...

  7. .Net Core 杂记

    在学习.net core的路上,遇到很多坑,慢慢了解了.net core设计理念和设计思想(纯属跟人理解). 再此整理了之前写的一些学习笔记,后续也会把新的学习新的加上. 1..net core 跨平 ...

  8. XUnit - Shared Context between Tests

    原文 单元测试类通常都会有share setup和cleanup的相关代码.xUnit.net根据共享的范围提供了几种share setup和cleanup的方法. Constructor and D ...

  9. leetcode--Different Ways to Add Parentheses

    题目链接:https://leetcode.com/submissions/detail/86532557/ 算法类型:分治法 题目分析:计算表达式的所有结果可能性 代码实现: class Solut ...

  10. 【jQuery】选择器

    jQ提供了很多选择器:(注:$("p").action() action为后续动作) 元素选择器 $("p").action() ; //选取所有p标签 id选 ...