RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)

2018年03月07日 11:57:22

阅读数:674
Format Name Description
PKCS #7 Cryptographic Message Syntax Standard A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b.p7c
PKCS #8 Private-Key Information Syntax Standard. Used to carry private certificate keypairs (encrypted or unencrypted).
PKCS #12 Personal Information Exchange Syntax Standard. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft.
DER Distinguished Encoding Rules A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690.
PEM Privacy Enhanced Mail Base64 encoded DER certificates or keys, with additional header and footer lines.

The PEM private key format uses the header and footer lines: 
-----BEGIN RSA PRIVATE KEY----- 
-----END RSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines: 
-----BEGIN PUBLIC KEY----- 
-----END PUBLIC KEY-----

The PEM certificate uses the header and footer lines: 
-----BEGIN CERTIFICATE----- 
-----END CERTIFICATE----- 

RSA Public Key file (PKCS#1)

The RSA Public key PEM file is specific for RSA keys.

It starts and ends with the tags:

  1.  
    -----BEGIN RSA PUBLIC KEY-----
  2.  
    BASE64 ENCODED DATA
  3.  
    -----END RSA PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

  1.  
    RSAPublicKey ::= SEQUENCE {
  2.  
    modulus INTEGER, -- n
  3.  
    publicExponent INTEGER -- e
  4.  
    }

Public Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.

It starts and ends with the tags:

  1.  
    -----BEGIN PUBLIC KEY-----
  2.  
    BASE64 ENCODED DATA
  3.  
    -----END PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

  1.  
    PublicKeyInfo ::= SEQUENCE {
  2.  
    algorithm AlgorithmIdentifier,
  3.  
    PublicKey BIT STRING
  4.  
    }
  5.  
     
  6.  
    AlgorithmIdentifier ::= SEQUENCE {
  7.  
    algorithm OBJECT IDENTIFIER,
  8.  
    parameters ANY DEFINED BY algorithm OPTIONAL
  9.  
    }

So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.

RSA Private Key file (PKCS#1)

The RSA private key PEM file is specific for RSA keys.

It starts and ends with the tags:

  1.  
    -----BEGIN RSA PRIVATE KEY-----
  2.  
    BASE64 ENCODED DATA
  3.  
    -----END RSA PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

  1.  
    RSAPrivateKey ::= SEQUENCE {
  2.  
    version Version,
  3.  
    modulus INTEGER, -- n
  4.  
    publicExponent INTEGER, -- e
  5.  
    privateExponent INTEGER, -- d
  6.  
    prime1 INTEGER, -- p
  7.  
    prime2 INTEGER, -- q
  8.  
    exponent1 INTEGER, -- d mod (p-1)
  9.  
    exponent2 INTEGER, -- d mod (q-1)
  10.  
    coefficient INTEGER, -- (inverse of q) mod p
  11.  
    otherPrimeInfos OtherPrimeInfos OPTIONAL
  12.  
    }

Private Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.

The unencrypted PKCS#8 encoded data starts and ends with the tags:

  1.  
    -----BEGIN PRIVATE KEY-----
  2.  
    BASE64 ENCODED DATA
  3.  
    -----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

  1.  
    PrivateKeyInfo ::= SEQUENCE {
  2.  
    version Version,
  3.  
    algorithm AlgorithmIdentifier,
  4.  
    PrivateKey BIT STRING
  5.  
    }
  6.  
     
  7.  
    AlgorithmIdentifier ::= SEQUENCE {
  8.  
    algorithm OBJECT IDENTIFIER,
  9.  
    parameters ANY DEFINED BY algorithm OPTIONAL
  10.  
    }

So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

The encrypted PKCS#8 encoded data start and ends with the tags:

  1.  
    -----BEGIN ENCRYPTED PRIVATE KEY-----
  2.  
    BASE64 ENCODED DATA
  3.  
    -----END ENCRYPTED PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

  1.  
    EncryptedPrivateKeyInfo ::= SEQUENCE {
  2.  
    encryptionAlgorithm EncryptionAlgorithmIdentifier,
  3.  
    encryptedData EncryptedData
  4.  
    }
  5.  
     
  6.  
    EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
  7.  
     
  8.  
    EncryptedData ::= OCTET STRING

The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).

RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)的更多相关文章

  1. mac中使用终端生成RSA私钥和公钥文件

    1.打开终端输入:cd Desktop/   //进入桌面 2.OpenSSL   //打开 OpenSSL 3.生成私钥pem,  执行命令   genrsa -out rsa_private_ke ...

  2. 求求你们不要再用 RSA 私钥加密公钥解密了,这非常不安全!

    最近经常在网上看到有人说巨硬的 CNG(Cryptography Next Generation 即下一代加密技术) 只提供 RSA 公钥加密私钥解密,没有提供 RSA 私钥加密公钥解密,他们要自己封 ...

  3. C#.NET RSA 私钥签名 公钥验证签名

    C#.NET RSA 私钥签名 公钥验证签名 公钥验签 1.待签名字符串转为byte数组时,一般使用UTF8. 2.将私钥字符串(PKCS8或PKCS1格式)转为C#.NET的RSACryptoSer ...

  4. openssl mac中使用终端生成RSA私钥和公钥文件

    RSA密钥生成命令生成RSA私钥openssl>genrsa -out rsa_private_key.pem 1024生成RSA公钥openssl>rsa -in rsa_private ...

  5. 银联手机支付(.Net Csharp),3DES加密解密,RSA加密解密,RSA私钥加密公钥解密,.Net RSA 3DES C#

    前段时间做的银联支付,折腾了好久,拼凑的一些代码,有需要的朋友可以参考,本人.Net新手,不保证准确性! 这个银联手机支付没有SDK提供,技术支持也没有.Net的,真心不好搞! RSA加解密,这里有个 ...

  6. OpenSSL-Win32,rsa,私钥,公钥,1024,2048

    默认是rsa_private_key1024.pem , PEM格式私钥,C# ,PHP 用. 再生成 pkcs8 格式私钥, JAVA 用. 公钥无格式区分. 1024 的: openssl.exe ...

  7. 生成 RSA 私钥及公钥

    $ openssl # 进入 OpenSSL 程序 OpenSSL> genrsa -out rsa_private_key.pem 1024 # 生成私钥 OpenSSL> pkcs8 ...

  8. RSA私钥加密公钥解密、各种密钥格式转换

    此随笔解决RSA加解密相关的3个问题,详情可以查看源码. 1.公钥加密.私钥解密2.各种格式RSA密钥之间的转换3.不限制加密原文的长度

  9. 使用mac终端生成RSA私钥和公钥文件

    89:~ zhangwenquan$ 89:~ zhangwenquan$ openssl OpenSSL> genrsa -out rsa_private_key.pem 1024 Gener ...

随机推荐

  1. 【题解】【LibreOJ Round #6】花团 LOJ 534 时间线段树分治 背包

    Prelude 题目链接:萌萌哒传送门(/≧▽≦)/ Solution 如果完全离线的话,可以直接用时间线段树分治来做,复杂度\(O(qv \log q)\). 现在在线了怎么办呢? 这其实是个假在线 ...

  2. ubuntu 安装部分设置U盘启动系统安装盘操作

    https://jingyan.baidu.com/article/6079ad0ec4925728ff86db02.html 第三种方法适合新机型,在启动时按F10或F11,可直接选择启动模式 -- ...

  3. CF821 D. Okabe and City 图 最短路

    Link 题意:给出$n*m$大小的地图,已有$k$盏灯亮,人从左上角出发,右下角结束,期间必须走路灯点亮的地方,他可以在任意时刻消耗一枚硬币点亮一行或一列灯,他最多同时点亮一行或一列灯,要想点亮别的 ...

  4. Flex布局之box-flex

    box-flex的写法比flex的写法要复杂一些,兼容性的前缀要多带几个,真希望有一天flex布局能够纳入w3c标准啊! <!DOCTYPE html> <html> < ...

  5. HDFS默认副本数为什么是3

    转载自: https://www.cnblogs.com/bugchecker/p/why_three_replications_for_HDFS_in_engineer.html HDFS采用一种称 ...

  6. 关于Http协议、ASP.NET 核心知识(2)

    简介HTTP (对于http协议的描述我前部分有写,但基于保证文档独立完整性的原则,我再写一遍.反正又不花钱.) 这货的学名叫:超文本传输协议 英文名字:(HTTP,HyperText Transfe ...

  7. 33、re的match和search区别?

    1.match()函数只检测RE是不是在string的开始位置匹配,search()会扫描整个string查找匹配:2.也就是说match()只有在0位置匹配成功的话才有返回,如果不是开始位置匹配成功 ...

  8. 可怕的npm蠕虫

    https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8 ...

  9. 小程序_请求封装network

    在utils目录下创建network.js文件封装请求 封装的network.js: //模块一,全局变量 let urlList = { host: 'http://47.106.25.53/', ...

  10. 商城项目(ssm+dubbo+nginx+mysql统合项目)总结(2)

    我不会在这里贴代码和详细步骤什么的,我觉得就算我把它贴出来,你们照着步骤做还是会出很多问题,我推荐你们去看一下黑马的这个视频,我个人感觉很不错,一步一步走下来可以学到很多东西.另外,视频和相关文档的话 ...