非对称密钥沉思系列 收官篇:证书格式与编码的部分总结

2023-01-04 22:36:15 浏览数 (3)

ASN.1规范

ASN.1 – Abstract Syntax Notation dot one 抽象记法1

数字1被ISO加在ASN的后边,是为了保持ASN的开放性,可以让以后功能更加强大的ASN被命名为ASN.2等,但至今也没有出现。

ASN.1支持的编码规则:

代码语言:txt复制
    基本编码规则(Basic Encoding Rules,BER)
    规范编码规则(Distinguished Encoding Rules,CER)
    识别名编码规则(Generic String Encoding Rules,DER)
    压缩编码规则(Aligned Packed Encoding Rules,PER)
    XML编码规则(XML Encoding Rules,XER)
    Generic String Encoding Rules (GSER)
    JSON Encoding Rules (JER)
    Basic Octet Encoding Rules (OER)
    Unaligned Packed Encoding Rules (UPER)

BER、CER、DER,是ASN.1的三种最常用的编码格式。

CER、DER、CRT、PEM的关系:

  • 所有X.509都是DER编码,DER是指ASN.1的编码规则,.der证书文件一般是二进制文件。
  • CER可用于PKCS#7证书(p7b)的编码,但一般是指证书的文件后缀,.cer证书可以是纯BASE64文件或二进制文件。
  • PEM通常也是指文件的后缀,为内容使用BASE64编码且带头带尾的特定格式,二进制的文件不应该命名为pem。
  • CRT是微软的证书后缀名,和.CER是一回事。 微软的CryptAPI很强大,证书的各种格式都可以识别,比如纯BASE64编码的、标准PEM格式的、非标识PEM格式的(不是64字节换行、没有头尾等)、二进制格式的。

PKCS标准

参考:https://www.cnblogs.com/littleatp/p/7384706.html

PKCS (Public Key Cryptography Standards),定义见维基百科-PKCS

是一套公钥密码学标准,其定义范围涵盖了证书签名、加密算法、填充模式及校验流程等。

常见PKCS标准:

  • PKCS#1 RFC8017,定义了公钥私钥的编码格式(ASN.1编码),包括基础算法及编码/填充模式、签名校验,openssl的默认标准格式
  • PKCS#3 DiffieHellman Key Agreement,定义了DH 密钥交换标准
  • PKCS#5 RFC8018,基于密码的加密标准,定义了PBKDF2算法
  • PKCS#7 RFC2315,定义密钥信息语法标准,PKI体系下的信息签名及加密标准,是S/MIME的一部分
  • PKCS#8 RFC5958,定义私钥信息语法标准,用于描述证书密钥对的通用格式(不限RSA)
  • PKCS#11 定义了密钥 Token接口,常用于单点登录/公钥算法/磁盘加密系统.(硬件加密)
  • PKCS#12 RFC7292,个人信息交换语法标准,定义了私钥和公钥证书的存储方式(支持密码),常用PFX简称,Java Key Store的编码格式。

openssl工具操作RSA公私钥编码示例

使用openssl生成一对RSA密钥:

openssl genrsa -out private_pkcs1.pem 2048

从生成的RSA密钥中提取RSA公钥:

openssl rsa -in private_pkcs1.pem -out public_pkcs1.pem -pubout -RSAPublicKey_out

查看生成的公钥格式(私钥格式类似):

代码语言:txt复制
# 我们得到了一个PKCS#1形式、PEM格式文件的RSA公钥:

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAmCYCfpVpCtnZjlH OVP4sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu9
6bocV2gVSxaLJ b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slBJn8IhX3w
12orJZZTnjDRJlg3FUfoDmmkWe1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQ
a5B6iLfpJ o/dP3g2dsSCjyS5oFqufQ/NJnMzLFDWOpjDs4N VdZgkwe492L3sDf
 aqBYbuvz2iBR/d bAiX4mzHi2SmOETyP43b1 VaVZHCSXS4vY97iU167j1EJqO0
NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPpEwIDAQAB
-----END RSA PUBLIC KEY-----

将PEM格式的密钥转换成DER格式的密钥

openssl rsa -in private_pkcs1.pem -out public_pkcs1.der -pubout -RSAPublicKey_out -outform DER

对public_pkcs1.der进行base64编码:

cat public_pkcs1.der|base64

最终得到:

代码语言:txt复制
MIIBCgKCAQEAmCYCfpVpCtnZjlH OVP4sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaL
J b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmk
We1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ o/dP3g2dsSCjyS5oFqufQ/NJnM
zLFDWOpjDs4N VdZgkwe492L3sDf aqBYbuvz2iBR/d bAiX4mzHi2SmOETyP43b1 VaVZHCSXS4
vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPpEwIDAQAB

结论:PEM就是把DER格式的数据用base64编码后,然后再在头尾加上一段"-----"开始的标记而已。

查看密钥的n、e、d值

openssl rsa -in private_pkcs1.pem -text -noout

最终得到:

代码语言:txt复制
Private-Key: (2048 bit, 2 primes)
modulus:
    00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
    f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
    b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
    15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
    82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
    8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
    2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
    a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
    82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
    90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
    12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
    43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
    8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
    7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
    db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
    7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
    fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
    e9:13
publicExponent: 65537 (0x10001)
privateExponent:
    0c:d7:02:bb:e1:6a:9f:d9:b4:0a:bd:63:43:3d:de:
    67:03:9d:af:cc:32:67:38:65:a1:fc:75:17:66:54:
    8a:45:b5:44:a6:ae:6d:09:83:dc:b8:be:c4:f3:96:
    97:a3:88:4c:a1:dc:93:3f:49:20:d5:59:43:1e:62:
    9e:ef:00:cf:c6:c5:88:4f:45:fc:88:61:fa:2c:84:
    e0:9a:90:d7:40:7a:e8:f2:ac:84:53:7b:a2:d3:d8:
    f8:1b:f9:e4:54:9b:53:86:fb:4c:a6:8f:23:5a:a3:
    2a:c1:a5:01:65:d8:d0:a4:7e:d2:8b:3a:1d:28:c0:
    10:92:cd:f4:2d:79:68:ab:e6:a5:25:d7:00:35:08:
    b5:de:aa:26:12:94:ff:f4:fc:33:52:5f:98:73:49:
    b5:dc:58:dd:ec:07:2b:31:3e:b0:14:d1:30:02:c3:
    be:80:64:80:ca:98:80:d0:42:b5:d6:66:51:ac:92:
    39:3d:3e:22:ae:97:ed:a8:e2:76:54:1c:a3:1c:e1:
    d2:a8:10:30:a7:27:c3:da:3d:14:a0:e8:6f:2b:4e:
    58:6a:07:ae:9d:b7:26:fc:be:92:69:ab:82:5e:7d:
    8f:1f:90:9e:a1:63:e3:1a:c1:0c:29:0f:7c:02:26:
    e4:34:ca:58:62:c7:38:3e:4a:ef:32:ea:4c:b7:21:
    c9
prime1:
    00:c3:a8:bd:69:fe:4e:87:e5:df:2c:73:06:42:fa:
    d7:05:af:14:c6:34:89:1a:50:4d:6f:30:75:3b:9d:
    4f:e2:f6:e9:d3:9a:14:15:06:87:10:db:8a:68:e8:
    68:28:ba:39:d5:0a:16:86:7d:26:eb:47:83:89:85:
    7d:d5:f2:ba:ef:5c:61:fe:eb:82:19:30:5c:f8:e0:
    6b:d5:d7:ae:ec:c4:1b:8f:45:f7:13:3d:2b:53:12:
    af:7b:5a:4d:b3:06:c7:d7:73:1e:fd:e2:78:2f:54:
    15:3d:5e:5e:d1:e7:90:48:69:8e:6e:94:20:91:a2:
    c5:c0:9e:8a:95:61:99:3e:4b
prime2:
    00:c7:12:1b:fc:9e:91:ac:c6:c3:9e:b5:e3:33:63:
    0d:19:67:7a:13:0e:e8:0b:ce:da:6d:eb:85:f7:3e:
    0f:88:cb:b3:59:65:16:6f:ca:b6:d5:00:f0:e3:6b:
    47:76:ab:a5:65:3e:9e:72:24:3c:4b:8b:10:e9:74:
    0c:7c:1d:bd:86:d8:e4:71:93:bd:62:75:ad:9a:91:
    16:88:8b:be:a0:4c:b8:f1:18:b8:4c:42:41:f6:2f:
    dd:55:88:75:e9:26:52:a2:30:5a:af:b7:be:67:da:
    78:c6:2a:17:15:c6:95:0a:ab:04:bf:81:05:97:5a:
    c4:26:45:04:9e:b6:bb:23:59
exponent1:
    23:b1:c0:fc:79:3c:72:66:69:54:7e:97:81:d8:a9:
    29:8c:4b:49:ed:83:a5:9d:48:c3:24:1f:ff:04:2f:
    f2:c4:00:dc:6d:9b:84:4a:70:91:8e:bb:ad:6f:d8:
    b0:b5:68:9f:88:fb:9b:05:71:f8:32:4f:b8:e2:f5:
    95:f6:76:4b:fc:9a:94:1a:fa:dd:05:89:b0:8d:a0:
    9e:9e:7e:77:0b:3f:cb:df:83:b7:aa:cd:20:96:a4:
    14:e8:e0:8b:ec:8c:c0:ad:6b:d5:fd:5e:d7:a3:8b:
    4c:6a:ce:f9:94:39:2a:3c:b7:93:4c:ca:b4:46:f1:
    b4:b6:37:aa:10:e8:18:09
exponent2:
    00:9d:43:1c:22:e4:2d:d6:dd:2a:da:ad:7b:f0:33:
    76:bc:b3:f7:47:29:06:7d:95:8b:0f:3c:f9:97:09:
    4b:02:59:51:b4:f4:5b:d6:32:c1:5e:e2:20:6a:b8:
    6c:3b:3e:7c:29:d0:5f:21:72:a8:c3:50:f8:2a:45:
    08:3b:e0:ce:c1:c1:84:2e:89:75:1a:5c:36:aa:1d:
    a6:3c:76:91:40:57:7b:de:d3:15:7d:00:f6:d5:02:
    99:0a:a2:03:ec:0c:df:48:cb:84:48:be:92:47:be:
    da:9c:49:d1:f4:dc:ed:0f:01:6d:7d:cf:f2:57:d0:
    57:96:97:fd:7f:58:81:db:f9
coefficient:
    00:b0:83:ee:d0:d7:45:a2:80:3e:ac:2d:b6:70:cc:
    0d:70:9d:c7:d6:cf:1e:45:4c:e9:13:d5:ec:28:f6:
    e7:bf:35:a4:fb:c1:01:37:b2:7d:e4:f6:a3:f1:c1:
    36:e5:39:4d:8d:f7:2d:20:55:e2:f9:cb:28:bd:ac:
    91:e2:e0:3b:86:ad:50:b4:91:9e:3b:6b:f5:1f:12:
    94:7a:f9:24:48:2e:f0:ce:d9:0d:3e:83:7a:ff:62:
    d6:81:cd:ce:1b:fa:8b:78:e2:79:8e:60:44:7c:b4:
    1b:fd:26:33:3f:ac:18:19:32:1a:16:e3:16:58:65:
    df:a9:42:87:a8:82:a9:2f:fe

对密钥进行ASN.1解析

openssl asn1parse -in public_pkcs1.pem

openssl asn1parse -in public_pkcs1.der -inform der

公钥DER编码结构:

代码语言:txt复制
    0:d=0  hl=4 l= 266 cons: SEQUENCE          
    4:d=1  hl=4 l= 257 prim: INTEGER           :9826027E95690AD9D98E51FE3953F8B0C31155CC0765C0BF1BFE752560B92D1E460C8A9D68CBBDE9BA1C5768154B168B27E6FC9F176F1BC0AF061B829F7F45E80CDF7336A577A564BB8A8DB320DEDAC941267F08857DF0D76A2B2596539E30D12658371547E80E69A459ED55D5052E1C5791A4E669194C825029C67DF9EAD108CA8EB1FD5820906B907A88B7E927EA3F74FDE0D9DB120A3C92E6816AB9F43F3499CCCCB14358EA630ECE0DF95759824C1EE3DD8BDEC0DFF9AA8161BBAFCF688147F77E6C0897E26CC78B64A63844F23F8DDBD7E55A5591C24974B8BD8F7B894D7AEE3D4426A3B4341FFF15E550C27FFA504D8D7F6A82051CA05675CAB493E913
  265:d=1  hl=2 l=   3 prim: INTEGER           :010001

openssl asn1parse -in private_pkcs1.pem

openssl asn1parse -in private_pkcs1.der -inform der

私钥DER编码结构:

代码语言:txt复制
    0:d=0  hl=4 l=1214 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE          
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim: NULL              
   22:d=1  hl=4 l=1192 prim: OCTET STRING      [HEX DUMP]:308204A402010002820101009826027E95690AD9D98E51FE3953F8B0C31155CC0765C0BF1BFE752560B92D1E460C8A9D68CBBDE9BA1C5768154B168B27E6FC9F176F1BC0AF061B829F7F45E80CDF7336A577A564BB8A8DB320DEDAC941267F08857DF0D76A2B2596539E30D12658371547E80E69A459ED55D5052E1C5791A4E669194C825029C67DF9EAD108CA8EB1FD5820906B907A88B7E927EA3F74FDE0D9DB120A3C92E6816AB9F43F3499CCCCB14358EA630ECE0DF95759824C1EE3DD8BDEC0DFF9AA8161BBAFCF688147F77E6C0897E26CC78B64A63844F23F8DDBD7E55A5591C24974B8BD8F7B894D7AEE3D4426A3B4341FFF15E550C27FFA504D8D7F6A82051CA05675CAB493E9130203010001028201000CD702BBE16A9FD9B40ABD63433DDE67039DAFCC32673865A1FC751766548A45B544A6AE6D0983DCB8BEC4F39697A3884CA1DC933F4920D559431E629EEF00CFC6C5884F45FC8861FA2C84E09A90D7407AE8F2AC84537BA2D3D8F81BF9E4549B5386FB4CA68F235AA32AC1A50165D8D0A47ED28B3A1D28C01092CDF42D7968ABE6A525D7003508B5DEAA261294FFF4FC33525F987349B5DC58DDEC072B313EB014D13002C3BE806480CA9880D042B5D66651AC92393D3E22AE97EDA8E276541CA31CE1D2A81030A727C3DA3D14A0E86F2B4E586A07AE9DB726FCBE9269AB825E7D8F1F909EA163E31AC10C290F7C0226E434CA5862C7383E4AEF32EA4CB721C902818100C3A8BD69FE4E87E5DF2C730642FAD705AF14C634891A504D6F30753B9D4FE2F6E9D39A1415068710DB8A68E86828BA39D50A16867D26EB478389857DD5F2BAEF5C61FEEB8219305CF8E06BD5D7AEECC41B8F45F7133D2B5312AF7B5A4DB306C7D7731EFDE2782F54153D5E5ED1E79048698E6E942091A2C5C09E8A9561993E4B02818100C7121BFC9E91ACC6C39EB5E333630D19677A130EE80BCEDA6DEB85F73E0F88CBB35965166FCAB6D500F0E36B4776ABA5653E9E72243C4B8B10E9740C7C1DBD86D8E47193BD6275AD9A9116888BBEA04CB8F118B84C4241F62FDD558875E92652A2305AAFB7BE67DA78C62A1715C6950AAB04BF8105975AC42645049EB6BB235902818023B1C0FC793C726669547E9781D8A9298C4B49ED83A59D48C3241FFF042FF2C400DC6D9B844A70918EBBAD6FD8B0B5689F88FB9B0571F8324FB8E2F595F6764BFC9A941AFADD0589B08DA09E9E7E770B3FCBDF83B7AACD2096A414E8E08BEC8CC0AD6BD5FD5ED7A38B4C6ACEF994392A3CB7934CCAB446F1B4B637AA10E81809028181009D431C22E42DD6DD2ADAAD7BF03376BCB3F74729067D958B0F3CF997094B025951B4F45BD632C15EE2206AB86C3B3E7C29D05F2172A8C350F82A45083BE0CEC1C1842E89751A5C36AA1DA63C769140577BDED3157D00F6D502990AA203EC0CDF48CB8448BE9247BEDA9C49D1F4DCED0F016D7DCFF257D0579697FD7F5881DBF902818100B083EED0D745A2803EAC2DB670CC0D709DC7D6CF1E454CE913D5EC28F6E7BF35A4FBC10137B27DE4F6A3F1C136E5394D8DF72D2055E2F9CB28BDAC91E2E03B86AD50B4919E3B6BF51F12947AF924482EF0CED90D3E837AFF62D681CDCE1BFA8B78E2798E60447CB41BFD26333FAC1819321A16E3165865DFA94287A882A92FFE

PKCS#8

PKCS#1形式的密钥专指RSA的密钥,ECC的密钥无法用PKCS#1形式来表达。

PKCS#8形式的密钥,既可以表示RSA密钥,又可以表示ECC的密钥。

将pkcs1形式的密钥转换为pkcs8形式

openssl rsa -in private_pkcs1.pem -out public_pkcs8.pem -pubout

查看生成的公钥格式(私钥格式类似):

代码语言:txt复制
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH OVP4
sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ b8nxdvG8CvBhuCn39F
6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUu
HFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ o/dP3g2dsSCjyS5oFqufQ/
NJnMzLFDWOpjDs4N VdZgkwe492L3sDf aqBYbuvz2iBR/d bAiX4mzHi2SmOETy
P43b1 VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPp
EwIDAQAB
-----END PUBLIC KEY-----

私钥由pkcs1转成pkcs8:

openssl pkcs8 -in private_pkcs1.pem -out private_pkcs8.pem -topk8 -nocrypt

代码语言:txt复制
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYJgJ lWkK2dmO
Uf45U/iwwxFVzAdlwL8b/nUlYLktHkYMip1oy73puhxXaBVLFosn5vyfF28bwK8G
G4Kff0XoDN9zNqV3pWS7io2zIN7ayUEmfwiFffDXaislllOeMNEmWDcVR gOaaRZ
7VXVBS4cV5Gk5mkZTIJQKcZ9 erRCMqOsf1YIJBrkHqIt kn6j90/eDZ2xIKPJLm
gWq59D80mczMsUNY6mMOzg35V1mCTB7j3YvewN/5qoFhu6/PaIFH935sCJfibMeL
ZKY4RPI/jdvX5VpVkcJJdLi9j3uJTXruPUQmo7Q0H/8V5VDCf/pQTY1/aoIFHKBW
dcq0k kTAgMBAAECggEADNcCu Fqn9m0Cr1jQz3eZwOdr8wyZzhlofx1F2ZUikW1
RKaubQmD3Li xPOWl6OITKHckz9JINVZQx5inu8Az8bFiE9F/Ihh iyE4JqQ10B6
6PKshFN7otPY Bv55FSbU4b7TKaPI1qjKsGlAWXY0KR 0os6HSjAEJLN9C15aKvm
pSXXADUItd6qJhKU//T8M1JfmHNJtdxY3ewHKzE sBTRMALDvoBkgMqYgNBCtdZm
UaySOT0 Iq6X7ajidlQcoxzh0qgQMKcnw9o9FKDobytOWGoHrp23Jvy kmmrgl59
jx QnqFj4xrBDCkPfAIm5DTKWGLHOD5K7zLqTLchyQKBgQDDqL1p/k6H5d8scwZC
 tcFrxTGNIkaUE1vMHU7nU/i9unTmhQVBocQ24po6GgoujnVChaGfSbrR4OJhX3V
8rrvXGH 64IZMFz44GvV167sxBuPRfcTPStTEq97Wk2zBsfXcx794ngvVBU9Xl7R
55BIaY5ulCCRosXAnoqVYZk SwKBgQDHEhv8npGsxsOeteMzYw0ZZ3oTDugLztpt
64X3Pg Iy7NZZRZvyrbVAPDja0d2q6VlPp5yJDxLixDpdAx8Hb2G2ORxk71ida2a
kRaIi76gTLjxGLhMQkH2L91ViHXpJlKiMFqvt75n2njGKhcVxpUKqwS/gQWXWsQm
RQSetrsjWQKBgCOxwPx5PHJmaVR l4HYqSmMS0ntg6WdSMMkH/8EL/LEANxtm4RK
cJGOu61v2LC1aJ I 5sFcfgyT7ji9ZX2dkv8mpQa t0FibCNoJ6efncLP8vfg7eq
zSCWpBTo4IvsjMCta9X9Xteji0xqzvmUOSo8t5NMyrRG8bS2N6oQ6BgJAoGBAJ1D
HCLkLdbdKtqte/Azdryz90cpBn2Viw88 ZcJSwJZUbT0W9YywV7iIGq4bDs fCnQ
XyFyqMNQ CpFCDvgzsHBhC6JdRpcNqodpjx2kUBXe97TFX0A9tUCmQqiA wM30jL
hEi kke 2pxJ0fTc7Q8BbX3P8lfQV5aX/X9Ygdv5AoGBALCD7tDXRaKAPqwttnDM
DXCdx9bPHkVM6RPV7Cj25781pPvBATeyfeT2o/HBNuU5TY33LSBV4vnLKL2skeLg
O4atULSRnjtr9R8SlHr5JEgu8M7ZDT6Dev9i1oHNzhv6i3jieY5gRHy0G/0mMz s
GBkyGhbjFlhl36lCh6iCqS/ 
-----END PRIVATE KEY-----

pkcs8形式转der形式

openssl rsa -pubin -in public_pkcs8.pem -out public_pkcs8.der -outform DER

代码语言:txt复制
cat public_pkcs8.der|base64

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH OVP4sMMRVcwHZcC/
G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ b8nxdvG8CvBhuCn39F6Azfczald6Vku4qNsyDe2slB
Jn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUuHFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6
iLfpJ o/dP3g2dsSCjyS5oFqufQ/NJnMzLFDWOpjDs4N VdZgkwe492L3sDf aqBYbuvz2iBR/d 
bAiX4mzHi2SmOETyP43b1 VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXK
tJPpEwIDAQAB

查看pkcs8形式的asn1结构

openssl rsa -in public_pkcs8.pem -text -pubin

代码语言:txt复制
Public-Key: (2048 bit)
Modulus:
    00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
    f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
    b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
    15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
    82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
    8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
    2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
    a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
    82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
    90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
    12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
    43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
    8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
    7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
    db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
    7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
    fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
    e9:13
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCYCfpVpCtnZjlH OVP4
sMMRVcwHZcC/G/51JWC5LR5GDIqdaMu96bocV2gVSxaLJ b8nxdvG8CvBhuCn39F
6Azfczald6Vku4qNsyDe2slBJn8IhX3w12orJZZTnjDRJlg3FUfoDmmkWe1V1QUu
HFeRpOZpGUyCUCnGffnq0QjKjrH9WCCQa5B6iLfpJ o/dP3g2dsSCjyS5oFqufQ/
NJnMzLFDWOpjDs4N VdZgkwe492L3sDf aqBYbuvz2iBR/d bAiX4mzHi2SmOETy
P43b1 VaVZHCSXS4vY97iU167j1EJqO0NB//FeVQwn/6UE2Nf2qCBRygVnXKtJPp
EwIDAQAB
-----END PUBLIC KEY-----

openssl rsa -in private_pkcs8.pem -text

代码语言:txt复制
Private-Key: (2048 bit, 2 primes)
modulus:
    00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
    f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
    b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
    15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
    82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
    8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
    2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
    a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
    82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
    90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
    12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
    43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
    8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
    7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
    db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
    7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
    fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
    e9:13
publicExponent: 65537 (0x10001)
privateExponent:
    0c:d7:02:bb:e1:6a:9f:d9:b4:0a:bd:63:43:3d:de:
    67:03:9d:af:cc:32:67:38:65:a1:fc:75:17:66:54:
    8a:45:b5:44:a6:ae:6d:09:83:dc:b8:be:c4:f3:96:
    97:a3:88:4c:a1:dc:93:3f:49:20:d5:59:43:1e:62:
    9e:ef:00:cf:c6:c5:88:4f:45:fc:88:61:fa:2c:84:
    e0:9a:90:d7:40:7a:e8:f2:ac:84:53:7b:a2:d3:d8:
    f8:1b:f9:e4:54:9b:53:86:fb:4c:a6:8f:23:5a:a3:
    2a:c1:a5:01:65:d8:d0:a4:7e:d2:8b:3a:1d:28:c0:
    10:92:cd:f4:2d:79:68:ab:e6:a5:25:d7:00:35:08:
    b5:de:aa:26:12:94:ff:f4:fc:33:52:5f:98:73:49:
    b5:dc:58:dd:ec:07:2b:31:3e:b0:14:d1:30:02:c3:
    be:80:64:80:ca:98:80:d0:42:b5:d6:66:51:ac:92:
    39:3d:3e:22:ae:97:ed:a8:e2:76:54:1c:a3:1c:e1:
    d2:a8:10:30:a7:27:c3:da:3d:14:a0:e8:6f:2b:4e:
    58:6a:07:ae:9d:b7:26:fc:be:92:69:ab:82:5e:7d:
    8f:1f:90:9e:a1:63:e3:1a:c1:0c:29:0f:7c:02:26:
    e4:34:ca:58:62:c7:38:3e:4a:ef:32:ea:4c:b7:21:
    c9
prime1:
    00:c3:a8:bd:69:fe:4e:87:e5:df:2c:73:06:42:fa:
    d7:05:af:14:c6:34:89:1a:50:4d:6f:30:75:3b:9d:
    4f:e2:f6:e9:d3:9a:14:15:06:87:10:db:8a:68:e8:
    68:28:ba:39:d5:0a:16:86:7d:26:eb:47:83:89:85:
    7d:d5:f2:ba:ef:5c:61:fe:eb:82:19:30:5c:f8:e0:
    6b:d5:d7:ae:ec:c4:1b:8f:45:f7:13:3d:2b:53:12:
    af:7b:5a:4d:b3:06:c7:d7:73:1e:fd:e2:78:2f:54:
    15:3d:5e:5e:d1:e7:90:48:69:8e:6e:94:20:91:a2:
    c5:c0:9e:8a:95:61:99:3e:4b
prime2:
    00:c7:12:1b:fc:9e:91:ac:c6:c3:9e:b5:e3:33:63:
    0d:19:67:7a:13:0e:e8:0b:ce:da:6d:eb:85:f7:3e:
    0f:88:cb:b3:59:65:16:6f:ca:b6:d5:00:f0:e3:6b:
    47:76:ab:a5:65:3e:9e:72:24:3c:4b:8b:10:e9:74:
    0c:7c:1d:bd:86:d8:e4:71:93:bd:62:75:ad:9a:91:
    16:88:8b:be:a0:4c:b8:f1:18:b8:4c:42:41:f6:2f:
    dd:55:88:75:e9:26:52:a2:30:5a:af:b7:be:67:da:
    78:c6:2a:17:15:c6:95:0a:ab:04:bf:81:05:97:5a:
    c4:26:45:04:9e:b6:bb:23:59
exponent1:
    23:b1:c0:fc:79:3c:72:66:69:54:7e:97:81:d8:a9:
    29:8c:4b:49:ed:83:a5:9d:48:c3:24:1f:ff:04:2f:
    f2:c4:00:dc:6d:9b:84:4a:70:91:8e:bb:ad:6f:d8:
    b0:b5:68:9f:88:fb:9b:05:71:f8:32:4f:b8:e2:f5:
    95:f6:76:4b:fc:9a:94:1a:fa:dd:05:89:b0:8d:a0:
    9e:9e:7e:77:0b:3f:cb:df:83:b7:aa:cd:20:96:a4:
    14:e8:e0:8b:ec:8c:c0:ad:6b:d5:fd:5e:d7:a3:8b:
    4c:6a:ce:f9:94:39:2a:3c:b7:93:4c:ca:b4:46:f1:
    b4:b6:37:aa:10:e8:18:09
exponent2:
    00:9d:43:1c:22:e4:2d:d6:dd:2a:da:ad:7b:f0:33:
    76:bc:b3:f7:47:29:06:7d:95:8b:0f:3c:f9:97:09:
    4b:02:59:51:b4:f4:5b:d6:32:c1:5e:e2:20:6a:b8:
    6c:3b:3e:7c:29:d0:5f:21:72:a8:c3:50:f8:2a:45:
    08:3b:e0:ce:c1:c1:84:2e:89:75:1a:5c:36:aa:1d:
    a6:3c:76:91:40:57:7b:de:d3:15:7d:00:f6:d5:02:
    99:0a:a2:03:ec:0c:df:48:cb:84:48:be:92:47:be:
    da:9c:49:d1:f4:dc:ed:0f:01:6d:7d:cf:f2:57:d0:
    57:96:97:fd:7f:58:81:db:f9
coefficient:
    00:b0:83:ee:d0:d7:45:a2:80:3e:ac:2d:b6:70:cc:
    0d:70:9d:c7:d6:cf:1e:45:4c:e9:13:d5:ec:28:f6:
    e7:bf:35:a4:fb:c1:01:37:b2:7d:e4:f6:a3:f1:c1:
    36:e5:39:4d:8d:f7:2d:20:55:e2:f9:cb:28:bd:ac:
    91:e2:e0:3b:86:ad:50:b4:91:9e:3b:6b:f5:1f:12:
    94:7a:f9:24:48:2e:f0:ce:d9:0d:3e:83:7a:ff:62:
    d6:81:cd:ce:1b:fa:8b:78:e2:79:8e:60:44:7c:b4:
    1b:fd:26:33:3f:ac:18:19:32:1a:16:e3:16:58:65:
    df:a9:42:87:a8:82:a9:2f:fe
writing RSA key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYJgJ lWkK2dmO
Uf45U/iwwxFVzAdlwL8b/nUlYLktHkYMip1oy73puhxXaBVLFosn5vyfF28bwK8G
G4Kff0XoDN9zNqV3pWS7io2zIN7ayUEmfwiFffDXaislllOeMNEmWDcVR gOaaRZ
7VXVBS4cV5Gk5mkZTIJQKcZ9 erRCMqOsf1YIJBrkHqIt kn6j90/eDZ2xIKPJLm
gWq59D80mczMsUNY6mMOzg35V1mCTB7j3YvewN/5qoFhu6/PaIFH935sCJfibMeL
ZKY4RPI/jdvX5VpVkcJJdLi9j3uJTXruPUQmo7Q0H/8V5VDCf/pQTY1/aoIFHKBW
dcq0k kTAgMBAAECggEADNcCu Fqn9m0Cr1jQz3eZwOdr8wyZzhlofx1F2ZUikW1
RKaubQmD3Li xPOWl6OITKHckz9JINVZQx5inu8Az8bFiE9F/Ihh iyE4JqQ10B6
6PKshFN7otPY Bv55FSbU4b7TKaPI1qjKsGlAWXY0KR 0os6HSjAEJLN9C15aKvm
pSXXADUItd6qJhKU//T8M1JfmHNJtdxY3ewHKzE sBTRMALDvoBkgMqYgNBCtdZm
UaySOT0 Iq6X7ajidlQcoxzh0qgQMKcnw9o9FKDobytOWGoHrp23Jvy kmmrgl59
jx QnqFj4xrBDCkPfAIm5DTKWGLHOD5K7zLqTLchyQKBgQDDqL1p/k6H5d8scwZC
 tcFrxTGNIkaUE1vMHU7nU/i9unTmhQVBocQ24po6GgoujnVChaGfSbrR4OJhX3V
8rrvXGH 64IZMFz44GvV167sxBuPRfcTPStTEq97Wk2zBsfXcx794ngvVBU9Xl7R
55BIaY5ulCCRosXAnoqVYZk SwKBgQDHEhv8npGsxsOeteMzYw0ZZ3oTDugLztpt
64X3Pg Iy7NZZRZvyrbVAPDja0d2q6VlPp5yJDxLixDpdAx8Hb2G2ORxk71ida2a
kRaIi76gTLjxGLhMQkH2L91ViHXpJlKiMFqvt75n2njGKhcVxpUKqwS/gQWXWsQm
RQSetrsjWQKBgCOxwPx5PHJmaVR l4HYqSmMS0ntg6WdSMMkH/8EL/LEANxtm4RK
cJGOu61v2LC1aJ I 5sFcfgyT7ji9ZX2dkv8mpQa t0FibCNoJ6efncLP8vfg7eq
zSCWpBTo4IvsjMCta9X9Xteji0xqzvmUOSo8t5NMyrRG8bS2N6oQ6BgJAoGBAJ1D
HCLkLdbdKtqte/Azdryz90cpBn2Viw88 ZcJSwJZUbT0W9YywV7iIGq4bDs fCnQ
XyFyqMNQ CpFCDvgzsHBhC6JdRpcNqodpjx2kUBXe97TFX0A9tUCmQqiA wM30jL
hEi kke 2pxJ0fTc7Q8BbX3P8lfQV5aX/X9Ygdv5AoGBALCD7tDXRaKAPqwttnDM
DXCdx9bPHkVM6RPV7Cj25781pPvBATeyfeT2o/HBNuU5TY33LSBV4vnLKL2skeLg
O4atULSRnjtr9R8SlHr5JEgu8M7ZDT6Dev9i1oHNzhv6i3jieY5gRHy0G/0mMz s
GBkyGhbjFlhl36lCh6iCqS/ 
-----END PRIVATE KEY-----

X.509证书

生成

代码语言:txt复制
# 生成证书签名请求(CSR)
openssl req -new -key private_pkcs1.pem -out certificate_csr.csr

# 使用上一步的证书签名请求签发证书(PEM / DER)
openssl x509 -req -days 365 -in certificate_csr.csr -signkey private_pkcs1.pem -out certificate.pem
openssl x509 -req -days 365 -in certificate_csr.csr -signkey private_pkcs1.pem -out certificate.der -outform DER
# 输出得到:
Certificate request self-signature ok
subject=C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com

查看证书

代码语言:txt复制
openssl x509 -in certificate.pem -text -noout (不输出文件本身内容)
openssl x509 -in certificate.der -inform DER -text

# 输出:
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            03:2f:56:fc:13:b7:04:02:8d:cf:4a:b5:47:55:04:77:ca:df:fb:0d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com
        Validity
            Not Before: Jul 18 08:10:00 2022 GMT
            Not After : Jul 18 08:10:00 2023 GMT
        Subject: C = CN, ST = GuangDong, L = ShenZhen, O = Bowenwerchen, OU = Bowenerchen, CN = Bowenerchen, emailAddress = bowener_chen@163.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:98:26:02:7e:95:69:0a:d9:d9:8e:51:fe:39:53:
                    f8:b0:c3:11:55:cc:07:65:c0:bf:1b:fe:75:25:60:
                    b9:2d:1e:46:0c:8a:9d:68:cb:bd:e9:ba:1c:57:68:
                    15:4b:16:8b:27:e6:fc:9f:17:6f:1b:c0:af:06:1b:
                    82:9f:7f:45:e8:0c:df:73:36:a5:77:a5:64:bb:8a:
                    8d:b3:20:de:da:c9:41:26:7f:08:85:7d:f0:d7:6a:
                    2b:25:96:53:9e:30:d1:26:58:37:15:47:e8:0e:69:
                    a4:59:ed:55:d5:05:2e:1c:57:91:a4:e6:69:19:4c:
                    82:50:29:c6:7d:f9:ea:d1:08:ca:8e:b1:fd:58:20:
                    90:6b:90:7a:88:b7:e9:27:ea:3f:74:fd:e0:d9:db:
                    12:0a:3c:92:e6:81:6a:b9:f4:3f:34:99:cc:cc:b1:
                    43:58:ea:63:0e:ce:0d:f9:57:59:82:4c:1e:e3:dd:
                    8b:de:c0:df:f9:aa:81:61:bb:af:cf:68:81:47:f7:
                    7e:6c:08:97:e2:6c:c7:8b:64:a6:38:44:f2:3f:8d:
                    db:d7:e5:5a:55:91:c2:49:74:b8:bd:8f:7b:89:4d:
                    7a:ee:3d:44:26:a3:b4:34:1f:ff:15:e5:50:c2:7f:
                    fa:50:4d:8d:7f:6a:82:05:1c:a0:56:75:ca:b4:93:
                    e9:13
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        7f:7a:ce:00:f2:51:7a:37:0b:56:65:da:1c:00:b4:17:6b:73:
        2e:cc:a5:bd:60:77:fc:1f:89:21:c3:6c:b3:69:26:3e:d8:0d:
        e7:5e:57:d3:b3:48:d8:9e:ff:1b:39:d5:6d:f8:1a:a7:47:03:
        2e:25:9a:75:3e:86:32:b3:f4:13:9e:34:a2:b7:3f:16:14:99:
        40:9f:22:bd:5b:c3:b7:7a:13:df:31:30:1e:5e:66:f2:e4:fe:
        70:64:6c:d9:09:04:a6:c8:32:9b:72:46:5b:28:f7:01:d6:ad:
        eb:57:7b:8b:67:f9:07:8e:ac:ee:41:cc:2a:d1:83:cb:d5:61:
        5c:da:a8:d7:79:b6:76:fc:2a:c6:4c:12:bf:0d:77:57:62:f6:
        4e:22:2f:46:44:71:88:6f:1f:b0:b5:12:23:b4:17:28:1a:38:
        2f:7e:21:2f:51:4e:38:cd:c7:3e:9d:78:55:17:e3:ac:bd:83:
        52:09:ff:d1:7a:13:e8:97:0f:0d:0a:64:34:ac:4b:54:5c:89:
        b5:9a:75:25:fb:54:4a:be:31:cb:17:2f:7c:b4:4b:a6:0b:d3:
        a6:c5:fe:fe:81:d4:ec:3c:45:f2:7c:72:76:cb:51:db:1b:04:
        df:7d:06:b5:f8:87:5d:f1:37:22:27:80:f6:f7:88:8b:63:ad:
        e3:d2:47:5f

0 人点赞