今天我发现有两种带有PEM格式标题的公钥格式,例如
X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)对应于短标题形式;
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF /8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1 hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h pwIDAQAB -----END PUBLIC KEY-----和
PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)对应较长的形式;
-----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn +7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85 fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o +P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW 3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB -----END RSA PUBLIC KEY-----我想验证后一种格式的一些公钥,但是我看不出openssl命令行工具显然可以做到这一点。 -pubout导出第一种格式,pubin格式拒绝第二种标题;
#openssl rsa -pubin -in rsa.pub -modulus -noout unable to load Public Key 140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY有关openssl的正确命令是什么的建议,或者是否有一些工具可以从命令行执行此操作?
Today I discover that there are 2 public key formats with PEM format headers, eg
X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)which correspond to the short header form;
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF /8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1 hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h pwIDAQAB -----END PUBLIC KEY-----and
PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)which correspond to the longer form;
-----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn +7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85 fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o +P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW 3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB -----END RSA PUBLIC KEY-----I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;
#openssl rsa -pubin -in rsa.pub -modulus -noout unable to load Public Key 140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEYAny suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?
最满意答案
我不认为openssl命令行程序(rsa)可以读取PKCS#1格式。 如此处所解释的,PKCS#1和PKCS#8格式之间的区别是算法标识符。 RSA加密的算法标识符为“1.2.840.113549.1.1.1”,其Base64版本为“MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A”,您可以安全地使用RSA公钥的Base64作为前缀,并从“BEGIN RSA PUBLIC”更改页眉/页脚KEY“/”END RSA PUBLIC KEY“to”BEGIN PUBLIC KEY“/”END PUBLIC KEY“。
I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".
更多推荐
发布评论