PHP rsa私钥pkcs8加密,Openssl rsa私钥的PKCS#1和PKCS#8格式以及加密和转化

这里主要介绍:

私钥的PKCS#1格式,及PKCS#8格式

格式PKCS#1和PKCS#8之间的互相转化

私钥的加密,解密

PKCS#1 -> PKCS#8

生成PKCS#1私钥

$ openssl genrsa -out rsakey-pkcs1.pem 2048

Generating RSA private key, 2048 bit long modulus

......+++

................................................................................+++

e is 65537 (0x10001)

$ cat rsakey-pkcs1.pem

-----BEGIN RSA PRIVATE KEY-----

MIIEpAIBAAKCAQEAlGO0ftihLRztaQBA9GdRTnhdUudAUHBAQla68jtmGTxNKKLx

pSjy0R+LANfK1jxcPKfBZUF2dAyMP9dds26xvNaH5l0oK3cD3UxrOkRsQkYDKG8A

...

hZzWZ2MRfk5dp18q6owuFBxEl0BDeZ1XJ+jVR88EHDUkPth7zj1Lxi+fBDQ5kx1G

8isoizsPJEgNqRjKIME4x0UMmXkpVrYyKehoroo3Nt6OwGBRxZUsNQ==

-----END RSA PRIVATE KEY-----

pkcs1 -> pkcs8

$ openssl pkcs8 -in rsakey-pkcs1.pem -topk8 -out rsakey-pkcs8.pem -nocrypt

$ cat rsakey-pkcs8.pem

-----BEGIN PRIVATE KEY-----

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCUY7R+2KEtHO1p

AED0Z1FOeF1S50BQcEBCVrryO2YZPE0oovGlKPLRH4sA18rWPFw8p8FlQXZ0DIw/

...

nVcn6NVHzwQcNSQ+2HvOPUvGL58ENDmTHUbyKyiLOw8kSA2pGMogwTjHRQyZeSlW

tjIp6Giuijc23o7AYFHFlSw1

-----END PRIVATE KEY-----

或者

pkcs1 -> encrypted pkcs8

$ openssl pkcs8 -in rsakey-pkcs1.pem -topk8 -out rsakey-pkcs8-enc.pem

Enter Encryption Password: xxxx

Verifying - Enter Encryption Password: xxxx

$ cat rsakey-pkcs8-enc.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIE6TAbBgkqhkiG9w0BBQMwDgQIEPePqNLAC28CAggABIIEyPoOH9NOipfWjHKR

snVrLuiYGqth/7UmI6j0oNxZlAla/ul9YwL+reRKJ3yyqkgvPdhiPd/N1nKdWtZm

...

nAwlffpdL0YbmfuinM4Ei2QzDKGLMKSyYKUY7Vq+m/L07s2YCpQvxro7wxsfA+iV

U1u6LDc05Pq/aH5mlw==

-----END ENCRYPTED PRIVATE KEY-----

PKCS#8 -> PKCS#1

生成PKCS#8私钥

$ openssl genpkey -out rsakey-pkcs8.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048

..........................................................+++

.................................................................+++

$ cat rsakey-pkcs8.pem

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDINFnVgP46hRJj

sy6nqsyG0PfNogjB5mG9E7xCACqMLdmavgOBinuXTfRRsUg5EUqENuDdKLI1tX5U

...

ThDF1ndtMCNfov32kVqC+d4H2VHGC5YUPrqS2cP00fCvSWUumyFYc88R6Mpb3Y/X

HGZuMrWml0IS3FUNkCYgjk0=

-----END PRIVATE KEY-----

pkcs8 -> pkcs1

$ openssl rsa -in rsakey-pkcs8.pem -out rsakey-pkcs1.pem

writing RSA key

$ cat rsakey-pkcs1.pem

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAyDRZ1YD+OoUSY7Mup6rMhtD3zaIIweZhvRO8QgAqjC3Zmr4D

gYp7l030UbFIORFKhDbg3SiyNbV+VAg2RRGPD9CBGFhaLgi8dIABIvZ4vLHpCGvN

...

cCsSfsDCy0ZLYYEuk//ViFNy2BYv2E4QxdZ3bTAjX6L99pFagvneB9lRxguWFD66

ktnD9NHwr0llLpshWHPPEejKW92P1xxmbjK1ppdCEtxVDZAmII5N

-----END RSA PRIVATE KEY-----

加密私钥

生成加密的pkcs#1私钥

$ openssl genrsa -aes256 -passout pass:12345 -out rsakey-pkcs1-enc.pem 2048

$ cat rsakey-pkcs1-enc.pem

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: AES-256-CBC,01A768B630B1CA242ED626CF41721833

554N/AyVlKeRaoUyGrWiYGwZa5yGm8HbZ4M4bMOCoP6+IzTf/6AgoyEGXMaXKsps

ohw977LmshcQq1du5utQ50IYrlAmAJ2kSNeL4FgaM1erX8C2QxA3CHKL6i601gt9

...

cJaGKWnu16H5NPvypuLObrRu1eugxbxIGbp6T6Sb2KkLC/1QyXTbrbA1RBDePANC

XEqiFkmS8wFzGammsd+M3h3jqqPpGtwioeRc0OX0o71P1Me5qyGjqCcdTj0Ouynr

-----END RSA PRIVATE KEY-----

解密pkcs#1私钥

$ openssl rsa -in rsakey-pkcs1-enc.pem -out rsakey-pkcs1.pem

$ cat rsakey-pkcs1.pem

-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEAtgXgvZHfI7Gpl48flLWKHumlSjnzjX+5OJfty8nambMxQEDC

PivjwvaQBsgR2YQTarzSd4LUI6bGiaS+Tnvzqw3lWcU+eWHkbqMHQ5QmbeF+c0M/

...

9huV4op3188Ki07iazgK8R/R1/r9k5vSkbN9Ayn0Ukw1vial1Kh9yzEIJ3/aRgcm

ov9Lx33O/R41TLF3IjRbpDazjtOltc1wadrWKPpKZDLkoB1GtUE=

-----END RSA PRIVATE KEY-----

加密pkcs#1私钥

$ openssl rsa -des -in rsakey-pkcs1.pem -out rsakey-pkcs1-enc.pem

writing RSA key

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

$ cat rsakey-pkcs1-enc.pem

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-CBC,6A8C6BA0B2AAA75B

qA/i2W3cNEP124GhbO7OXrD/mPXuRCJg0+VtMGlQrob0ug+VLRA8C9B+hVeomT5l

a4WbC7t9bFUo8xHzz7ZUiyhe34EjnwOUfmeyEIjgq1cBPypxrSlN4sl5ELiIHj6n

...

7n9taJFawlhBS6K0KZiTkpEIGxMZH0pF8NO9SmCPQGLPxwbZTcjGMqM5ZSli1oCR

BJ9ECgoGlA9mphr3/icwkDvlnG3MvLedHVVJ9/A5qExJXvZtiUT4LA==

-----END RSA PRIVATE KEY-----

生成加密的pkcs#8私钥

$ openssl genpkey -aes256 -pass pass:12345 -out rsakey-pkcs8-enc.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048

$ cat rsakey-pkcs8-enc.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIB6CchEkgyFECAggA

MB0GCWCGSAFlAwQBKgQQbhgxcmrL1rUpIQcqNBTw2wSCBNDg8GNQKR2cVYV7pkKp

...

bfjKrNg5DqWdi5heKLaVJuAfNR7YUmFzvWPEAzHP/OeK8YTo0oCxTvP/ZemIm2CT

6cpk/GibUFP/SuqAZuqfdWlZdw==

-----END ENCRYPTED PRIVATE KEY-----

解密pkcs#8私钥

$ openssl pkcs8 -in rsakey-pkcs8-enc.pem -topk8 -out rsakey-pkcs8.pem -nocrypt

Enter pass phrase for rsakey-pkcs8-enc.pem:

writing RSA key

$ cat rsakey-pkcs8.pem

-----BEGIN PRIVATE KEY-----

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3wXDRsAnUKqwF

aziSfDO+f1cfD13FyVGxMA2zDwwHVnDVUKoHwkYEy1hC0RYnZ6U+9X2E3W1jWFws

...

n7mIrQmVssKxxEARR2MGfLnAyrBGLF+K20o1ZA0r23mdGyJpfu9oISaZYxZmuRhA

/vgGkeXhAhfyHRTDTNOPeolEaMf+dvXNTAgjK52+ZOL3Izmpc6jTr9gzSN8bDxtj

1Bp/sDWNVYXaEWTqAAh78jf4

-----END PRIVATE KEY-----

加密pkcs#8私钥

$ openssl pkcs8 -in rsakey-pkcs8.pem -topk8 -out rsakey-pkcs8-enc.pem

writing RSA key

Enter PEM pass phrase: xxxx

Verifying - Enter PEM pass phrase: xxxx

$ cat rsakey-pkcs8-enc.pem

$ cat rsakey-pkcs8-enc.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIE6TAbBgkqhkiG9w0BBQMwDgQIDI9pUK8qVqoCAggABIIEyBkMIyP4LAfr7HTH

quGki99iPIZg0/BtkWVLuD27IrE943KUcqduVi6L+d7bXwQTF/FWypOc0dAy3pXN

...

Qihd5ljx16OYLt4bjx0axiFsJ0OAYIdIj4uqfkXJl9Ef6HWi9129Bk6Z9k6kzIW3

ta5WWtNfWY28QO/twA==

-----END ENCRYPTED PRIVATE KEY-----

区别PKCS#1和PKCS#8 格式的PEM证书

从前面我们也看到,PEM的头不一样。

PKCS#1

-----BEGIN RSA PRIVATE KEY-----

...

-----END RSA PRIVATE KEY-----

或者,ASN加密格式:

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-CBC,6A8C6BA0B2AAA75B

...

PKCS#8

-----BEGIN PRIVATE KEY-----

...

-----END PRIVATE KEY-----

或者,加密格式:

-----BEGIN ENCRYPTED PRIVATE KEY-----

...

-----END ENCRYPTED PRIVATE KEY-----

补充一点ECC私钥的加解密

生成ECC私钥

$ openssl ecparam -genkey -name secp384r1 | openssl ec -out ecckey.pem

read EC key

writing EC key

$ cat ecckey.pem

-----BEGIN EC PRIVATE KEY-----

MIGkAgEBBDDh4I0soK31L0LK7pD6WKzRAL2FOxK3t1Bc5sWrcio7i5uAt5jVPnwh

EygYkk7tzRSgBwYFK4EEACKhZANiAATFCTpt9qSH3qis9iNEI0C//zxbkiaMvI/z

ryrPSDuhPsSqOMTAaTrGT5c1b9LGTqD/TidaawpWpDCTzmidoHKkxNBzsT9Ba5jE

1YL+/rsT4wA+S9ukP49ISxSngZPTMjQ=

-----END EC PRIVATE KEY-----

加密ECC私钥

$ openssl ec -in ecckey.pem -out ecckey-enc.pem -des

read EC key

writing EC key

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

$ cat ecckey-enc.pem

-----BEGIN EC PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-CBC,4E1E3AF041C16903

mGEnm/HMzqalrl7hz8V1sbb9vaHXdTNizp/PiRvdX4HVCJt7xPXe1jgKSbTmjJtc

gzQbwqznDwEDSIeip42kjFapdzHa+5qGdUjzpj02n9qpmpxYLthjEfE09xDBSLSX

kucXLvMV9vm6r9WX2UBfSWwBPiVh+0V+WZacQZrkh4I5HtrjR/Y5+/8xaoJjcMMl

LhlOWw3fdVYyxPD4gAwoxkUNoHNd0lSf

-----END EC PRIVATE KEY-----

解密ECC私钥

$ openssl ec -in ecckey-enc.pem -out ecckey.pem

read EC key

Enter PEM pass phrase:

writing EC key

$ cat ecckey.pem

-----BEGIN EC PRIVATE KEY-----

MIGkAgEBBDDh4I0soK31L0LK7pD6WKzRAL2FOxK3t1Bc5sWrcio7i5uAt5jVPnwh

EygYkk7tzRSgBwYFK4EEACKhZANiAATFCTpt9qSH3qis9iNEI0C//zxbkiaMvI/z

ryrPSDuhPsSqOMTAaTrGT5c1b9LGTqD/TidaawpWpDCTzmidoHKkxNBzsT9Ba5jE

1YL+/rsT4wA+S9ukP49ISxSngZPTMjQ=

-----END EC PRIVATE KEY-----

生活PKCS#8的ECC私钥

$ openssl genpkey -out ecckey-pkcs8.pem -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve

$ cat ecckey-pkcs8.pem

-----BEGIN PRIVATE KEY-----

MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWdWdnCq3ipdzfGkv

8Kh2BzLf8/wMTsQgHy9DAt/vxxahRANCAAQPp3gs69soKKBkRkYB7eJEhHTukq40

iUucBHb8IzogxztpFNeygzQ7jZE+oNqsOuCBlLt6sLmfXy9Qwf44ov3H

-----END PRIVATE KEY-----

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值