其他文章:
安全系列之——RSA的公钥私钥有多少人能分的清楚?RSA的签名验签与加密解密如何使用公私钥?
一、背景
最近在对接chinapay支付接口。
chinapay会为每个商户号都会提供两个证书文件(cer和pfx),对接时使用chinapay提供的工具jar包,直接读取文件路径,进行请求体的签名、验签、加密、解密。
chinapay提供的jar包工具类需要两个配置文件:
// 该文件是:对方的公钥证书,内部只有公钥信息,用于请求的加密及响应的验签
verify.file=/Users/macuser/Desktop/chinaPay/368_cp_test.cer
// 该文件是:自己的证书,内部有自己的公钥和私钥信息,私钥用于请求的签名和响应的解密
sign.file=/Users/macuser/Desktop/chinaPay/0000XXXXXXX368.pfx
sign.file.password=1XXXXXX1 #解pfx文件需要的秘密
sign.cert.type=PKCS12 #pfx文件的格式 参考信息https://www.chinassl.net/ssltools/convert-ssl.html
这种方式会导致文件难以管理。因此可以将相关的文件解出来,并通过硬编码的形式对请求和响应进行签名/验签/加密/解密相关的操作。
关键是从上面两个文件中获得商户的公钥(用于加密和验签)、自己的私钥(用于解密和签名),即可解决上面的问题。
二、cer和pfx文件内容
368_cp_test.cer
该文件是验签时的对方的公钥证书,不能直接使用,需要通过该公钥证书获得公钥。
wuxiaolong:0000xxxxxxxx368 macuser$ cat /Users/macuser/Desktop/chinaPay/368_cp_test.cer
-----BEGIN CERTIFICATE-----
MIIESTCCAzGgAwIBAgIFEDkZd3MwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMC
Q04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEXMBUGA1UEAxMOQ0ZDQSBURVNUIE9DQTEwHhcNMjAwNjIzMDQzMDM2WhcN
MjUwNjIzMDQzMDM2WjB9MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNU
IENBMREwDwYDVQQLEwhMb2NhbCBSQTEZMBcGA1UECxMQT3JnYW5pemF0aW9uYWwt
MTEpMCcGA1UEAwwgMDUxQDDmlLvniZkwMDAwMDE5MTAyMzYyMDhAWjEyQDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFuZMqk0DU0RiZO2fzjm+8JEkO
2dL+fGe0D1BYfJujQNFdlB+yfl+huCDWos8/eqa3Mm+yBJfyJJqBuzI+rWtcsqNx
2jof2uCcH2XY7PHYmai7b7pzleRXsCXKLYEGLR8LhyRJ2ryvhDhH8NrWiIDHTFfx
Pmj7oqPJyTvr9gJ+JL1Tc/ZZ6Whr3BAhxHQTP5a9VwPHD0NSyZTZk7PcPvNoMCqm
rTRus4fCnYWxrggdHZNNOWJ1kQ90Zx3+HbLmzAv6BScsGW+QXPG/L+P2pJ/POWvQ
nTI7U/Lzy0ehOYImqnmPM09fF/T2o2upCgqwtJ5ycdUt7hXEaqq1xnQXJyHRAgMB
AAGjgfQwgfEwHwYDVR0jBBgwFoAUz3CdYeudfC6498sCQPcJnf4zdIAwSAYDVR0g
BEEwPzA9BghggRyG7yoBATAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2Eu
Y29tLmNuL3VzL3VzLTE0Lmh0bTA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vdWNy
bC5jZmNhLmNvbS5jbi9SU0EvY3JsNzQ3OTQuY3JsMAsGA1UdDwQEAwID6DAdBgNV
HQ4EFgQUGPMS6ST14xhGMMgT5+tjkrd8/zgwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4IBAQBniQ/NMQlR0t2C2GXdDCmRFZMT
vQiU/5RvUhhE9hjFgPqUidBvHDpPXZ2q5FOifQUAFRsxt5xTnuiQaYQ7idTtgw1D
UulvxwbuM6Pjo8dE5xTTU2K8mlzuNxKfaBFxvPWvclLGugTJ8o6OrVY7LGkg12P1
cMunaJ08GJeIEm6GViRACCH+gISqjFZaqLQq+Qkd2hEjIaYbk5y4TT71Tv3FgKvn
Jzdc3uZYpHVpyUT+dh7pJXBF62/z3LVWTMl4d9CY7vfBFCI2bYqQt5pAkK3d80r8
pDI0+TqII+9waJBacw6DTsAk7LWr1r4h0x+ljL+kC38vOktbMxVjsEpND4OP
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxxx368 macuser$
0000xxxxxxxxx368.pfx
该文件是请求方(自己)的数字证书,可以使用相关的本地/在线工具将pfx把文件解出来。
在线解析地址:https://geshi.sslzhengshu.com/
将文件从pkcs12转成pem格式,需要输入上面配置文件中的sign.file.password
在线解析后,会获得一个zip文件,解压后获得三个文件:
0000xxxxxxxxxxx368.cer该文件应该是请求方的公钥0000xxxxxxxxxxx368.key该文件是请求方的私钥,签名会使用,但是不能直接使用ca.crt该文件应该是ca的根证书
三个文件的内容如下:
wuxiaolong:0000xxxxxxxx368 macuser$ ls
0000xxxxxxxx368.cer 0000xxxxxxxx368.key ca.crt
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat ca.crt
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIKGNDz/H99Hd/CxjANBgkqhkiG9w0BAQUFADBZMQswCQYD
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODMwMDMx
NDMzWhcNMzEwNTExMDMxNDMzWjBYMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRcwFQYDVQQDEw5D
RkNBIFRFU1QgT0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiL
J/BrdvHSbXNfLIMTwUg9tDtVjMRGXOl6aZnu9IpxjI5SMUJ4hVwgJnmbTokxs6GF
IXKsCLSm5H1jHLI22ysc/ltByEybLWj5jjJuC9+Uknbl3/Ls1RBG6MogUCqZckuo
hKrf5DmlV3C/jVLxGn3pUeanvmqVUi4TKpXxgm5QqKSPF8VtQY4qCpNcQwwZqbMr
D+IfJtfpGAeVrP+Kg6i1t65seeEnVSaLhqpRUDU0PTblOuUv3OhiKJWA3cYWxUrg
7U7SIHNJLSEUWmjy4mKty+g7Cnjzt29F9qXFb6oB2mR8yt4GHCilw1Rc5RBXY63H
eTuOwdtGE3M2p7Q++OECAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR03sWNCn0QGqpp
g1tNIc6Gm8xxODAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6
Ly8yMTAuNzQuNDIuMy90ZXN0cmNhL1JTQS9jcmwxLmNybDALBgNVHQ8EBAMCAQYw
HQYDVR0OBBYEFM9wnWHrnXwuuPfLAkD3CZ3+M3SAMA0GCSqGSIb3DQEBBQUAA4IB
AQC0JOazrbkk0XMxMMeBCc3lgBId1RjQLgWUZ7zaUISpPstGIrE5A9aB6Ppq0Sxl
pt2gkFhPEKUqgOFN1CzCDEbP3n4H0chqK1DOMrgTCD8ID5UW+ECTYNe35rZ+1JiF
lOPEhFL3pv6XSkiKTfDnjum8+wFwUBGlfoWK1Hcx0P2Hk1jcZZKwGTx1IAkesF83
pufhxHE2Ur7W4d4tfp+eC7XXcA91pdd+VUrAfkj9eKHcDEYZz66HvHzmt6rtJVBa
pwrtCi9pW3rcm8c/1jSnEETZIaokai0fD7260h/LkD/GrNCibSWxFj1CqyP9Y5Yv
cj6aA5LnUcJYeNkrQ3V4XvVc
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIKUhN+zB19hbc65jANBgkqhkiG9w0BAQUFADBZMQswCQYD
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODI5MDUw
MTI5WhcNMzIwODI5MDUwMTI5WjBZMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRgwFgYDVQQDEw9D
RkNBIFRFU1QgQ1MgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
rMJGruH6rOBPFxUI7T1ybydSRRtOM1xvkVjQNX0qmYir8feE6Tb0ctgtKR7a20DI
YCj9kZ5ANBQqjRcj3Soq9XH3cirqhYHJ723OKyTpS0RPQ0N6vtVt3P5JQ+ztjWHd
qIbbTOQ6O024TGTiqi6uHgMuz9/OVur81X3a5YVkK7jFeZ9o8cTcvQxD853/1sgZ
QcmR9aUSw0RXH4XFLTrn7n4QSfWKiNotlD8Ag5gS1pH9ONUb6nGkMn3gh1xfJqjm
ONMSknPXTGiNpXtqvYi8oIvByVCbUDO59IwPP1r1SYyE3P8Nr7DdQRu0KQSdXLoG
iugSR3fn+toObVAQmplDAgMBAAGjXTBbMB8GA1UdIwQYMBaAFHTexY0KfRAaqmmD
W00hzoabzHE4MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR0
3sWNCn0QGqppg1tNIc6Gm8xxODANBgkqhkiG9w0BAQUFAAOCAQEAM0eTkM35D4hj
RlGC63wY0h++wVPUvOrObqAVBbzEEQ7ScBienmeY8Q6lWMUTXM9ALibZklpJPcJv
3ntht7LL6ztd4wdX7E9RzZCQnRvbL9A/BU3NxWdeSpCg/OyPod5oCKP+6Uc7kApi
F9OtYNWnt3l2Zp/NiedzEQD8H4qEWQLAq+0dFo5BkfVhb/jPcktndpfPOuH1IMhP
tVcvo6jpFHw4U/nP2Jv59osIE97KJz/SPt2JAYnZOlIDqWwp9/Afvt0/MDr8y0PK
Q9c6eqIzBx7a9LpUTUl5u1jS+xSDZ/KF2lXnjwaFp7jICLWEMlBstCoogi7KwH9A
LpJP7/dj9g==
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat 0000xxxxxxxx368.cer
-----BEGIN CERTIFICATE-----
MIIESzCCAzOgAwIBAgIFEEODQ2EwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMC
Q04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEXMBUGA1UEAxMOQ0ZDQSBURVNUIE9DQTEwHhcNMjEwMzI2MDczMjI3WhcN
MjYwMzI2MDczMjI3WjB/MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNU
IENBMREwDwYDVQQLEwhMb2NhbCBSQTEZMBcGA1UECxMQT3JnYW5pemF0aW9uYWwt
MTErMCkGA1UEAxQiMDUxQDBvcGVyYXRvcjAwMDA5MjEwMjA4OTM2OEBaMTFAMTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOVRegsltF3PzqYN9nXRUGn
kUYCReqbhCkFT6t7NAvgbwbeJdf7Me8q5Cqp7XAbIlBQcGslaq94Hi9Vf0paKC+k
67eok1+SSspP+6eEA8Xr6atUgYUyyIJibYyNk2xXEiV3xaQjayhFSXcf39/MrM7x
mh1NsPZS8cALATsyJB2tP578zRNt42TY4VSevqaO4OVfW2AuZ/o9NK+Kza0KEQqJ
Zi7S/1hqSR9d++gXcWgWSK7Wus1owiKPMXVrDccPK0nVxquabccrc67c/lZsTvP/
N//7NgXCbQVcSQvP01TmpaoYknqp9zWJxvQzzlcxtq9oehiK9rUwR0PVxz9nxo0C
AwEAAaOB9DCB8TAfBgNVHSMEGDAWgBTPcJ1h6518Lrj3ywJA9wmd/jN0gDBIBgNV
HSAEQTA/MD0GCGCBHIbvKgEBMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2Zj
YS5jb20uY24vdXMvdXMtMTQuaHRtMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly91
Y3JsLmNmY2EuY29tLmNuL1JTQS9jcmw3ODA5Ny5jcmwwCwYDVR0PBAQDAgPoMB0G
A1UdDgQWBBSvR795UlR6Yh1z2gQYGGFQa8++nzAdBgNVHSUEFjAUBggrBgEFBQcD
AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBAGUxZGTIdPfcF+if+jj+tiJG
LjwgkE3lcnpiwVYbvxPlnl6CBwXvPN2od7M3MEQHXQMn8UAr2b0CCmmc/6Rt/oGc
5TTq+8Ee2w+Qc/1sIMo6p3FM7VXN0GmVwewKIQOQ1NgQ+PbOW745/QmJH6ebFZQ9
sh9W4im/jQQbuxPTi5w7dHNwMKduT0uF5V5oo9ROnYbGLKBipV8tWaPkXj9np0bf
RLs0BrZNHfl0aE1LqB6RpgnHP1B8HpmI2Szv1BNUOj/sx86ve/SwV/amQDBBmAmi
QNu2vM50Ub70KfEdthXaw4F4ay1U2IG7hUhl7TzMyCkiaPANc5aqoZZgmx8huPo=
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat 0000xxxxxxxx368.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA05VF6CyW0Xc/Opg32ddFQaeRRgJF6puEKQVPq3s0C+BvBt4l
1/sx7yrkKqntcBsiUFBwayVqr3geL1V/SlooL6Trt6iTX5JKyk/7p4QDxevpq1SB
hTLIgmJtjI2TbFcSJXfFpCNrKEVJdx/f38yszvGaHU2w9lLxwAsBOzIkHa0/nvzN
E23jZNjhVJ6+po7g5V9bYC5n+j00r4rNrQoRColmLtL/WGpJH1376BdxaBZIrta6
zWjCIo8xdWsNxw8rSdXGq5ptxytzrtz+VmxO8/83//s2BcJtBVxJC8/TVOalqhiS
eqn3NYnG9DPOVzG2r2h6GIr2tTBHQ9XHP2fGjQIDAQABAoIBAGm5sZDulv5cQ/AX
l/D2rNi9zs3Y3O76fvOwf7sEeWFl6JTZ9LcUAkOsfw8Ckm7uYBsZ1tLzg3fi4dJt
OooAuwvzsQW46sta4pxtkyaFxQzlcYH3XDEeyyq73FnbdMsyRxMJ4my+dhFNbgRk
nQ3LzJ4sBAKYi9DKaZq45QibaYiZ3Luso8W4njRew47rch0XUZK01y+viu+Ia9ED
jHZUa6AQ8mj1CheuwX+Tu3IXewZ2QaQFepgM+0dBG0pm5rF2Fe7WSiH2ZDNBiGU7
/DjgDnU5iQgFNnO9cRQ1YfkFNoyPsneAHaxEkSP01plFFV1sUzgcu2I5jkEA5SYM
VlEnclECgYEA3FQHk7iV8GAmnlgwT1uuSl5Rz7PUOHYWL8TUzVW2JTl2ca1b+4xx
lKmFR3vAgWx2XBmm3X8UCc/3KE8pxUg+bKZDafdoNYPRAojyQYSHQ1tXweUXTs6l
UCcoC1ALbpoL6c8k9X98nlff3mK23ryiykkhyJLoMVb0A5QTg+MbZvsCgYEA9dbI
U3Iy0V12Mb5eusWY5f9rhpKAsEofPQCasR8xYoKljnW2R5Ueb/57l9Q5UR7q4Bat
28MHzaV0NnZRaNMkXOp0/izsCPirTnr3Q91GRB7sdF+CIv6MfKHd4+Dr08CnJb0Z
yJk5j/U5oeo7cBmfZbBaXZqcK2EOaDeUg3tVshcCgYBdMsZJvEjgdyuey1sUFonx
N1iP7VeV0o2sAyyo9tqngFkT2OsRyuS4p8SS6kwR8xlV+BvXkcueIvQ/fs0CgH63
YtUdW+QezvV4hwlCoZa97UN/5zImyc6vywBrWJ6dWFg1vMO7fQPvzugJn+QO7+hE
fQ7nUw0Y4dkyMk7W+Rg8RQKBgQDhyvjJc8zq8N2bCI93Gf+512PKAQsDX8DbRY/O
+KhiIz6t3r2hd3uyP1kC9WADetMdKJdcjf+/yKQ5VWimT69JS+pSfa34+3RTq6sp
gLWF4aUpqYMcYxFjc0Qahb30CjE6/zkMPndZGlFpvnoDFvWI73XAHT4stYMHA217
aa8m1wKBgBPpT7mRqDcYVnhIVCzH0RKaphmzyux7GsUIEqlX3lmrKrIG7okuzSbu
4hSDX5fRmPRSVLPUK4vOuLYREm/YMbE/2N6pRfudMf53zJDeUQnUhc89a6nDEQB4
wpArMpm+WCq+iiJ46lTSNZC7Yu0fBUrPF9eQYiK988Hf8It7RsPm
-----END RSA PRIVATE KEY-----
wuxiaolong:0000xxxxxxxx368 macuser$
其中0000xxxxxxxxxxx368.key文件是请求chinapay接口签名时使用的私钥,当前是pkcs1格式。
net,ios中rsa加解密使用的是pkcs1,而java使用的是pkcs8。因为当前这个文件是pkcs1,java不能直接使用,所以需要转换。
pkcs1格式: -----BEGIN RSA PRIVATE KEY----- XXXXXXXXXXXXXXXXX -----END RSA PRIVATE KEY-----
pkcs8格式: -----BEGIN PRIVATE KEY----- XXXXXXXXXXXXXXXXX -----END PRIVATE KEY-----
可以使用openssl将pkcs1转换成pkcs8
三、公钥证书转公钥
将368_cp_test.cer公钥证书转换成公钥
public static PublicKey getPublicKey() throws SecurityException {
String verifyFile = "/Users/macuser/Desktop/chinaPay/368_cp_test.cer";
if (SecssUtil.isEmpty(verifyFile)) {
throw new SecurityException(SecssConstants.VERIFY_CERT_ERROR);
} else {
CertificateFactory cf = null;
FileInputStream in = null;
try {
cf = CertificateFactory.getInstance("X.509");
in = new FileInputStream(verifyFile);
X509Certificate verifyCert = (X509Certificate) cf.generateCertificate(in);
PublicKey pubKey = verifyCert.getPublicKey();
String pk = com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(pubKey.getEncoded());
System.out.println("从证书中获得公钥是:" +pk);
if (in != null) {
try {
in.close();
} catch (IOException var16) {
}
}
return pubKey;
} catch (Exception var17) {
LogUtil.writeErrorLog("初始化验签证书异常", var17);
if (in != null) {
try {
in.close();
} catch (IOException var15) {
}
}
throw new SecurityException(SecssConstants.INIT_VERIFY_CERT_ERROR);
} finally {
if (in != null) {
try {
in.close();
} catch (IOException var14) {
}
}
}
}
}
四、安装openssl并转换私钥(将pkcs1转换成pkcs8)
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
--2021-04-06 17:24:19-- https://www.openssl.org/source/openssl-1.1.1k.tar.gz
正在解析主机 www.openssl.org... 104.102.153.249, 2600:1417:76:592::c1e, 2600:1417:76:591::c1e
正在连接 www.openssl.org|104.102.153.249|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:9823400 (9.4M) [application/x-gzip]
正在保存至: “openssl-1.1.1k.tar.gz”
100%[==================================================================================================================================================================>] 9,823,400 12.1M/s in 0.8s
2021-04-06 17:24:21 (12.1 MB/s) - 已保存 “openssl-1.1.1k.tar.gz” [9823400/9823400])
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# ls
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# tar -zxvf openssl-1.1.1k.tar.gz
openssl-1.1.1k/
openssl-1.1.1k/ACKNOWLEDGEMENTS
openssl-1.1.1k/AUTHORS
openssl-1.1.1k/CHANGES
openssl-1.1.1k/CONTRIBUTING
openssl-1.1.1k/Configurations/
openssl-1.1.1k/Configurations/00-base-templates.conf
openssl-1.1.1k/Configurations/10-main.conf
openssl-1.1.1k/Configurations/15-android.conf
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]#
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# cd openssl-1.1.1k
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ll
总用量 1032
-rw-rw-r-- 1 root root 87 3月 25 21:28 ACKNOWLEDGEMENTS
drwxrwxr-x 3 root root 4096 3月 25 21:28 apps
-rw-rw-r-- 1 root root 2549 3月 25 21:28 appveyor.yml
-rw-rw-r-- 1 root root 854 3月 25 21:28 AUTHORS
-rw-rw-r-- 1 root root 4099 3月 25 21:28 build.info
-rw-rw-r-- 1 root root 595440 3月 25 21:28 CHANGES
-rwxrwxr-x 1 root root 28586 3月 25 21:28 config
-rw-rw-r-- 1 root root 2510 3月 25 21:28 config.com
drwxrwxr-x 2 root root 4096 3月 25 21:28 Configurations
-rwxrwxr-x 1 root root 130245 3月 25 21:28 Configure
-rw-rw-r-- 1 root root 3627 3月 25 21:28 CONTRIBUTING
drwxrwxr-x 64 root root 4096 3月 25 21:28 crypto
drwxrwxr-x 9 root root 4096 3月 25 21:28 demos
drwxrwxr-x 7 root root 4096 3月 25 21:28 doc
drwxrwxr-x 3 root root 4096 3月 25 21:28 engines
-rw-rw-r-- 1 root root 11055 3月 25 21:28 e_os.h
drwxrwxr-x 3 root root 4096 3月 25 21:28 external
-rw-rw-r-- 1 root root 84 3月 25 21:28 FAQ
drwxrwxr-x 2 root root 4096 3月 25 21:28 fuzz
drwxrwxr-x 5 root root 4096 3月 25 21:28 include
-rw-rw-r-- 1 root root 57824 3月 25 21:28 INSTALL
-rw-rw-r-- 1 root root 6121 3月 25 21:28 LICENSE
drwxrwxr-x 2 root root 4096 3月 25 21:28 ms
-rw-rw-r-- 1 root root 44165 3月 25 21:28 NEWS
-rw-rw-r-- 1 root root 4492 3月 25 21:28 NOTES.ANDROID
-rw-rw-r-- 1 root root 2093 3月 25 21:28 NOTES.DJGPP
-rw-rw-r-- 1 root root 4578 3月 25 21:28 NOTES.PERL
-rw-rw-r-- 1 root root 5532 3月 25 21:28 NOTES.UNIX
-rw-rw-r-- 1 root root 3861 3月 25 21:28 NOTES.VMS
-rw-rw-r-- 1 root root 7488 3月 25 21:28 NOTES.WIN
drwxrwxr-x 2 root root 4096 3月 25 21:28 os-dep
-rw-rw-r-- 1 root root 3158 3月 25 21:28 README
-rw-rw-r-- 1 root root 16069 3月 25 21:28 README.ENGINE
-rw-rw-r-- 1 root root 61 3月 25 21:28 README.FIPS
drwxrwxr-x 4 root root 4096 3月 25 21:28 ssl
drwxrwxr-x 11 root root 12288 3月 25 21:28 test
drwxrwxr-x 2 root root 4096 3月 25 21:28 tools
drwxrwxr-x 3 root root 4096 3月 25 21:28 util
drwxrwxr-x 2 root root 4096 3月 25 21:28 VMS
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ./config
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# make
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" include/openssl/opensslconf.h.in > include/openssl/opensslconf.h
make depend && make _all
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Leaving directory `/root/openssl-1.1.1k'
make[1]: Entering directory `/root/openssl-1.1.1k'
gcc -I. -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -DNDEBUG -MMD -MF apps/app_rand.d.tmp -MT apps/app_rand.o -c -o apps/app_rand.o apps/app_rand.c
gcc -I. -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -DNDEBUG -MMD -MF apps/apps.d.tmp -MT apps/apps.o -c -o apps/apps.o apps/apps.c
gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c
rm -f test/x509_time_test
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \
-o test/x509_time_test test/x509_time_test.o \
test/libtestutil.a -lcrypto -ldl -pthread
gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c
rm -f test/x509aux
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \
-o test/x509aux test/x509aux.o \
test/libtestutil.a -lcrypto -ldl -pthread
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/CA.pl.in > "apps/CA.pl"
chmod a+x apps/CA.pl
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/tsget.in > "apps/tsget.pl"
chmod a+x apps/tsget.pl
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" tools/c_rehash.in > "tools/c_rehash"
chmod a+x tools/c_rehash
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
make[1]: Leaving directory `/root/openssl-1.1.1k'
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# make install
make depend && make _build_libs
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Leaving directory `/root/openssl-1.1.1k'
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Nothing to be done for `_build_libs'.
make[1]: Leaving directory `/root/openssl-1.1.1k'
*** Installing runtime libraries
install libcrypto.so.1.1 -> /usr/local/lib64/libcrypto.so.1.1
install libssl.so.1.1 -> /usr/local/lib64/libssl.so.1.1
*** Installing development files
created directory `/usr/local/include/openssl'
install ./include/openssl/aes.h -> /usr/local/include/openssl/aes.h
install ./include/openssl/asn1.h -> /usr/local/include/openssl/asn1.h
install ./include/openssl/asn1_mac.h -> /usr/local/include/openssl/asn1_mac.h
install ./include/openssl/asn1err.h -> /usr/local/include/openssl/asn1err.h
install ./include/openssl/asn1t.h -> /usr/local/include/openssl/asn1t.h
install ./include/openssl/async.h -> /usr/local/include/openssl/async.h
install ./include/openssl/asyncerr.h -> /usr/local/include/openssl/asyncerr.h
install ./include/openssl/bio.h -> /usr/local/include/openssl/bio.h
install ./include/openssl/bioerr.h -> /usr/local/include/openssl/bioerr.h
install ./include/openssl/blowfish.h -> /usr/local/include/openssl/blowfish.h
install ./include/openssl/bn.h -> /usr/local/include/openssl/bn.h
/usr/local/share/doc/openssl/html/man3/i2d_re_X509_REQ_tbs.html -> /usr/local/share/doc/openssl/html/man3/i2d_re_X509_tbs.html
/usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/i2o_SCT_LIST.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/o2i_SCT.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/i2o_SCT.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man5/config.html
/usr/local/share/doc/openssl/html/man5/x509v3_config.html
/usr/local/share/doc/openssl/html/man7/Ed25519.html
/usr/local/share/doc/openssl/html/man7/Ed448.html -> /usr/local/share/doc/openssl/html/man7/Ed25519.html
/usr/local/share/doc/openssl/html/man7/RAND.html
/usr/local/share/doc/openssl/html/man7/RAND_DRBG.html
/usr/local/share/doc/openssl/html/man7/RSA-PSS.html
/usr/local/share/doc/openssl/html/man7/SM2.html
/usr/local/share/doc/openssl/html/man7/X25519.html
/usr/local/share/doc/openssl/html/man7/X448.html -> /usr/local/share/doc/openssl/html/man7/X25519.html
/usr/local/share/doc/openssl/html/man7/bio.html
/usr/local/share/doc/openssl/html/man7/crypto.html
/usr/local/share/doc/openssl/html/man7/ct.html
/usr/local/share/doc/openssl/html/man7/des_modes.html
/usr/local/share/doc/openssl/html/man7/evp.html
/usr/local/share/doc/openssl/html/man7/ossl_store-file.html
/usr/local/share/doc/openssl/html/man7/ossl_store.html
/usr/local/share/doc/openssl/html/man7/passphrase-encoding.html
/usr/local/share/doc/openssl/html/man7/proxy-certificates.html
/usr/local/share/doc/openssl/html/man7/scrypt.html
/usr/local/share/doc/openssl/html/man7/ssl.html
/usr/local/share/doc/openssl/html/man7/x509.html
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ls
ACKNOWLEDGEMENTS build.info configdata.pm crypto e_os.h include libcrypto.pc libssl.map LICENSE NOTES.ANDROID NOTES.VMS pod2htmd.tmp README.FIPS util
apps CHANGES Configurations demos external INSTALL libcrypto.so libssl.pc Makefile NOTES.DJGPP NOTES.WIN pod2htmi.tmp ssl VMS
appveyor.yml config Configure doc FAQ libcrypto.a libcrypto.so.1.1 libssl.so ms NOTES.PERL openssl.pc README test
AUTHORS config.com CONTRIBUTING engines fuzz libcrypto.map libssl.a libssl.so.1.1 NEWS NOTES.UNIX os-dep README.ENGINE tools
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
// 将0000xxxxxxxxxx368.key文件内容放入rsa_private_key.pem
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# vim rsa_private_key.pem
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# cat rsa_private_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA05VF6CyW0Xc/Opg32ddFQaeRRgJF6puEKQVPq3s0C+BvBt4l
1/sx7yrkKqntcBsiUFBwayVqr3geL1V/SlooL6Trt6iTX5JKyk/7p4QDxevpq1SB
hTLIgmJtjI2TbFcSJXfFpCNrKEVJdx/f38yszvGaHU2w9lLxwAsBOzIkHa0/nvzN
E23jZNjhVJ6+po7g5V9bYC5n+j00r4rNrQoRColmLtL/WGpJH1376BdxaBZIrta6
zWjCIo8xdWsNxw8rSdXGq5ptxytzrtz+VmxO8/83//s2BcJtBVxJC8/TVOalqhiS
eqn3NYnG9DPOVzG2r2h6GIr2tTBHQ9XHP2fGjQIDAQABAoIBAGm5sZDulv5cQ/AX
l/D2rNi9zs3Y3O76fvOwf7sEeWFl6JTZ9LcUAkOsfw8Ckm7uYBsZ1tLzg3fi4dJt
OooAuwvzsQW46sta4pxtkyaFxQzlcYH3XDEeyyq73FnbdMsyRxMJ4my+dhFNbgRk
nQ3LzJ4sBAKYi9DKaZq45QibaYiZ3Luso8W4njRew47rch0XUZK01y+viu+Ia9ED
jHZUa6AQ8mj1CheuwX+Tu3IXewZ2QaQFepgM+0dBG0pm5rF2Fe7WSiH2ZDNBiGU7
/DjgDnU5iQgFNnO9cRQ1YfkFNoyPsneAHaxEkSP01plFFV1sUzgcu2I5jkEA5SYM
VlEnclECgYEA3FQHk7iV8GAmnlgwT1uuSl5Rz7PUOHYWL8TUzVW2JTl2ca1b+4xx
lKmFR3vAgWx2XBmm3X8UCc/3KE8pxUg+bKZDafdoNYPRAojyQYSHQ1tXweUXTs6l
UCcoC1ALbpoL6c8k9X98nlff3mK23ryiykkhyJLoMVb0A5QTg+MbZvsCgYEA9dbI
U3Iy0V12Mb5eusWY5f9rhpKAsEofPQCasR8xYoKljnW2R5Ueb/57l9Q5UR7q4Bat
28MHzaV0NnZRaNMkXOp0/izsCPirTnr3Q91GRB7sdF+CIv6MfKHd4+Dr08CnJb0Z
yJk5j/U5oeo7cBmfZbBaXZqcK2EOaDeUg3tVshcCgYBdMsZJvEjgdyuey1sUFonx
N1iP7VeV0o2sAyyo9tqngFkT2OsRyuS4p8SS6kwR8xlV+BvXkcueIvQ/fs0CgH63
YtUdW+QezvV4hwlCoZa97UN/5zImyc6vywBrWJ6dWFg1vMO7fQPvzugJn+QO7+hE
fQ7nUw0Y4dkyMk7W+Rg8RQKBgQDhyvjJc8zq8N2bCI93Gf+512PKAQsDX8DbRY/O
+KhiIz6t3r2hd3uyP1kC9WADetMdKJdcjf+/yKQ5VWimT69JS+pSfa34+3RTq6sp
gLWF4aUpqYMcYxFjc0Qahb30CjE6/zkMPndZGlFpvnoDFvWI73XAHT4stYMHA217
aa8m1wKBgBPpT7mRqDcYVnhIVCzH0RKaphmzyux7GsUIEqlX3lmrKrIG7okuzSbu
4hSDX5fRmPRSVLPUK4vOuLYREm/YMbE/2N6pRfudMf53zJDeUQnUhc89a6nDEQB4
wpArMpm+WCq+iiJ46lTSNZC7Yu0fBUrPF9eQYiK988Hf8It7RsPm
-----END RSA PRIVATE KEY-----
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#转换
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory #缺少库
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#添加库
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# find / -name libssl.so.1.1
/root/openssl-1.1.1k/libssl.so.1.1
/usr/local/lib64/libssl.so.1.1
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# ln -s /root/openssl-1.1.1k/libssl.so.1.1 /usr/lib64/libssl.so.1.1 #第一步
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 #第二步
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#转换成功
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTlUXoLJbRdz86
mDfZ10VBp5FGAkXqm4QpBU+rezQL4G8G3iXX+zHvKuQqqe1wGyJQUHBrJWqveB4v
VX9KWigvpOu3qJNfkkrKT/unhAPF6+mrVIGFMsiCYm2MjZNsVxIld8WkI2soRUl3
H9/fzKzO8ZodTbD2UvHACwE7MiQdrT+e/M0TbeNk2OFUnr6mjuDlX1tgLmf6PTSv
is2tChEKiWYu0v9YakkfXfvoF3FoFkiu1rrNaMIijzF1aw3HDytJ1carmm3HK3Ou
3P5WbE7z/zf/+zYFwm0FXEkLz9NU5qWqGJJ6qfc1icb0M85XMbavaHoYiva1MEdD
1cc/Z8aNAgMBAAECggEAabmxkO6W/lxD8BeX8Pas2L3Ozdjc7vp+87B/uwR5YWXo
lNn0txQCQ6x/DwKSbu5gGxnW0vODd+Lh0m06igC7C/OxBbjqy1rinG2TJoXFDOVx
gfdcMR7LKrvcWdt0yzJHEwnibL52EU1uBGSdDcvMniwEApiL0MppmrjlCJtpiJnc
u6yjxbieNF7DjutyHRdRkrTXL6+K74hr0QOMdlRroBDyaPUKF67Bf5O7chd7BnZB
pAV6mAz7R0EbSmbmsXYV7tZKIfZkM0GIZTv8OOAOdTmJCAU2c71xFDVh+QU2jI+y
d4AdrESRI/TWmUUVXWxTOBy7YjmOQQDlJgxWUSdyUQKBgQDcVAeTuJXwYCaeWDBP
W65KXlHPs9Q4dhYvxNTNVbYlOXZxrVv7jHGUqYVHe8CBbHZcGabdfxQJz/coTynF
SD5spkNp92g1g9ECiPJBhIdDW1fB5RdOzqVQJygLUAtumgvpzyT1f3yeV9/eYrbe
vKLKSSHIkugxVvQDlBOD4xtm+wKBgQD11shTcjLRXXYxvl66xZjl/2uGkoCwSh89
AJqxHzFigqWOdbZHlR5v/nuX1DlRHurgFq3bwwfNpXQ2dlFo0yRc6nT+LOwI+KtO
evdD3UZEHux0X4Ii/ox8od3j4OvTwKclvRnImTmP9Tmh6jtwGZ9lsFpdmpwrYQ5o
N5SDe1WyFwKBgF0yxkm8SOB3K57LWxQWifE3WI/tV5XSjawDLKj22qeAWRPY6xHK
5LinxJLqTBHzGVX4G9eRy54i9D9+zQKAfrdi1R1b5B7O9XiHCUKhlr3tQ3/nMibJ
zq/LAGtYnp1YWDW8w7t9A+/O6Amf5A7v6ER9DudTDRjh2TIyTtb5GDxFAoGBAOHK
+MlzzOrw3ZsIj3cZ/7nXY8oBCwNfwNtFj874qGIjPq3evaF3e7I/WQL1YAN60x0o
l1yN/7/IpDlVaKZPr0lL6lJ9rfj7dFOrqymAtYXhpSmpgxxjEWNzRBqFvfQKMTr/
OQw+d1kaUWm+egMW9YjvdcAdPiy1gwcDbXtprybXAoGAE+lPuZGoNxhWeEhULMfR
EpqmGbPK7HsaxQgSqVfeWasqsgbuiS7NJu7iFINfl9GY9FJUs9Qri864thESb9gx
sT/Y3qlF+50x/nfMkN5RCdSFzz1rqcMRAHjCkCsymb5YKr6KInjqVNI1kLti7R8F
Ss8X15BiIr3zwd/wi3tGw+Y=
-----END PRIVATE KEY-----
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
通过上面的操作,就完成了两个操作:
1.cer公钥证书转公钥
2.pfx证书转私钥的操作
后面在代码中就可以通过公钥做验签和加密,通过私钥做签名和解密了
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
