rsa的算法和步骤(青锋爱分享SpringbootPython之RSA加解密方案)
rsa的算法和步骤(青锋爱分享SpringbootPython之RSA加解密方案)我需要将此私钥转换为DER编码的PKCS8未加密格式,以便与java服务器代码一起使用,特别是PKCS8EncodedKeySpec。我已经试过使用rsa和pkcs8命令的OpenSSL,如果有更简单的办法,没有特别需要使用openssl。私钥尾(-----END RSA PRIVATE KEY-----)通过python生成的公钥私钥格式PKCS1。生成pem格式如下:私钥头(-----BEGIN RSA PRIVATE KEY-----)
本篇文章要结合上一节文章一起看。
青锋爱分享-RSA-Springboot Python整合
关注青锋,可获取更多青锋分享技术知识、下载开源源码。
码云搜索:青锋 会有惊喜哦哦。
3、RSA使用情况说明通过python生成的公钥私钥格式PKCS1。
生成pem格式如下:
私钥头(-----BEGIN RSA PRIVATE KEY-----)
私钥尾(-----END RSA PRIVATE KEY-----)
我需要将此私钥转换为DER编码的PKCS8未加密格式,以便与java服务器代码一起使用,特别是PKCS8EncodedKeySpec。我已经试过使用rsa和pkcs8命令的OpenSSL,如果有更简单的办法,没有特别需要使用openssl。
openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem
openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -pubin openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt
4、openssl RSA密钥格式PKCS1和PKCS8相互转换
RSA私钥格式PKCS1和PKCS8相互转换
RSA公钥格式PKCS1和PKCS8相互转换
以下转换基于openssl命令的操作;
1. openssl 生成pkcs1格式的私钥,密钥长度1024位 (PKCS1)执行:openssl genrsa -out private.pem 1024
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlLm5 Kosybacfp8hzjn1fl2wT7Au2lm5SEtz6r /wwSfq5KfY
H8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5sdtmAvD2ex3wCef8lWmgdh5q
Uo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6NUmQZITsYK6CsEl/ewIDAQAB
AoGBAJkMdvF i9Kzc6YqMC0rfQJ3Zs vFOtsbmQVAMnQ8JWBCJ1O8d/c60wRQgyb
lFCyO7VXOmoIJqX/Jr2aER8bFtG Yxy6jsMu3ynwMwbhcVmCWCmZoWuE5pZdEJk6
lOdOay7TkE45X/Wc7K9iZs2uuB7sylIvK/HVxxit6FGePa4RAkEA9e VoAbxBv78
HyxRcStW Kc3lmE4zYBGAb2IYx48UEN34nP5rI8Tusqsy7CZ3rvSMi1CpVlj2eQK
FU8FzVFyjwJBAO6PU9q7il8NtecdvYBkDErlCawSeCdk9s79helT0Mrg9cWaVWFO
n0UxgT55MPXWGdMRXUUOCNnMilaw/p7dKlUCQDpjGeu3GivmB2dDN0ad2nUIBftu
s3SeWoB5RdL6T6liiyi5DfJ4uV9kVKe7Epy9jIabFjJ5SWpmaDps21zGVGMCQQCB
HvK0IW3zpOgf/ jh5UUCBJYHnLeMGwm7X11rvQH1zW05Vx9/W565ROI/fjkR1qCD
rZJeHgqMWDlIUuR9 BdBAkAI8 JWgWLdWceXX9Puu4KNmGukx4GZw2n53vMKp0Fu
puQxMonRWTN kA76cq8QIj8xuEBkdxy1NFRMEkGu675m
-----END RSA PRIVATE KEY-----
2. PKCS1私钥转换为PKCS8执行:openssl pkcs8 -topk8 -inform PEM -in private.pem -outform pem -nocrypt -out pkcs8.pem
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOUubn4qizJtpx n
yHOOfV XbBPsC7aWblIS3Pqv7/DBJ rkp9gfyrUA78L3YjASmmU1uupiY5dC7o/T
uaDSVA4K8Tmx22YC8PZ7HfAJ5/yVaaB2HmpSjg4xyahLPcgCn/v8WcxqDUh6VJ92
uic8EPFrOno1SZBkhOxgroKwSX97AgMBAAECgYEAmQx28X6L0rNzpiowLSt9Andm
z68U62xuZBUAydDwlYEInU7x39zrTBFCDJuUULI7tVc6aggmpf8mvZoRHxsW0b5j
HLqOwy7fKfAzBuFxWYJYKZmha4Tmll0QmTqU505rLtOQTjlf9Zzsr2Jmza64HuzK
Ui8r8dXHGK3oUZ49rhECQQD175WgBvEG/vwfLFFxK1b4pzeWYTjNgEYBvYhjHjxQ
Q3fic/msjxO6yqzLsJneu9IyLUKlWWPZ5AoVTwXNUXKPAkEA7o9T2ruKXw215x29
gGQMSuUJrBJ4J2T2zv2F6VPQyuD1xZpVYU6fRTGBPnkw9dYZ0xFdRQ4I2cyKVrD
nt0qVQJAOmMZ67caK YHZ0M3Rp3adQgF 26zdJ5agHlF0vpPqWKLKLkN8ni5X2RU
p7sSnL2MhpsWMnlJamZoOmzbXMZUYwJBAIEe8rQhbfOk6B//6OHlRQIElgect4wb
CbtfXWu9AfXNbTlXH39bnrlE4j9 ORHWoIOtkl4eCoxYOUhS5H34F0ECQAjz4laB
Yt1Zx5df0 67go2Ya6THgZnDafne8wqnQW6m5DEyidFZM36QDvpyrxAiPzG4QGR3
HLU0VEwSQa7rvmY=
-----END PRIVATE KEY-----
3. PKCS8格式私钥再转换为PKCS1格式执行:openssl rsa -in pkcs8.pem -out pkcs1.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlLm5 Kosybacfp8hzjn1fl2wT7Au2lm5SEtz6r /wwSfq5KfY
H8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5sdtmAvD2ex3wCef8lWmgdh5q
Uo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6NUmQZITsYK6CsEl/ewIDAQAB
AoGBAJkMdvF i9Kzc6YqMC0rfQJ3Zs vFOtsbmQVAMnQ8JWBCJ1O8d/c60wRQgyb
lFCyO7VXOmoIJqX/Jr2aER8bFtG Yxy6jsMu3ynwMwbhcVmCWCmZoWuE5pZdEJk6
lOdOay7TkE45X/Wc7K9iZs2uuB7sylIvK/HVxxit6FGePa4RAkEA9e VoAbxBv78
HyxRcStW Kc3lmE4zYBGAb2IYx48UEN34nP5rI8Tusqsy7CZ3rvSMi1CpVlj2eQK
FU8FzVFyjwJBAO6PU9q7il8NtecdvYBkDErlCawSeCdk9s79helT0Mrg9cWaVWFO
n0UxgT55MPXWGdMRXUUOCNnMilaw/p7dKlUCQDpjGeu3GivmB2dDN0ad2nUIBftu
s3SeWoB5RdL6T6liiyi5DfJ4uV9kVKe7Epy9jIabFjJ5SWpmaDps21zGVGMCQQCB
HvK0IW3zpOgf/ jh5UUCBJYHnLeMGwm7X11rvQH1zW05Vx9/W565ROI/fjkR1qCD
rZJeHgqMWDlIUuR9 BdBAkAI8 JWgWLdWceXX9Puu4KNmGukx4GZw2n53vMKp0Fu
puQxMonRWTN kA76cq8QIj8xuEBkdxy1NFRMEkGu675m
-----END RSA PRIVATE KEY-----
可以看出结果和1是一致的;
4. 从pkcs1私钥中生成pkcs8公钥执行:openssl rsa -in private.pem -pubout -out public.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlLm5 Kosybacfp8hzjn1fl2wT
7Au2lm5SEtz6r /wwSfq5KfYH8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5
sdtmAvD2ex3wCef8lWmgdh5qUo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6
NUmQZITsYK6CsEl/ewIDAQAB
-----END PUBLIC KEY-----
5. 从pkcs8私钥中生成pkcs8公钥
执行:openssl rsa -in pkcs8.pem -pubout -out public_pkcs8.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlLm5 Kosybacfp8hzjn1fl2wT
7Au2lm5SEtz6r /wwSfq5KfYH8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5
sdtmAvD2ex3wCef8lWmgdh5qUo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6
NUmQZITsYK6CsEl/ewIDAQAB
-----END PUBLIC KEY-----
可以看出结果和4是一样的;
6. pkcs8公钥转pkcs1公钥执行:openssl rsa -pubin -in public.pem -RSAPublicKey_out
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAOUubn4qizJtpx nyHOOfV XbBPsC7aWblIS3Pqv7/DBJ rkp9gfyrUA
78L3YjASmmU1uupiY5dC7o/TuaDSVA4K8Tmx22YC8PZ7HfAJ5/yVaaB2HmpSjg4x
yahLPcgCn/v8WcxqDUh6VJ92uic8EPFrOno1SZBkhOxgroKwSX97AgMBAAE=
-----END RSA PUBLIC KEY-----
openssl rsa -pubin -in public_pkcs8.pem -RSAPublicKey_out
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAOUubn4qizJtpx nyHOOfV XbBPsC7aWblIS3Pqv7/DBJ rkp9gfyrUA
78L3YjASmmU1uupiY5dC7o/TuaDSVA4K8Tmx22YC8PZ7HfAJ5/yVaaB2HmpSjg4x
yahLPcgCn/v8WcxqDUh6VJ92uic8EPFrOno1SZBkhOxgroKwSX97AgMBAAE=
-----END RSA PUBLIC KEY-----
可以看出转换的结果是一致的;
7. pkcs1公钥转换为pkcs8公钥执行:openssl rsa -RSAPublicKey_in -in pub_pkcs1.pem -pubout
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlLm5 Kosybacfp8hzjn1fl2wT
7Au2lm5SEtz6r /wwSfq5KfYH8q1AO/C92IwEpplNbrqYmOXQu6P07mg0lQOCvE5
sdtmAvD2ex3wCef8lWmgdh5qUo4OMcmoSz3IAp/7/FnMag1IelSfdronPBDxazp6
NUmQZITsYK6CsEl/ewIDAQAB
-----END PUBLIC KEY-----
可以看到和上面4,5的结果是一致的;
最后一点:
iOS上用的是pkcs8格式的公钥
openssl用的是pkcs1格式的公钥
知道私钥以后是可以导出公钥的,所以私钥一定要保证安全
知道公钥不可以导出私钥
解决方案针对是window电脑。
解决方案一:配置:SystemRoot/System32 环境变量。
1、邮件我的电脑-选择下【属性】。
2、选择高级系统设置
3、选择【高级】-【环境变量】
4、双击打开path,进行编辑
5、接着我们在这名字后面加【;System32】就可以了。
解决方案二:安装Win64 OpenSSL,地址:http://slproweb.com/products/Win32OpenSSL.html
下载后根据提示一步一步安装,安装完成后:
双击start.bat 启动
青锋开源架构