如何将私钥转换为 RSA 私钥?
[英]How to convert a private key to an RSA private key?
问题描述
Let me explain my question first.
让我先解释一下我的问题。 I bought a certificate from a CA and used the following format to generate the csr and the private key:我从 CA 购买了证书并使用以下格式生成 csr 和私钥:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"当我打开 server.key 文件时,我看到它以“-----BEGIN PRIVATE KEY-----”开头
I use the SSL cert on my server and everything looks fine.我在我的服务器上使用 SSL 证书,一切看起来都很好。
Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer.现在我想将相同的证书上传到 AWS IAM,以便我可以通过 beanstalk 负载均衡器使用它。 I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth我使用这个 aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth 中的以下命令
iam-servercertupload -b public_key_certificate_file -k privatekey.pem -s certificate_object_name
I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."我根据需要更改了证书文件名,但不断收到此错误:“400 MalformedCertificate Invalid Private Key。”
The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"有趣的是,在 aws doc 页面上,他们显示的示例私钥以“-------Begin RSA Private Key--------”开头
Is there a way to convert my private key to an RSA private key using openssl?有没有办法使用 openssl 将我的私钥转换为 RSA 私钥?
3 个解决方案
解决方案1
170 已采纳 2013-07-18 21:56:39
Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format).较新版本的 OpenSSL 说BEGIN PRIVATE KEY因为它们包含私钥 + 标识密钥类型的 OID(这称为 PKCS8 格式)。 To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:要获取旧式密钥(称为 PKCS1 或传统 OpenSSL 格式),您可以执行以下操作:
openssl rsa -in server.key -out server_new.key
Alternately, if you have a PKCS1 key and want PKCS8:或者,如果您有 PKCS1 密钥并想要 PKCS8:
openssl pkcs8 -topk8 -nocrypt -in privkey.pem
解决方案2
31 2016-05-27 12:41:05
This may be of some help (do not literally write out the backslashes '\\' in the commands, they are meant to indicate that "everything has to be on one line"):这可能会有所帮助(不要在命令中逐字地写出反斜杠“\\”,它们旨在表明“所有内容都必须在一行上”):
It seems that all the commands (in grey) take any type of key file (in green) as "in" argument.似乎所有命令(灰色)都将任何类型的密钥文件(绿色)作为“in”参数。 Which is nice.这很好。
Here are the commands again for easier copy-pasting:以下是更容易复制粘贴的命令:
openssl rsa -in $FF -out $TF
openssl rsa -aes256 -in $FF -out $TF
openssl pkcs8 -topk8 -nocrypt -in $FF -out $TF
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -in $FF -out $TF
and和
openssl rsa -check -in $FF
openssl rsa -text -in $FF
解决方案3
18 2019-06-14 05:53:01
要将BEGIN OPENSSH PRIVATE KEY转换为BEGIN RSA PRIVATE KEY :
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.