使用openssl生成RSA 1024密钥对
[英]generate RSA 1024 key pair using openssl
问题描述
I'd like to generate RSA 1024 key pairs. 
我想生成RSA 1024密钥对。 What I got from google is 我从谷歌得到的是
openssl genrsa -out privatekey.txt 1024
openssl rsa -in privatekey.txt -pubout -out publickey.txt
but why these two files are in different size(608 bytes and 162 bytes)? 但为什么这两个文件的大小不同(608字节和162字节)? the key pair of RSA 1024 should be the same size, right? RSA 1024的密钥对应该是相同的大小,对吧?
and these files begin with 这些文件以
0x30 0x81... 0x30 0x81 ...
and 和
0x30 0x82... 0x30 0x82 ......
it's pem format? 这是pem格式? How could they be used with openssl? 它们如何与openssl一起使用?
RSA* rsa = RSA_new();
BN_hex2bn(&rsa->n, WHAT_HERE);
BN_hex2bn(&rsa->e, AND_WHAT_HERE);
RSA_public_encrypt(....);
Thanks. 谢谢。
2 个解决方案
解决方案1
4 2014-02-24 09:18:47
There are a few reasons why the private key is larger than the public key. 私钥大于公钥的原因有几个。 One is that whilst the private key need only contain the modulus and private exponent (these are the only parameters required to decrypt), it also contains the public exponent (so that given the private key, the public key can always be recreated), as well as the original prime values P and Q and a number of other derived parameters ( DP , DQ , InverseQ ). 一个是私钥只需要包含模数和私有指数(这些是解密所需的唯一参数),它还包含公共指数(因此,给定私钥,可以始终重新创建公钥),如以及原始的素数值P和Q以及许多其他派生参数( DP , DQ , InverseQ )。
It is possible to create a private key containing only the required parameters (modulus and private exponent), however even in this case the private key will be larger due to the sizes of the public and private exponents - the public exponent is generally small, and usually one of a set of predefined values - eg 65537, however the corresponding private exponent is a much larger value. 可以创建仅包含所需参数(模数和私有指数)的私钥,但即使在这种情况下,由于公共和私有指数的大小,私钥也会更大 - 公共指数通常很小,并且通常是一组预定义值中的一个 - 例如65537,但是相应的私有指数是一个更大的值。
With regards the use of PEM files with OpenSSL, there are a number of functions for loading RSA keys from PEM format files. 关于使用带有OpenSSL的PEM文件,有许多用于从PEM格式文件加载RSA密钥的功能。 See: https://www.openssl.org/docs/crypto/pem.html 请参阅: https : //www.openssl.org/docs/crypto/pem.html
解决方案2
2 已采纳 2014-02-24 16:47:43
but why these two files are in different size(608 bytes and 162 bytes)?
There are two formats for the private key (see, for example, PKCS #1 or RFC 3447). 私钥有两种格式(例如,参见PKCS#1或RFC 3447)。
OpenSSL uses the second representation, which can be described as the "long form" with n , e , d dp , dq , etc. OpenSSL使用第二种表示形式,可以用n , e , d dp , dq等描述为“长形式”。
$ openssl pkey -in test-key.txt -inform PEM -text
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMQFuyeb8y+Losq3
0xBjg3EjbTdb+CddlZZ+JQWxjrhkJslLN7UsxL83Qz0ZNYRxGW5Pd1RDUfmqWAYm
5xZThRFoz7seEQ0yIfVnoI/OlDuzx+bb8ci3tSGQKQDPHv5aO8jdoeBtP0oz8Zog
oNBuVeRATnHkCoocrd0vwur+xWoZAgMBAAECgYBkiLvwGJ+k5uzbI2Rwp1kmkZDW
L6kaJ3ks8g1y2hnkoBj0bEtp9EgD+gfWMjOsdYUhekgtQ0mrzp3Oqe0jGjrISEoC
iKriv2mXA2mnlPUpulQ6VRMRDCiuofoRC9kG8hvzQx+abmRr/expGvXGJ2kkItTI
t6PEUnEnpctSE819sQJBAPVPXK3R56JMMRrykwct8RsKKx7iiV+X5R1zzNZIelPz
eLmt7h1y1Xk/fP22MVeQDfxXvQkjdG5HOKuXD3a4eKMCQQDMkIZERj/ll6EqVxPa
CeZuOiYNcmVXIEq3T3TRbjYxN2zBIdDBE9Fq19ZW/YBe81M8AVegxWu6mzW40r9b
kxITAkB3W/YsXUXnoksCYaVIiQIXtgrlLDTLXo0Ml5vDZ+CdmInVTtvdWFKmfE3E
5TF8+YrUjZxdJfMw9VaNpyLPEVMhAkADQW2Rmpibu80J0nbzamLrcCt43VA1kcL+
pdoTFzDvmZU2gaZD3F/h1muH2OL5H+A8PT06xsmPH7c8KMZ4259XAkAyG8NmkLIB
s4cfkDt6qeLMkBSI1TLe62/aXZAdIhkWKqH7jahOCzb4AiHaPxGf/kcIMtvLRw5J
NBOLSFGTJBoc
-----END PRIVATE KEY-----
Private-Key: (1024 bit)
modulus:
00:c4:05:bb:27:9b:f3:2f:8b:a2:ca:b7:d3:10:63:
83:71:23:6d:37:5b:f8:27:5d:95:96:7e:25:05:b1:
8e:b8:64:26:c9:4b:37:b5:2c:c4:bf:37:43:3d:19:
35:84:71:19:6e:4f:77:54:43:51:f9:aa:58:06:26:
e7:16:53:85:11:68:cf:bb:1e:11:0d:32:21:f5:67:
a0:8f:ce:94:3b:b3:c7:e6:db:f1:c8:b7:b5:21:90:
29:00:cf:1e:fe:5a:3b:c8:dd:a1:e0:6d:3f:4a:33:
f1:9a:20:a0:d0:6e:55:e4:40:4e:71:e4:0a:8a:1c:
ad:dd:2f:c2:ea:fe:c5:6a:19
publicExponent: 65537 (0x10001)
privateExponent:
64:88:bb:f0:18:9f:a4:e6:ec:db:23:64:70:a7:59:
26:91:90:d6:2f:a9:1a:27:79:2c:f2:0d:72:da:19:
e4:a0:18:f4:6c:4b:69:f4:48:03:fa:07:d6:32:33:
ac:75:85:21:7a:48:2d:43:49:ab:ce:9d:ce:a9:ed:
23:1a:3a:c8:48:4a:02:88:aa:e2:bf:69:97:03:69:
a7:94:f5:29:ba:54:3a:55:13:11:0c:28:ae:a1:fa:
11:0b:d9:06:f2:1b:f3:43:1f:9a:6e:64:6b:fd:ec:
69:1a:f5:c6:27:69:24:22:d4:c8:b7:a3:c4:52:71:
27:a5:cb:52:13:cd:7d:b1
prime1:
00:f5:4f:5c:ad:d1:e7:a2:4c:31:1a:f2:93:07:2d:
f1:1b:0a:2b:1e:e2:89:5f:97:e5:1d:73:cc:d6:48:
7a:53:f3:78:b9:ad:ee:1d:72:d5:79:3f:7c:fd:b6:
31:57:90:0d:fc:57:bd:09:23:74:6e:47:38:ab:97:
0f:76:b8:78:a3
prime2:
00:cc:90:86:44:46:3f:e5:97:a1:2a:57:13:da:09:
e6:6e:3a:26:0d:72:65:57:20:4a:b7:4f:74:d1:6e:
36:31:37:6c:c1:21:d0:c1:13:d1:6a:d7:d6:56:fd:
80:5e:f3:53:3c:01:57:a0:c5:6b:ba:9b:35:b8:d2:
bf:5b:93:12:13
exponent1:
77:5b:f6:2c:5d:45:e7:a2:4b:02:61:a5:48:89:02:
17:b6:0a:e5:2c:34:cb:5e:8d:0c:97:9b:c3:67:e0:
9d:98:89:d5:4e:db:dd:58:52:a6:7c:4d:c4:e5:31:
7c:f9:8a:d4:8d:9c:5d:25:f3:30:f5:56:8d:a7:22:
cf:11:53:21
exponent2:
03:41:6d:91:9a:98:9b:bb:cd:09:d2:76:f3:6a:62:
eb:70:2b:78:dd:50:35:91:c2:fe:a5:da:13:17:30:
ef:99:95:36:81:a6:43:dc:5f:e1:d6:6b:87:d8:e2:
f9:1f:e0:3c:3d:3d:3a:c6:c9:8f:1f:b7:3c:28:c6:
78:db:9f:57
coefficient:
32:1b:c3:66:90:b2:01:b3:87:1f:90:3b:7a:a9:e2:
cc:90:14:88:d5:32:de:eb:6f:da:5d:90:1d:22:19:
16:2a:a1:fb:8d:a8:4e:0b:36:f8:02:21:da:3f:11:
9f:fe:47:08:32:db:cb:47:0e:49:34:13:8b:48:51:
93:24:1a:1c
it's pem format?
Yes: 是:
$ openssl genrsa -out privatekey.txt 1024
$ cat privatekey.txt
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDEBbsnm/Mvi6LKt9MQY4NxI203W/gnXZWWfiUFsY64ZCbJSze1
LMS/N0M9GTWEcRluT3dUQ1H5qlgGJucWU4URaM+7HhENMiH1Z6CPzpQ7s8fm2/HI
t7UhkCkAzx7+WjvI3aHgbT9KM/GaIKDQblXkQE5x5AqKHK3dL8Lq/sVqGQIDAQAB
AoGAZIi78BifpObs2yNkcKdZJpGQ1i+pGid5LPINctoZ5KAY9GxLafRIA/oH1jIz
rHWFIXpILUNJq86dzqntIxo6yEhKAoiq4r9plwNpp5T1KbpUOlUTEQworqH6EQvZ
BvIb80Mfmm5ka/3saRr1xidpJCLUyLejxFJxJ6XLUhPNfbECQQD1T1yt0eeiTDEa
8pMHLfEbCise4olfl+Udc8zWSHpT83i5re4dctV5P3z9tjFXkA38V70JI3RuRzir
lw92uHijAkEAzJCGREY/5ZehKlcT2gnmbjomDXJlVyBKt0900W42MTdswSHQwRPR
atfWVv2AXvNTPAFXoMVrups1uNK/W5MSEwJAd1v2LF1F56JLAmGlSIkCF7YK5Sw0
y16NDJebw2fgnZiJ1U7b3VhSpnxNxOUxfPmK1I2cXSXzMPVWjacizxFTIQJAA0Ft
kZqYm7vNCdJ282pi63AreN1QNZHC/qXaExcw75mVNoGmQ9xf4dZrh9ji+R/gPD09
OsbJjx+3PCjGeNufVwJAMhvDZpCyAbOHH5A7eqnizJAUiNUy3utv2l2QHSIZFiqh
+42oTgs2+AIh2j8Rn/5HCDLby0cOSTQTi0hRkyQaHA==
-----END RSA PRIVATE KEY-----
The -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- indicates the key is in PEM format. -----BEGIN RSA PRIVATE KEY-----和-----END RSA PRIVATE KEY-----表示密钥为PEM格式。
If it lacks the -----BEGIN XXX----- and -----END XXX----- and is binary, then its likely DER format. 如果它缺少-----BEGIN XXX-----和-----END XXX-----并且是二进制的,那么它可能是DER格式。
RSA* rsa = RSA_new();
BN_hex2bn(&rsa->n, WHAT_HERE);
BN_hex2bn(&rsa->e, AND_WHAT_HERE);
RSA_public_encrypt(....);
Try using PEM_read_PrivateKey , PEM_read_PupblicKey and friends since the keys are in PEM format. 尝试使用PEM_read_PrivateKey , PEM_read_PupblicKey和朋友,因为密钥是PEM格式。 There's lots of friends, and they are listed at pem(3) in the OpenSSL docs. 有很多朋友,他们在OpenSSL文档的pem(3)中列出。
OpenSSL uses the functions frequently. OpenSSL经常使用这些功能。 For example, cd into <openssl dir>/apps and look at the uses: 例如, cd进入<openssl dir>/apps并查看用途:
openssl-1.0.1f/apps$ grep -R PEM_read *
apps.c: x=PEM_read_bio_X509_AUX(cert,NULL,
apps.c: pkey=PEM_read_bio_PrivateKey(key,NULL,
apps.c: rsa = PEM_read_bio_RSAPublicKey(key, NULL,
apps.c: pkey=PEM_read_bio_PUBKEY(key,NULL,
ca.c: if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
cms.c: cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
cms.c: rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
crl2p7.c: crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
crl.c: x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
dh.c: dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
dhparam.c: dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
dhparam.c: dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
dsaparam.c: dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
ec.c: eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
ec.c: eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
ecparam.c: group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
gendsa.c: if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
genpkey.c: pkey = PEM_read_bio_Parameters(pbio, NULL);
nseq.c: while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
nseq.c: if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
pkcs12.c: while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
pkcs7.c: p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
pkcs8.c: p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
pkcs8.c: p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
pkeyparam.c: pkey = PEM_read_bio_Parameters(in, NULL);
req.c: req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
req.c: param = PEM_read_bio_Parameters(pbio, NULL);
req.c: x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
s_client.c: sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
sess_id.c: x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
smime.c: p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
s_server.c: ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
s_server.c: if (PEM_read_X509(in,&x,NULL) == NULL)
x509.c: req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
The apps directory is where the source code for utilities like genrsa , x509 , req , encrypt , decrypt , etc are located. apps目录是genrsa , x509 , req , encrypt , decrypt等实用程序的源代码所在的位置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.