OpenSSL RSA以.cer格式提取公钥
[英]OpenSSL RSA extract public key with .cer format
问题描述
I'm using openSSL to create RSA public and private key . 
我正在使用openSSL创建RSA public and private key 。 I create success, and output is 2 keys with format private_key.pem and public_key.pem . 我创建成功,并且输出的是2个键,格式为private_key.pem和public_key.pem 。
So, the requirement is public key need to be in .cer extension , Base 64 format and start with header: -----BEGIN 因此,要求公开密钥必须采用.cer extension , Base 64 format并以标头开头: -----BEGIN
I do some researches but can't find to to convert pem to cer 我做了一些研究,但找不到将pem转换为cer
Any ideas? 有任何想法吗? Thanks. 谢谢。
P/S: Here is script that I used to generate key: P / S:这是我用来生成密钥的脚本:
openssl genrsa -out private_key.pem 2048
openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
Update 更新资料
Finally, I found solution for this, just for those who need it. 最终,我找到了解决方案,只针对需要它的人。
set OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf
openssl genrsa -out private_key.pem 2048 -sha256 -passout pass:abc123
openssl req -new -x509 -sha256 -key private_key.pem -out public_key.cer -days 3650
2 个解决方案
解决方案1
0 2017-09-26 15:59:45
For your public key to start with header: -----BEGIN, directly generate a base64 certificate with the private key. 为了使您的公钥以标头开头:----- BEGIN,直接使用私钥生成base64证书。
openssl genrsa -out key.pem 2048
openssl req -new -x509 -days 1826 -key key.pem -out ca.crt
This will generate a self-signed certificate embedded with the relative public key which is valid for 5 years. 这将生成一个嵌入了相对公钥的自签名证书,有效期为5年。 Or use, 或使用
openssl req -new -key key.pem -out cert.csr
to generate a certificate signing request and get it signed by a Root. 生成证书签名请求并由Root对其进行签名。
解决方案2
-1 2017-09-20 08:01:04
PEM is a normative encoding format (see RFC-7468 ), specifically designed to be included in mails, so it is only using a basic character set. PEM是一种规范性编码格式(请参阅RFC-7468 ),专门设计用于包含在邮件中,因此它仅使用基本字符集。 DER is another normative encoding format, using a binary encoding scheme. DER是使用二进制编码方案的另一种规范性编码格式。
CER is not normative, it is a file extension often used to convey certificates (or, less often, keys). CER 不是规范性的,它是一个文件扩展名,通常用于传达证书(或更少的是密钥)。
Since CER is sometimes used as an extension for files containing DER encoded cryptographic material, people misuse the CER acronym and talk about CER encoding. 由于CER有时被用作包含DER编码的加密材料的文件的扩展名,因此人们滥用CER的首字母缩写并谈论CER编码。 But this has no sense. 但这没有意义。 Finally, some other people talk about CER files for PEM encoded material. 最后,还有其他人谈论PEM编码材料的CER文件。
I do some researches but can't find to to convert pem to cer
You will not, this has no sense: the way you have created your keys made them already PEM encoded. 您不会,这毫无意义:您创建密钥的方式使它们已经经过PEM编码。
So, the only thing you may need to do is converting your key files encoded in PEM to DER format, whatever the filename extension is. 因此,无论文件扩展名是什么,您唯一需要做的就是将以PEM编码的密钥文件转换为DER格式。
To do that, use openssl: 为此,请使用openssl:
openssl rsa -inform PEM -in private_key.pem -outform DER -out private_key.der
openssl rsa -pubin -inform PEM -in public_key.pem -outform DER -out public_key.der
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.