无法使用 openssl 验证公共证书的模块(无法验证 rsa 公钥来自私钥)
[英]Unable to verify a public cert's modules with openssl (Unable to verify rsa public key came from a private key)
问题描述
I created a private and public key pair like this:
我创建了一个这样的私钥和公钥对:
openssl genrsa -out priv.pem 2048
openssl rsa -in priv.pem -pubout -out pub.pem
I want to now verify the public key came from the private key though openssl.我现在想通过 openssl 验证公钥是否来自私钥。 I am able to hash the modulus like this:我能够 hash 模数是这样的:
openssl rsa -noout -modulus -in priv.pem | openssl md5
However when I try to hash the modulus of the public key I get an error:但是,当我尝试 hash 公钥的模数时,出现错误:
penssl x509 -noout -modulus -in pub.pem | openssl md5
unable to load certificate
140020691816896:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
(stdin)= d41d8cd98f00b204e9800998ecf8427e
I know I am going about this wrong, however I do not know of a way to actually test if a public key came from a private key correctly.我知道我正在解决这个问题,但是我不知道有一种方法可以实际测试公钥是否正确来自私钥。 How can I accomplish this in inux with openssl only based on the way I created the key pair asside from encrypting a file with my public key and then trying to decrypt it with the private?我如何才能在 inux 中使用 openssl 完成此操作,仅基于我创建密钥对的方式,除了用我的公钥加密文件然后尝试用私钥解密它?
2 个解决方案
解决方案1
2 已采纳 2022-01-18 17:57:50
You can use the same command you used for the private key, but using the -pubin argument.您可以使用与私钥相同的命令,但使用-pubin参数。 For example:例如:
openssl rsa -noout -modulus -in pub.pem -pubin | openssl md5
解决方案2
1 2022-01-18 16:31:01
The x509 command expects an X.509 certificate as input. x509命令需要 X.509 证书作为输入。 You haven't created a certificate, and are providing only a public key as input.您尚未创建证书,并且仅提供公钥作为输入。 A certificate is more than a public key;证书不仅仅是公钥; it is a binding between identity information and a public key.它是身份信息和公钥之间的绑定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.