如何从公共 RSA 密钥创建信任库
[英]How to create a truststore from a public RSA key
问题描述
I need to read an encrypted ID token in an OpenID Connect flow with a private and public key.
我需要使用私钥和公钥读取 OpenID Connect 流中的加密 ID 令牌。 Don't need a cert.不需要证书。
First I ran:首先我跑了:
openssl req -new -newkey rsa:2048 -keyout key.pem -pubkey -out pubreq.pem -subj "/CN=MyKey" openssl req -new -newkey rsa:2048 -keyout key.pem -pubkey -out pubreq.pem -subj "/CN=MyKey"
Got the public and private keys.得到公钥和私钥。
Then I ran:然后我跑了:
openssl pkcs12 -export -inkey key.pem -out encryptedprivatekeytest.p12 -nocerts openssl pkcs12 -export -inkey key.pem -out encryptedprivatekeytest.p12 -nocerts
So far so good.到目前为止,一切都很好。 The file encryptedprivatekeytest.p12 contains the private key.文件 encryptedprivatekeytest.p12 包含私钥。 Now I just need to create a jks truststore file from the public key in pubreq.pem.现在我只需要从 pubreq.pem 中的公钥创建一个 jks 信任库文件。
Literally no matter how hard I try to find out how to, I just can't.从字面上看,无论我多么努力地尝试找出方法,我都做不到。
Any takers?有接盘侠吗?
1 个解决方案
解决方案1
0 2022-06-20 15:13:07
You have actually created a certificate signing request with the above command.您实际上已经使用上述命令创建了证书签名请求。
To generate just a public-private key pair, you can use:要仅生成公钥-私钥对,您可以使用:
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
However, a trust store contains certificates, not public keys.但是,信任库包含证书,而不是公钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.