如何使用 OpenSSL 通过 .crt 和 .key 文件制作公钥和私钥?
[英]How do I use OpenSSL to make a public and private key using a .crt and .key file?
问题描述
I know this is probably a bad question but I am so confused.
我知道这可能是一个不好的问题,但我很困惑。 I have a tls certificate and a tls key file, tls.crt and tls.key.我有一个 tls 证书和一个 tls 密钥文件 tls.crt 和 tls.key。 I think I'm supposed to convert them into a public and private key, relatively, in order to use openssl.我想我应该将它们转换成公钥和私钥,相对地,以便使用openssl。
side note: Am I approaching this wrong? Is there some TLS application to encrypt/decrypt?
To convert the public key, I use要转换公钥,我使用
$ openssl x509 -pubkey tls.crt -noout > pubkey
This created a public key that I was able to encrypt a message file with by doing这创建了一个公钥,我可以通过这样做来加密消息文件
$ opensssl rsautl -encrypt -inkey pubkey -pubin -in <message file> -out <encrypted output>
I have successfully encrypted the file but now I don't know how to decrypt it.我已成功加密文件,但现在我不知道如何解密它。 I don't know how to convert my private key (tls.key) into an ssl private key.我不知道如何将我的私钥 (tls.key) 转换为 ssl 私钥。 This is what stumps me.这让我很难过。 Shouldn't I be doing some tls encryption/decryption?我不应该做一些 tls 加密/解密吗? If not, and I am supposed to be using openssl, how should I convert tls.key into a private key usable by openssl rsautl -decrypt?如果没有,并且我应该使用 openssl,我应该如何将 tls.key 转换为可用于 openssl rsautl -decrypt 的私钥?
1 个解决方案
解决方案1
1 已采纳 2022-06-21 21:34:21
tl;dr: The key file is the key file you want. tl; dr:密钥文件是您想要的密钥文件。 No conversion should be required.不需要转换。
The trick here is in the following question: "What is a certificate?"这里的诀窍在于以下问题:“什么是证书?” The answer is that it is a signed public key that goes along with a secure private key.答案是它是带有安全私钥的签名公钥。 It (usually) gets signed by a CA ("Certificatation Authority").它(通常)由 CA(“证书颁发机构”)签名。
The basic process is:基本流程是:
- Entity that wants a certificate creates a private/public key pair.想要证书的实体创建一个私钥/公钥对。
- Entity send the public key and some information about the Entity to the CA.实体将公钥和有关实体的一些信息发送给 CA。
- The CA performs "some level" of validation on the Entity, verifying their identity. CA 对实体执行“某种级别”的验证,验证其身份。 Usually this is just some level of proof that the requestor owns the web site the certificate is to be used for.通常,这只是请求者拥有证书将用于的网站的某种程度的证明。
- The CA takes the provided public key and the other info provided, uses their private key to generate a signature for that data, which then can be verified by decrypting the signature using the CA's public key. CA 获取提供的公钥和提供的其他信息,使用他们的私钥为该数据生成签名,然后可以通过使用 CA 的公钥解密签名来验证该签名。 That becomes your certificate.那将成为您的证书。
So, you took your own public key from the certificate.因此,您从证书中获取了自己的公钥。 The private key (tls.key) should be the key file you created in the first step - just use it on your encrypted data.私钥 (tls.key) 应该是您在第一步中创建的密钥文件 - 只需在加密数据上使用它即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.