[英]How do I use OpenSSL to make a public and private key using a .crt and .key file?
I know this is probably a bad question but I am so confused.我知道这可能是一个不好的问题,但我很困惑。 I have a tls certificate and a tls key file, tls.crt and tls.key.
我有一个 tls 证书和一个 tls 密钥文件 tls.crt 和 tls.key。 I think I'm supposed to convert them into a public and private key, relatively, in order to use openssl.
我想我应该将它们转换成公钥和私钥,相对地,以便使用openssl。
side note: Am I approaching this wrong? Is there some TLS application to encrypt/decrypt?
To convert the public key, I use要转换公钥,我使用
$ openssl x509 -pubkey tls.crt -noout > pubkey
This created a public key that I was able to encrypt a message file with by doing这创建了一个公钥,我可以通过这样做来加密消息文件
$ opensssl rsautl -encrypt -inkey pubkey -pubin -in <message file> -out <encrypted output>
I have successfully encrypted the file but now I don't know how to decrypt it.我已成功加密文件,但现在我不知道如何解密它。 I don't know how to convert my private key (tls.key) into an ssl private key.
我不知道如何将我的私钥 (tls.key) 转换为 ssl 私钥。 This is what stumps me.
这让我很难过。 Shouldn't I be doing some tls encryption/decryption?
我不应该做一些 tls 加密/解密吗? If not, and I am supposed to be using openssl, how should I convert tls.key into a private key usable by openssl rsautl -decrypt?
如果没有,并且我应该使用 openssl,我应该如何将 tls.key 转换为可用于 openssl rsautl -decrypt 的私钥?
tl;dr: The key file is the key file you want. tl; dr:密钥文件是您想要的密钥文件。 No conversion should be required.
不需要转换。
The trick here is in the following question: "What is a certificate?"这里的诀窍在于以下问题:“什么是证书?” The answer is that it is a signed public key that goes along with a secure private key.
答案是它是带有安全私钥的签名公钥。 It (usually) gets signed by a CA ("Certificatation Authority").
它(通常)由 CA(“证书颁发机构”)签名。
The basic process is:基本流程是:
So, you took your own public key from the certificate.因此,您从证书中获取了自己的公钥。 The private key (tls.key) should be the key file you created in the first step - just use it on your encrypted data.
私钥 (tls.key) 应该是您在第一步中创建的密钥文件 - 只需在加密数据上使用它即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.