从 openssl 密钥文件中提取 public 和私钥
Extracting public and private keys from openssl key file
我使用以下命令生成一对 dsa 密钥:
openssl gendsa -out myDSAkey.pem sharedDSA.pem
然后,我可以使用以下命令 "extract" 我的私钥和 public 密钥:
openssl dsa -in myDSAkey.pem -aes128 -out myDSApriv.pem
openssl dsa -in myDSAkey.pem -out myDSApub.pem -outform PEM -pubout
当我执行以下任一操作时:
openssl dsa -text -inform PEM -in myDSAkey.pem
openssl dsa -text -inform PEM -in myDSApriv.pem
我从系统中获取了我需要的所有信息:
Private-Key: (1024 bit)
priv:
49:b1:e2:c6:00:48:e0:1f:f7:ad:ca:06:77:52:48:
52:89:f3:f7:d8
pub:
02:5d:c9:ba:83:1a:cc:31:63:49:4a:79:5c:a3:a5:
73:ab:70:b0:48:df:c8:26:53:16:71:9c:4c:3f:28:
1b:53:4d:6b:e2:06:fc:b8:5e:93:f9:e1:9e:71:4d:
17:c2:86:90:58:01:d2:f1:24:fa:ff:af:2d:00:6f:
d0:8c:f9:1e:27:f6:8c:bc:50:bd:32:91:d9:51:c0:
25:16:9f:df:e9:54:0c:07:53:62:61:1d:c4:93:da:
65:87:59:4a:43:fd:79:28:6e:9a:fa:fa:00:f5:19:
ce:5b:5d:0c:4d:c1:45:86:c6:17:47:e2:a7:a5:e3:
99:65:36:0a:02:eb:2c:91
P:
00:9e:3e:54:31:cd:be:c8:ba:d0:0d:37:5a:ed:1c:
2f:0f:47:13:48:9f:e6:f7:d7:bc:2d:01:12:d6:10:
94:a5:24:49:d3:6e:64:b1:55:06:8a:f6:df:c7:f8:
59:f0:e1:9e:16:9b:69:ac:db:1a:71:21:d2:f7:a7:
94:f9:14:ae:17:5c:74:bf:59:c8:7e:cc:2b:39:be:
e1:10:1f:bb:8e:7d:6f:f3:a5:61:1c:09:7d:56:be:
15:4c:da:27:42:56:90:61:02:05:72:cf:e1:6b:56:
89:81:87:ca:e5:bb:16:33:02:5c:fb:66:51:4f:22:
70:2d:59:54:0f:6c:b0:95:ed
Q:
00:a7:37:61:7f:3b:36:8b:89:cc:f1:e8:82:af:98:
44:09:a7:e2:0f:b9
G:
6f:bd:e3:25:06:ad:40:03:1c:f8:5d:4c:3e:85:17:
fa:db:14:e3:c1:99:1e:f3:d8:36:a9:70:18:a9:30:
81:7e:2e:ad:ca:87:39:a6:99:65:64:1a:2c:33:f4:
e0:ee:57:c9:92:e0:7f:e0:2d:42:00:be:81:3b:c7:
b9:39:5b:23:b8:0d:0b:c2:3a:8c:a1:33:d6:e5:0b:
a5:c2:d8:cd:ea:ec:c0:76:13:35:79:b1:c4:cd:9c:
ea:ec:e8:ed:84:2b:89:2c:7a:70:be:62:f0:f6:5b:
0b:0e:c0:e7:aa:99:75:5b:68:31:20:bb:2d:d3:fc:
c8:12:f5:44:a2:7f:d4:3d
writing DSA key
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCePlQxzb7IutANN1rtHC8PRxNIn+b317wtARLWEJSlJEnTbmSx
VQaK9t/H+Fnw4Z4Wm2ms2xpxIdL3p5T5FK4XXHS/Wch+zCs5vuEQH7uOfW/zpWEc
CX1WvhVM2idCVpBhAgVyz+FrVomBh8rluxYzAlz7ZlFPInAtWVQPbLCV7QIVAKc3
YX87NouJzPHogq+YRAmn4g+5AoGAb73jJQatQAMc+F1MPoUX+tsU48GZHvPYNqlw
GKkwgX4urcqHOaaZZWQaLDP04O5XyZLgf+AtQgC+gTvHuTlbI7gNC8I6jKEz1uUL
pcLYzerswHYTNXmxxM2c6uzo7YQriSx6cL5i8PZbCw7A56qZdVtoMSC7LdP8yBL1
RKJ/1D0CgYACXcm6gxrMMWNJSnlco6Vzq3CwSN/IJlMWcZxMPygbU01r4gb8uF6T
+eGecU0XwoaQWAHS8ST6/68tAG/QjPkeJ/aMvFC9MpHZUcAlFp/f6VQMB1NiYR3E
k9plh1lKQ/15KG6a+voA9RnOW10MTcFFhsYXR+KnpeOZZTYKAusskQIUSbHixgBI
4B/3rcoGd1JIUonz99g=
-----END DSA PRIVATE KEY-----
这很奇怪,因为我认为在文件 myDSApriv.pem 中提取了与私钥相关的 myDSAkey.pem 的内容。更令人惊讶的是,我没有 myDSApub.pem 的此信息。执行命令:
openssl dsa -inform PEM -pubin -in nombreDSApub.pem
只给出
read DSA key
writing DSA key
-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJ4+VDHNvsi60A03Wu0cLw9HE0if5vfX
vC0BEtYQlKUkSdNuZLFVBor238f4WfDhnhabaazbGnEh0venlPkUrhdcdL9ZyH7M
Kzm+4RAfu459b/OlYRwJfVa+FUzaJ0JWkGECBXLP4WtWiYGHyuW7FjMCXPtmUU8i
cC1ZVA9ssJXtAhUApzdhfzs2i4nM8eiCr5hECafiD7kCgYBvveMlBq1AAxz4XUw+
hRf62xTjwZke89g2qXAYqTCBfi6tyoc5ppllZBosM/Tg7lfJkuB/4C1CAL6BO8e5
OVsjuA0LwjqMoTPW5QulwtjN6uzAdhM1ebHEzZzq7OjthCuJLHpwvmLw9lsLDsDn
qpl1W2gxILst0/zIEvVEon/UPQOBhAACgYACXcm6gxrMMWNJSnlco6Vzq3CwSN/I
JlMWcZxMPygbU01r4gb8uF6T+eGecU0XwoaQWAHS8ST6/68tAG/QjPkeJ/aMvFC9
MpHZUcAlFp/f6VQMB1NiYR3Ek9plh1lKQ/15KG6a+voA9RnOW10MTcFFhsYXR+Kn
peOZZTYKAusskQ==
-----END PUBLIC KEY-----
虽然我希望它给出之前给出的十六进制格式。
有没有办法只显示 myDSApriv.pem 和 myDSApub.pem 的十六进制信息?为什么myDSApriv.pem包含所有参数的信息?
您在打印 public 密钥时没有使用 -text 标志,因此它没有以人类可读的形式打印出来。您可以进一步添加 -noout 以避免在末尾打印 PEM 编码的密钥。
此外,请注意您已将此私钥发布到 Internet,因此请确保在执行任何您关心的事情之前生成一个新的密钥对:)。
我使用以下命令生成一对 dsa 密钥:
openssl gendsa -out myDSAkey.pem sharedDSA.pem
然后,我可以使用以下命令 "extract" 我的私钥和 public 密钥:
openssl dsa -in myDSAkey.pem -aes128 -out myDSApriv.pem
openssl dsa -in myDSAkey.pem -out myDSApub.pem -outform PEM -pubout
当我执行以下任一操作时:
openssl dsa -text -inform PEM -in myDSAkey.pem
openssl dsa -text -inform PEM -in myDSApriv.pem
我从系统中获取了我需要的所有信息:
Private-Key: (1024 bit)
priv:
49:b1:e2:c6:00:48:e0:1f:f7:ad:ca:06:77:52:48:
52:89:f3:f7:d8
pub:
02:5d:c9:ba:83:1a:cc:31:63:49:4a:79:5c:a3:a5:
73:ab:70:b0:48:df:c8:26:53:16:71:9c:4c:3f:28:
1b:53:4d:6b:e2:06:fc:b8:5e:93:f9:e1:9e:71:4d:
17:c2:86:90:58:01:d2:f1:24:fa:ff:af:2d:00:6f:
d0:8c:f9:1e:27:f6:8c:bc:50:bd:32:91:d9:51:c0:
25:16:9f:df:e9:54:0c:07:53:62:61:1d:c4:93:da:
65:87:59:4a:43:fd:79:28:6e:9a:fa:fa:00:f5:19:
ce:5b:5d:0c:4d:c1:45:86:c6:17:47:e2:a7:a5:e3:
99:65:36:0a:02:eb:2c:91
P:
00:9e:3e:54:31:cd:be:c8:ba:d0:0d:37:5a:ed:1c:
2f:0f:47:13:48:9f:e6:f7:d7:bc:2d:01:12:d6:10:
94:a5:24:49:d3:6e:64:b1:55:06:8a:f6:df:c7:f8:
59:f0:e1:9e:16:9b:69:ac:db:1a:71:21:d2:f7:a7:
94:f9:14:ae:17:5c:74:bf:59:c8:7e:cc:2b:39:be:
e1:10:1f:bb:8e:7d:6f:f3:a5:61:1c:09:7d:56:be:
15:4c:da:27:42:56:90:61:02:05:72:cf:e1:6b:56:
89:81:87:ca:e5:bb:16:33:02:5c:fb:66:51:4f:22:
70:2d:59:54:0f:6c:b0:95:ed
Q:
00:a7:37:61:7f:3b:36:8b:89:cc:f1:e8:82:af:98:
44:09:a7:e2:0f:b9
G:
6f:bd:e3:25:06:ad:40:03:1c:f8:5d:4c:3e:85:17:
fa:db:14:e3:c1:99:1e:f3:d8:36:a9:70:18:a9:30:
81:7e:2e:ad:ca:87:39:a6:99:65:64:1a:2c:33:f4:
e0:ee:57:c9:92:e0:7f:e0:2d:42:00:be:81:3b:c7:
b9:39:5b:23:b8:0d:0b:c2:3a:8c:a1:33:d6:e5:0b:
a5:c2:d8:cd:ea:ec:c0:76:13:35:79:b1:c4:cd:9c:
ea:ec:e8:ed:84:2b:89:2c:7a:70:be:62:f0:f6:5b:
0b:0e:c0:e7:aa:99:75:5b:68:31:20:bb:2d:d3:fc:
c8:12:f5:44:a2:7f:d4:3d
writing DSA key
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCePlQxzb7IutANN1rtHC8PRxNIn+b317wtARLWEJSlJEnTbmSx
VQaK9t/H+Fnw4Z4Wm2ms2xpxIdL3p5T5FK4XXHS/Wch+zCs5vuEQH7uOfW/zpWEc
CX1WvhVM2idCVpBhAgVyz+FrVomBh8rluxYzAlz7ZlFPInAtWVQPbLCV7QIVAKc3
YX87NouJzPHogq+YRAmn4g+5AoGAb73jJQatQAMc+F1MPoUX+tsU48GZHvPYNqlw
GKkwgX4urcqHOaaZZWQaLDP04O5XyZLgf+AtQgC+gTvHuTlbI7gNC8I6jKEz1uUL
pcLYzerswHYTNXmxxM2c6uzo7YQriSx6cL5i8PZbCw7A56qZdVtoMSC7LdP8yBL1
RKJ/1D0CgYACXcm6gxrMMWNJSnlco6Vzq3CwSN/IJlMWcZxMPygbU01r4gb8uF6T
+eGecU0XwoaQWAHS8ST6/68tAG/QjPkeJ/aMvFC9MpHZUcAlFp/f6VQMB1NiYR3E
k9plh1lKQ/15KG6a+voA9RnOW10MTcFFhsYXR+KnpeOZZTYKAusskQIUSbHixgBI
4B/3rcoGd1JIUonz99g=
-----END DSA PRIVATE KEY-----
这很奇怪,因为我认为在文件 myDSApriv.pem 中提取了与私钥相关的 myDSAkey.pem 的内容。更令人惊讶的是,我没有 myDSApub.pem 的此信息。执行命令:
openssl dsa -inform PEM -pubin -in nombreDSApub.pem
只给出
read DSA key
writing DSA key
-----BEGIN PUBLIC KEY-----
MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJ4+VDHNvsi60A03Wu0cLw9HE0if5vfX
vC0BEtYQlKUkSdNuZLFVBor238f4WfDhnhabaazbGnEh0venlPkUrhdcdL9ZyH7M
Kzm+4RAfu459b/OlYRwJfVa+FUzaJ0JWkGECBXLP4WtWiYGHyuW7FjMCXPtmUU8i
cC1ZVA9ssJXtAhUApzdhfzs2i4nM8eiCr5hECafiD7kCgYBvveMlBq1AAxz4XUw+
hRf62xTjwZke89g2qXAYqTCBfi6tyoc5ppllZBosM/Tg7lfJkuB/4C1CAL6BO8e5
OVsjuA0LwjqMoTPW5QulwtjN6uzAdhM1ebHEzZzq7OjthCuJLHpwvmLw9lsLDsDn
qpl1W2gxILst0/zIEvVEon/UPQOBhAACgYACXcm6gxrMMWNJSnlco6Vzq3CwSN/I
JlMWcZxMPygbU01r4gb8uF6T+eGecU0XwoaQWAHS8ST6/68tAG/QjPkeJ/aMvFC9
MpHZUcAlFp/f6VQMB1NiYR3Ek9plh1lKQ/15KG6a+voA9RnOW10MTcFFhsYXR+Kn
peOZZTYKAusskQ==
-----END PUBLIC KEY-----
虽然我希望它给出之前给出的十六进制格式。
有没有办法只显示 myDSApriv.pem 和 myDSApub.pem 的十六进制信息?为什么myDSApriv.pem包含所有参数的信息?
您在打印 public 密钥时没有使用 -text 标志,因此它没有以人类可读的形式打印出来。您可以进一步添加 -noout 以避免在末尾打印 PEM 编码的密钥。
此外,请注意您已将此私钥发布到 Internet,因此请确保在执行任何您关心的事情之前生成一个新的密钥对:)。