如何使用 openssl 中的特定输入数字生成 rsa 密钥? [英] How to Generate rsa keys using specific input numbers in openssl?
问题描述
我选择了 2 个质数 p
和 q
.
计算出的公钥对:(n,e)
和私钥:d
.
例如
p = 17,q = 11,n = 187,e = 7 和 d = 23
在网上冲浪后,我发现这个命令可以生成公钥和私钥对:openssl genrsa -out mykey.pem 1024
但是我想生成对应于d = 23
的私钥和对应于e = 7
的公钥.我如何将这些数字作为输入.
一种方法是使用 OpenSSL 的 asn1parse
命令的 -genconf
选项生成一个 DER 编码的密钥.
您需要为 asn1parse -genconf
构建一个输入文件,以生成标准格式的 RSA 密钥(根据 RFC 3447).asn1parse -genconf
的语法如下:http:///www.openssl.org/docs/crypto/ASN1_generate_nconf.html 事实上,它已经有一个构建 RSA 密钥的例子.
您需要计算更多的值(具体来说,d mod (p-1)
、d mod (q-1)
和 q^-1 mod p
.对于你给的p
,q
,d
的值,这些是:
d mod(p-1) = 23 mod 16 = 7
d mod(q-1) = 23 mod 10 = 3
q^-1 mod p = 14
以适当的格式将所有这些放在一个文本文件中:
asn1=SEQUENCE:rsa_key[rsa_key]版本=整数:0模数=整数:187pubExp=整数:7privExp=整数:23p=整数:17q=整数:11e1=整数:7e2=整数:3系数=整数:14
构建二进制DER文件:
openssl asn1parse -genconf <上面文件的路径>-out newkey.der
然后您可以通过 OpenSSL 的 rsa
命令运行它以确认:
openssl rsa -in newkey.der -inform der -text -check
哪个应该输出:
私钥:(8 位)模数:187 (0xbb)公共指数:7 (0x7)私有指数:23 (0x17)素数1:17(0x11)素数2:11(0xb)指数 1: 7 (0x7)指数 2: 3 (0x3)系数:14(0xe)RSA 密钥正常写入 RSA 密钥-----开始RSA私钥-----MBwCAQACAgC7AgEHAgEXAgERAGELAgEHAgEDAgEO-----结束RSA私钥-----
您可以使用 OpenSSL 的 rsautl
命令来加密数据(尽管使用此密钥,您只能加密单个字节的数据,前提是该字节也小于 187).>
I selected 2 prime numbers p
and q
.
Calculated public pair: (n,e)
and private key: d
.
For ex.
p = 17, q = 11, n = 187, e = 7 and d = 23
After surfing on the Internet I found this command to generate the public and private key pair :
openssl genrsa -out mykey.pem 1024
But I want to generate private key corresponding to d = 23
and public key corresponding to e = 7
. How can I give these numbers as input.
One way to do this is to generate a DER encoded key using OpenSSL's asn1parse
command's -genconf
option.
You'll need to construct an input file for asn1parse -genconf
to produce an RSA key in the standard format (per RFC 3447). The syntax for asn1parse -genconf
is given here: http://www.openssl.org/docs/crypto/ASN1_generate_nconf.html and indeed, it already has an example for constructing an RSA key.
You need to calculate a few more values (specifically, d mod (p-1)
, d mod (q-1)
and q^-1 mod p
. For the values of p
, q
, d
you gave, these are:
d mod(p-1) = 23 mod 16 = 7
d mod(q-1) = 23 mod 10 = 3
q^-1 mod p = 14
Put this all together into a text file in the appropriate format:
asn1=SEQUENCE:rsa_key
[rsa_key]
version=INTEGER:0
modulus=INTEGER:187
pubExp=INTEGER:7
privExp=INTEGER:23
p=INTEGER:17
q=INTEGER:11
e1=INTEGER:7
e2=INTEGER:3
coeff=INTEGER:14
To construct the binary DER file:
openssl asn1parse -genconf <path to above file> -out newkey.der
You can then run this through OpenSSL's rsa
command to confirm:
openssl rsa -in newkey.der -inform der -text -check
Which should output:
Private-Key: (8 bit)
modulus: 187 (0xbb)
publicExponent: 7 (0x7)
privateExponent: 23 (0x17)
prime1: 17 (0x11)
prime2: 11 (0xb)
exponent1: 7 (0x7)
exponent2: 3 (0x3)
coefficient: 14 (0xe)
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MBwCAQACAgC7AgEHAgEXAgERAgELAgEHAgEDAgEO
-----END RSA PRIVATE KEY-----
You can use this to encrypt data with OpenSSL's rsautl
command (though with this key you're limited to encrypting just a single byte of data providing that byte is also less than 187).
这篇关于如何使用 openssl 中的特定输入数字生成 rsa 密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!