如何将 pem 私钥转换为可在 .NET 中使用的 Windows 格式 [英] How can I convert a pem private key to a format for windows that can be used in .NET

问题描述

我得到了一个私钥，结果是 pkcs8 格式，我设法使用以下命令将其转换为 pem 文件:

I have a been given a private key that turned out to be in pkcs8 format, which I managed to turn into a pem file using the following command:

openssl pkcs8 -inform der -nocrypt -in private.key -out pkey.pem

我现在需要将其转换为 pkcs12，以便我可以在 .NET 中使用它来创建 X509 证书(我也想将其导入 Windows 证书管理器).

I now need to convert this to pkcs12 so I can use it in .NET to create an X509 certificate (also I'd like to import it to windows cert manager).

我试过这个命令:

openssl pkcs12 -export -name myalias -in mycert.crt -inkey pkey.pem -out keystore.p12

但是，我没有公钥，我尝试使用 pkey.pem 文件作为 -in arg，但它告诉我 没有证书匹配私钥.如果我在没有 -in arg 的情况下尝试，那么什么也不会发生(我的意思是什么，在我按下 ctrl-c 之前会有一个空白行).

however, I don't have the public key, I've tried using the pkey.pem file as the -in arg, but it tells me No certificate matches private key. If I try without the -in arg then nothing happens (and I mean nothing, there is a blank row until I press ctrl-c).

如何从私钥生成公钥，或者在没有公钥的情况下转换为pkcs12?

How can I generate the public key from the private key, or convert to pkcs12 without the public key?

这个问题的第一部分是来自这里的答案

我找到了一个答案，给了我一些希望，它说要运行这个命令 (-nocerts):>

I found an answer that gave me some hope, which says to run this command (-nocerts):

openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12

但是当我尝试将文件导入 Windows 密钥库时，它在导入时显示指定的文件为空.

But when I try to import the file into the windows key store, it says The specified file is empty when it is importing.

我还设法根据说明生成了证书签名请求 这里，它生成了一个证书文件，但命令仍然不接受说没有证书匹配私钥

I've also managed to generate a certificate signing request from instructions here, which generated a certificate file, but the command still didn't accept that saying No certificate matches private key

另一个答案建议生成公钥，我确实这样做了，但是当我将其用作 -在 arg 中它仍然说No certificate matching private key，我不明白，因为这个公钥是使用以下命令从私钥生成的:openssl rsa -in privkey.pem -pubout >key.pub

Another answer suggests generating the public key, which I do, but when I use that as the -in arg it still says No certificate matches private key, which I don't understand as this public key was generated from the private key using this command: openssl rsa -in privkey.pem -pubout > key.pub

我已经在下面发布了一个答案，但如前所述，我无法验证此信息或判断它是否有效.如果有人有任何进一步的信息，请告诉我.

I've posted an answer below, but as mentioned I've no way of verifying this information or telling if it works. If anyone has any further information, please let me know.

推荐答案

看起来:

以下命令将其转换为可在 Windows 中使用的格式:

The following commands turn this into a format usable in windows:

将私钥从 pkcs8/DER 转换为 PEM 文件格式

Convert the private key from pkcs8/DER to a PEM file format

openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem

将证书从 x509/DER 转换为 PEM 文件格式

Convert the certificate from x509/DER to a PEM file format

openssl x509 -inform der -in dealerCertificate.x509 -out public.pem

将这两个文件合并为一个 pkcs12 文件 - 系统将提示您输入密码以保护 p12

Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with

openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12

这为我提供了一个 pkcs12 证书(我认为)，我已将其添加到 Windows 密钥库中，然后可以从 .NET 访问并将其附加到我的 WCF 请求中.

This gives me a pkcs12 certificate (I think) that I've added to the windows key store and can then access from .NET and attach it to my WCF request.

不幸的是，我无法验证这是否可以作为具有与我的请求相同数据的服务响应，这完全令人困惑:

Unfortunately I can't verify that this works as the service response with the same data as my request, which is completely confusing:

请求:

POST http://[HOST].com/services/fsa/1.0 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
Host: [HOST]
Content-Length: 299
Expect: 100-continue
Connection: Keep-Alive

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://[HOST].com/services/fsa/1.0"><String_1 xmlns="">[MY_STRING]</String_1></list></s:Body></s:Envelope>

回复:

HTTP/1.1 200 OK
Date: Thu, 31 Oct 2013 12:19:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0a mod_jk/1.2.31
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
host: [HOST]
Expect: 100-continue
connection: Keep-Alive, Keep-Alive
Content-Length: 299
Keep-Alive: timeout=2, max=100
Content-Type: text/xml;charset=utf-8

<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><list xmlns='http://[HOST].com/services/fsa/1.0'><String_1 xmlns=''>[MY_STRING]</String_1></list></s:Body></s:Envelope>

这篇关于如何将 pem 私钥转换为可在 .NET 中使用的 Windows 格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！