将PEM传统私钥转换为PKCS8私钥 [英] Convert PEM traditional private key to PKCS8 private key

问题描述

我已经获得了一个带有证书和pub /私钥的PEM文件。具体包括标题

I've been given a PEM file with a certificate and pub/private keys. Specifically it includes the headers

-----BEGIN CERTIFICATE-----   
-----END CERTIFICATE-----   
-----BEGIN RSA PRIVATE KEY-----   
-----END RSA PRIVATE KEY-----   
-----BEGIN RSA PUBLIC KEY-----   
-----END RSA PUBLIC KEY-----

$ b $

我的理解是在 BEGIN RSA私有密钥头，这个pem文件包含传统格式（PKCS1）的私钥，无需加密。

My understanding is without a header following the BEGIN RSA PRIVATE KEY header that this pem file contains a private key in the traditional format (PKCS1) without encryption.

我需要将此私钥转换为DER编码的PKCS8未加密格式用于与Java服务器代码，特别是PKCS8EncodedKeySpec。我试过OpenSSL，与rsa和pkcs8命令，但没有运气。

I need to convert this private key to a DER encoded PKCS8 unencrypted format for use with java server code, specifically PKCS8EncodedKeySpec. I've tried OpenSSL, both with rsa and pkcs8 commands, but with no luck. There's no specific need to use openssl if there is something easier.

具体来说：

openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem
openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -pubin openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt

指定inform和outform没有成功。

I've also tried specifying the inform and outform without success.

user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.pem -out IServer_Key.pkcs8.pem -pubin 
unable to load Public Key 
5925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:
Expecting: PUBLIC KEY

user@ubuntu:~/TestCerts$ openssl rsa -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem 
unable to load Private Key 
5993:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 
5993:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828:
5993:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=n, Type=RSA 
5993:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99: 
5993:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:125:

user@ubuntu:~/TestCerts$ openssl pkcs8 -in IServer_Key.orig.prikey.pem -out IServer_Key.pkcs8.pem -nocrypt 
Error decrypting key 
6022:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:
Expecting: PRIVATE KEY

此时任何帮助都非常感谢。

Any help would be very much appreciated at this point.

推荐答案

尝试使用以下命令。我没有尝试，但我认为它应该工作。

Try using following command. I haven't tried it but I think it should work.

openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt

openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt

这篇关于将PEM传统私钥转换为PKCS8私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！