用LockBox读取PEM格式的私钥 [英] Reading Private Key in PEM format with LockBox
问题描述
我必须使用带有RSA的SHA-1算法使用PKCS#1填充对数字签名字符串。我已经下载了Turbo Power Lockbox。
私钥是PEM格式,使用openssl创建:
< blockquote>
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj
/ C = US / ST = CA / L = Mountain View / CN = www.mycompany.com
-keyout myrsakey.pem -out c:\temp\myrsacert.pem
以下是它的样子:
----- BEGIN RSA私钥-----
MIICXAIBAAKBgQDFzvqdAEQn9MrSLTNua5SOxshV / 8jQIf3qpfunBXa9SVdm4NJw
lY7iYpwivw7EdMlBe4FmezN9LGwyIokcUSt4KUdWmA8l4Lm5rcuDzzfmlVWP7y + J
0GKG2XCp2JwHpW4Q5WiMgcAnCMD / gbDustfz3utxQhLNBdWp2MlrEH2 / rQIDAQAB
AoGAUMZmnHohWtehgxYmLG8N6QfPgx7CWAupbop9KwUWKdGrOT2RcZwBDv0JmT6 /
vwWZsX3Hp5ujuPfM7uQfbUrQHrcruUg / fPY8YXcWgNfOytGpaN / XKxfy2g2Cp8mE
4yoDR2QW8jo25ZH1q1cJ3jMyX9xlXaSZm7qtaoiDydE6roECQQDxqtP2tMEZ2FmQ
2o4T5Zv7P4II2PrLq + 9IP0ASCZ2VzLxm2Pk6kxjnPjZ2oHG8pUQHvMz0m8Br3BY8
X1BpXrj9AkEA0YpBH7qm / nbG6YjxKAL3PbxXUJ06T / ByLjfstfCrT3LxDeklfWJb $ b $亿/ V8ahRcKPLajdbKAuWvJA5NvjeJPi34cQJAZ + vD1nUIDKsiaM3zBs9X8gTvUAqu
XmMDNJguXxNPdplh8wAevHeA3 / + 6V + xivHJ8 / K7Nm + pWJouv7Co4k / ctqQJASV4y
TUzKmgC2xyCG5 + 6Z6Ujf / B7 / ouva3un // PiG0yu40ZkX4l4lHM4UwQPd / QyDj / RS
CTWo7GQBvp + tc1MfUQJBALnQnNOIIkvwIK + 1J6iLZgh7GurbCPMrH8nSn8SxkfBe
qq5JWo31LQAUNDW5ntG0qHZQpx6zm2MzIlt2NgOLf4s =
----- END RSA私钥-----
如果我没有误解,我想使用的组件是TLbRSAKey。所以我试图创建密钥对象并从文件中读取它:
var
mPrivateKey:TLbRSAKey;
begin
mPrivateKey:= TLbRSAKey.Create(aks1024);
mPrivateKey.LoadFromFile('C:\temp\myrsakey.pem');
在LoadFromFile我得到一个无效的RSA密钥错误。我做错了什么? Lockbox是否支持PEM格式的密钥?没有一个例子说明;一切似乎都是ASN格式
我不是一个delphi程序员,但我想我会尝试提供一些指针。
首先,确保为真实应用程序生成一个新的私钥。现在您已经与我们共享了您的私钥,我们不希望有任何开放的安全漏洞。
其次,ASN.1格式是使用OpenSSL的DER输出。 PEM格式只是二进制ASN.1结构的base-64编码(并添加标记)。
您可以回到DER中的一个方法:
1)您可以解析和解码PEM包络中的base-64数据。为此,只需解码 ----- BEGIN / END RSA PRIVATE KEY ----- 标记之间的数据。
或者,由于您正在创建新密钥...;)
2) code> -outform DER 参数当您使用OpenSSL生成您的密钥。
我不确定这将适用于您的应用程序
TIP 将PEM提供的密钥转换为DER格式,使用 rsa 在OpenSSL中的实用程序: openssl rsa -inform PEM -outform DER -in privkey .pem -out privkey.der
I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox.
The private key I have is in PEM format and was created using openssl:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem
Here is what it looks like:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDFzvqdAEQn9MrSLTNua5SOxshV/8jQIf3qpfunBXa9SVdm4NJw
lY7iYpwivw7EdMlBe4FmezN9LGwyIokcUSt4KUdWmA8l4Lm5rcuDzzfmlVWP7y+j
0GKG2XCp2JwHpW4Q5WiMgcAnCMD/gbDustfz3utxQhLNBdWp2MlrEH2/rQIDAQAB
AoGAUMZmnHohWtehgxYmLG8N6QfPgx7CWAupbop9KwUWKdGrOT2RcZwBDv0JmT6/
vwWZsX3Hp5ujuPfM7uQfbUrQHrcruUg/fPY8YXcWgNfOytGpaN/XKxfy2g2Cp8mE
4yoDR2QW8jo25ZH1q1cJ3jMyX9xlXaSZm7qtaoiDydE6roECQQDxqtP2tMEZ2FmQ
2o4T5Zv7P4II2PrLq+9IP0ASCZ2VzLxm2Pk6kxjnPjZ2oHG8pUQHvMz0m8Br3BY8
X1BpXrj9AkEA0YpBH7qm/nbG6YjxKAL3PbxXUJ06T/ByLjfstfCrT3LxDeklfWJb
n/V8ahRcKPLajdbKAuWvJA5NvjeJPi34cQJAZ+vD1nUIDKsiaM3zBs9X8gTvUAqu
XmMDNJguXxNPdplh8wAevHeA3/+6v+xivHJ8/K7Nm+pWJouv7Co4k/ctqQJASV4y
TUzKmgC2xyCG5+6Z6Ujf/b7/ouva3un//PiG0yu40ZkX4l4lHM4UwQPd/QyDj/Rs
CTWo7GQBvp+tc1MfUQJBALnQnNOIIkvwIK+1J6iLZgh7GurbCPMrH8nSn8SxkfBe
qq5JWo31LQAUNDW5ntG0qHZQpx6zm2MzIlt2NgOLf4s=
-----END RSA PRIVATE KEY-----
If I am not mistaken, the component I want to use is TLbRSAKey. So I have tried to create key object and read it from file:
var
mPrivateKey: TLbRSAKey;
begin
mPrivateKey := TLbRSAKey.Create(aks1024);
mPrivateKey.LoadFromFile('C:\temp\myrsakey.pem');
On the LoadFromFile I get a "Invalid RSA Key" error. What am I doing wrong? Does Lockbox support keys in PEM format? None of the examples illustrate; everything seems to be in ASN format
I am not a delphi programmer, but I thought I'd try to provide some pointers.
First, make sure you generate a new private key for your real application. Now that you've shared your private key with us, we wouldn't want any open security holes out there.
Secondly, the ASN.1 format is generated using the DER output from OpenSSL. The PEM format is just the base-64 encoding of the binary ASN.1 structure (and the markers are added).
You can get back to DER in one of two ways:
1) You can parse and decode the base-64 data in the PEM envelope. To do this, just decode the data between the -----BEGIN/END RSA PRIVATE KEY----- markers.
Or, since you are creating a new key anyway... ;)
2) You could use the -outform DER argument when you generate your key using OpenSSL.
I'm not certain this will work for your application, but maybe it will help get you a little further.
TIP to convert a PEM provate key to DER format, use the rsa utility in OpenSSL:
openssl rsa -inform PEM -outform DER -in privkey.pem -out privkey.der
这篇关于用LockBox读取PEM格式的私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
