RSA私钥密码是如何工作的？ [英] How does the RSA private key passphrase work under the hood?

问题描述

可以为RSA私钥分配一个密码，根据我的理解，该密钥旨在提供一些二级安全性，以防有人使用私钥文件。

如何实现密码密码层？

解决方案

ssh-keygen使用OpenSSL生成RSA密钥并存储在PEM格式。您正在谈论的加密是针对PEM的。如果你看你的密钥文件，

  ----- BEGIN RSA私钥----- 
 PROC-类型：4，ENCRYPTED 
 DEK-信息：DES-EDE3-CBC，5B01E932988DC66B 
 
 EPESt4ZVIrxnQXxxWWVa7cCR + vgNZ / 4vTu4mdq6pjaW7jMZoB8HV + mA745mQkQw7 
 I + YtdVs / JqOeyGiw / 3McxYYKZTlhyh7MvfIr1n8ZdZmcjQz + oFqMxChFU3r8BGgA 
  

DEK-Info标题具有解密密钥所需的所有信息，只要你知道密码短语DES-EDE3-CBC表示三重DES（EDE模式）。 CBC是链接模式。十六进制数字是CBC所需的初始向量。

PEM是一种非常旧的格式，因此它只支持DES / TripleDES。 AES和Blowfish稍后添加，但不受所有实现的支持。我的ssh（OpenSSH 5.2）只支持DES和TripleDES。

RSA private keys may be assigned a "passphrase" which - as I understand it - is intended to provide some secondary security in case someone makes off with the private key file.

How is the passphrase layer of security implemented?

解决方案

ssh-keygen uses OpenSSL to generate RSA keys and store it in PEM format. The encryption you are talking about is specific to PEM. If you look at your key file,

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5B01E932988DC66B

EPESt4ZVIrxnQXxxWWVa7cCR+vgNZ/4vTu4mdq6pjaW7jMZoB8HV+mA745mQkQw7
i+YtdVs/JqOeyGiw/3McxYYKZTlhyh7MvfIr1n8ZdZmcjQz+oFqMxChFU3r8BGgA

"DEK-Info" header has all the information you need to decrypt the key as long as you know the passphrase. "DES-EDE3-CBC" means Triple DES (in EDE mode). CBC is the chaining mode. The hex number is the initial vector needed for CBC.

PEM is a very old format so it only supports DES/TripleDES. AES and Blowfish were added later on but not supported by all implementations. My ssh (OpenSSH 5.2) only supports DES and TripleDES.

这篇关于RSA私钥密码是如何工作的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！