X.509:私钥/公钥 [英] X.509: Private / Public Key

问题描述

我们正在尝试从我们的一个合作伙伴中实现Web服务的某些功能.现在，正在传输的内容应该使用我们必须提供的公共密钥进行加密.

We're trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key, which we have to provide.

安全规范指出，公共证书必须是X.509标准. X.509不依赖于私钥/公钥方法吗?因为我只能使用以下命令获得一个.pem文件，其中包含一个私钥和一个证书，但没有公钥，所以:

The security-specification says that the public-certificate has to be X.509 standard. Doesn't X.509 rely on the private / public key method? Because I only get one .pem file, containing a private key, and a certificate, but no public key, using the following command:

openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./cert.pem

我是否必须修改命令才能创建私钥和公钥?

Do I have to modify the command in order to create a private and a public key?

推荐答案

使用OpenSSL生成私钥和公钥的基本命令行步骤如下

The basics command line steps to generate a private and public key using OpenSSL are as follow

openssl genrsa -out private.key 1024
openssl req -new -x509 -key private.key -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer

第1步–生成私钥

第2步–创建一个X509证书(.cer文件)，其中包含您在注册私有应用程序(或升级到合作伙伴应用程序)时上载的公钥.

Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).

第3步–将x509证书和私钥导出到pfx文件.如果您选择的包装器库使用.pem文件对请求进行签名，则不需要执行此步骤.

Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.

希望有帮助！ 此答案说明了不同的文件扩展名.

Hope that helps! This answer explains the different file extensions.

这篇关于X.509:私钥/公钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！