OpenSSL数据不足 [英] OpenSSL not enough data
问题描述
我已经使用Adobe X生成了自签名证书,并导出了pfx文件(用于我的私钥)和.cer文件(用于证书).
I've generated a self signed certificate using Adobe X, and exported a pfx file (for my private key) along with a .cer file (for the certificate).
然后我尝试收集证书以及密钥,但是由于某种原因,OpenSSL给出了错误
I then try to collect the certificate, along with the key, but for some reason, OpenSSL is giving the error
OpenSSL::X509::CertificateError: not enough data
这是我的代码
require 'openssl'
CERTFILE = "test.cer"
RSAKEYFILE = "test.pfx"
# Open certificate files
cert = OpenSSL::X509::Certificate.new(File.read CERTFILE)
key = OpenSSL::PKey::RSA.new(File.read RSAKEYFILE )
我的证书是使用Adobe X Reader生成的,并且是自签名证书.签署pdf文件很好用...
My certificate was generated using Adobe X reader, and is a self-signed certificate. It is working fine to sign pdf documents...
我应该怎么做才能使这项工作成功?
What might i do to make this work?
推荐答案
显然,OpenSSL在直接从.cer文件读取时存在一些问题,对于密钥,我们应该仅使用private_key,而pfx同时具有privatekey和证书.
Apparently OpenSSL has some problems reading directly from .cer files, and for the key, we should use only the private_key, and the pfx has both the privatekey and the cert.
因此,我在本地安装了openSsl,首先转换了我的.cer使用以下命令将.pem证书:
So, i installed openSsl locally, and first converted my .cer certificate to .pem with the following command :
C:\OpenSSL-Win32\bin>openssl x509 -inform der -in "c:\mydir\test.cer" -out "C:\mydir\certificate.pem"
and then extracted my privatekey from the pfx file (based on this site) :
C:\OpenSSL-Win32\bin>openssl pkcs12 -in "c:\mydir\test.pfx" -nocerts -out "c:\mydir\test_pk.pem"
只要确保您拥有pfx pwd并在提取私钥时选择一个密码短语即可.
just make sure you have your pfx pwd and select a passphrase when you extract the privatekey.
这是最终代码:
require 'openssl'
CERTFILE = "certificate.pem"
RSAKEYFILE = "test_pk.pem"
passphrase = "your chosen passphrase for the private key"
key4pem=File.read RSAKEYFILE
# Open certificate files
cert = OpenSSL::X509::Certificate.new(File.read CERTFILE)
key = OpenSSL::PKey::RSA.new key4pem, passphrase
和voilá:-),我们已经成功地将证书和私钥都映射到内存中,并且可以将其用于答案
And voilá :-), we have successfully mapped into memory both our certificate and privatekey, and can put it to uses like the answer here
这篇关于OpenSSL数据不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!