根据私有模数创建PEM，pfx，... [英] Creating PEM, pfx,... from private modulus,

问题描述

当我请求私钥时，我从某个旧系统中收到了以下信息: 模数，公共经验，私人经验，PRIME_P，PRIME_Q，PARAM_P，PARAM_Q，Q_MOD_INV

i received the following from some legacy system when i asked for private key: MODULUS, PUBLIC EXP, PRIVATE EXP, PRIME_P, PRIME_Q, PARAM_P, PARAM_Q, Q_MOD_INV

所有这些数据都以十六进制表示，如何将其转换为openssl PEM文件或PFX?

All of this data is in hex, how can i convert this to a openssl PEM file or PFX ?

谢谢您，并致以最诚挚的问候！

Thank you and best regards!

推荐答案

使用openssl生成RSA密钥:

Generate RSA key with openssl:

openssl genrsa -out rsa.pem 2048

将RSA密钥从PEM格式转换为DER格式:

Convert RSA key from PEM format to DER format:

openssl rsa -inform PEM -in rsa.pem -outform DER -out rsa.der

在 ASN.1编辑器中打开文件rsa.der:

Open file rsa.der in ASN.1 Editor:

RSA私钥的ASN.1结构在PKCS#1(RFC 3447)中定义:

ASN.1 structure of RSA private key is defined in PKCS#1 (RFC 3447):

  RSAPrivateKey ::= SEQUENCE {
      version           Version,
      modulus           INTEGER,  -- n
      publicExponent    INTEGER,  -- e
      privateExponent   INTEGER,  -- d
      prime1            INTEGER,  -- p
      prime2            INTEGER,  -- q
      exponent1         INTEGER,  -- d mod (p-1)
      exponent2         INTEGER,  -- d mod (q-1)
      coefficient       INTEGER,  -- (inverse of q) mod p
      otherPrimeInfos   OtherPrimeInfos OPTIONAL
  }

在ASN.1编辑器中编辑必填字段(右键单击该项目，然后选择以十六进制模式编辑")，然后按照此映射粘贴数据:

Edit required fields in ASN.1 Editor (right click the item and choose "Edit in hex mode") and paste your data following this mapping:

  MODULUS = modulus
  PUBLIC EXP = publicExponent
  PRIVATE EXP = privateExponent
  PRIME_P = prime1
  PRIME_Q = prime2
  PARAM_P = exponent1
  PARAM_Q = exponent2
  Q_MOD_INV = coefficient

基于注释进行编辑:私钥的各个部分都是大整数.当该值的最左位为1(或最左字节等于或大于0x80)时，则需要在该值前加上0x00字节，以表明它是正数.

Edit based on the comments: Individual parts of the private key are big integers. When the leftmost bit of the value is 1 (or leftmost byte equals or is bigger than 0x80) then 0x00 byte needs to be preppended to the value to indicate it is positive number.

最后保存修改后的文件，并使用openssl将其从DER格式转换为PEM格式:

Finally save the modified file and convert it from DER format to PEM format with openssl:

openssl rsa -inform DER -in rsa.der -outform PEM -out rsa.pem

这篇关于根据私有模数创建PEM，pfx，...的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！