根据私有模数创建PEM,pfx,... [英] Creating PEM, pfx,... from private modulus,
问题描述
当我请求私钥时,我从某个旧系统中收到了以下信息: 模数,公共经验,私人经验,PRIME_P,PRIME_Q,PARAM_P,PARAM_Q,Q_MOD_INV
i received the following from some legacy system when i asked for private key: MODULUS, PUBLIC EXP, PRIVATE EXP, PRIME_P, PRIME_Q, PARAM_P, PARAM_Q, Q_MOD_INV
所有这些数据都以十六进制表示,如何将其转换为openssl PEM文件或PFX?
All of this data is in hex, how can i convert this to a openssl PEM file or PFX ?
谢谢您,并致以最诚挚的问候!
Thank you and best regards!
推荐答案
使用openssl生成RSA密钥:
Generate RSA key with openssl:
openssl genrsa -out rsa.pem 2048
将RSA密钥从PEM格式转换为DER格式:
Convert RSA key from PEM format to DER format:
openssl rsa -inform PEM -in rsa.pem -outform DER -out rsa.der
在 ASN.1编辑器中打开文件rsa.der:
Open file rsa.der in ASN.1 Editor:
RSA私钥的ASN.1结构在PKCS#1(RFC 3447)中定义:
ASN.1 structure of RSA private key is defined in PKCS#1 (RFC 3447):
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
在ASN.1编辑器中编辑必填字段(右键单击该项目,然后选择以十六进制模式编辑"),然后按照此映射粘贴数据:
Edit required fields in ASN.1 Editor (right click the item and choose "Edit in hex mode") and paste your data following this mapping:
MODULUS = modulus
PUBLIC EXP = publicExponent
PRIVATE EXP = privateExponent
PRIME_P = prime1
PRIME_Q = prime2
PARAM_P = exponent1
PARAM_Q = exponent2
Q_MOD_INV = coefficient
基于注释进行编辑:私钥的各个部分都是大整数.当该值的最左位为1(或最左字节等于或大于0x80)时,则需要在该值前加上0x00字节,以表明它是正数.
Edit based on the comments: Individual parts of the private key are big integers. When the leftmost bit of the value is 1 (or leftmost byte equals or is bigger than 0x80) then 0x00 byte needs to be preppended to the value to indicate it is positive number.
最后保存修改后的文件,并使用openssl将其从DER格式转换为PEM格式:
Finally save the modified file and convert it from DER format to PEM format with openssl:
openssl rsa -inform DER -in rsa.der -outform PEM -out rsa.pem
这篇关于根据私有模数创建PEM,pfx,...的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!