X509证书多重密码? [英] X509 Certificate multi-passwords?

问题描述

我想知道 x509 证书的密码是否允许每个证书有多个密码 - 还是只有一个?

I would like to know if x509 certificate's password allows multi-passwords per certificate - or just one?

如果有可能，它会应用于什么场景?

And if it is possible, what scenario would it be applied?

感谢您的时间.

推荐答案

因为 GnuPG 对我来说很容易使用，所以它是我的首选工具；每个管理员都会创建一个公钥/私钥对并导出公共部分:

Because GnuPG is easily available to me, it'd be my tool of choice; each admin would create a public/private key pair and export the public portion:

gpg --gen-key
gpg --export --armor [keyid] > key_file_[admin_name]

将所有公钥导入到拥有"未加密 x509 证书的任何人的密钥环中:

Import all the public keys into the keyring of whoever 'owns' the unencrypted x509 cert:

cat key_file_* | gpg --import

然后用所有的密钥加密证书:

Then encrypt the cert with all the keys:

gpg -r keyid1 -r keyid2 -r keyid3 ... -o encrypted_cert -e plaintext_cert

现在 encrypted_cert 可以被任何拥有其中一个私钥的人解密以及该私钥的密码:

Now encrypted_cert can be decrypted by whoever has one of the private keys and that private key's passphrase:

gpg encrypted_cert

PGP 也可以完成这项工作，而且可能只需对此处的命令稍作修改即可.

PGP could also do the job, and probably with only slight modifications to the commands here.

因为所有这些都是对单个对称密钥多次加密，每个公钥一次(并将结果存储在准备处理加密对称密钥的多个副本的文件格式中)，所以很容易重新- 使用您喜欢的任何语言实现，前提是您的试用包装器运行良好.

Because all this is doing is encrypting a single symmetric key multiple times, once to each public key (and storing the results in a file format prepared to handle multiple copies of the encrypted symmetric key), it would be easy enough to re-implement in whatever language you'd like, if your trial wrappers work well enough.

这篇关于X509证书多重密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！