RSA 私钥密码如何在幕后工作? [英] How does the RSA private key passphrase work under the hood?
问题描述
RSA 私钥可能会被分配一个密码短语"——据我所知——它旨在提供一些二级安全性,以防有人盗用私钥文件.
RSA private keys may be assigned a "passphrase" which - as I understand it - is intended to provide some secondary security in case someone makes off with the private key file.
密码短语层是如何实现的?
How is the passphrase layer of security implemented?
推荐答案
ssh-keygen 使用 OpenSSL 生成 RSA 密钥并将其存储为 PEM 格式.您所谈论的加密特定于 PEM.如果您查看您的密钥文件,
ssh-keygen uses OpenSSL to generate RSA keys and store it in PEM format. The encryption you are talking about is specific to PEM. If you look at your key file,
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5B01E932988DC66B
EPESt4ZVIrxnQXxxWWVa7cCR+vgNZ/4vTu4mdq6pjaW7jMZoB8HV+mA745mQkQw7
i+YtdVs/JqOeyGiw/3McxYYKZTlhyh7MvfIr1n8ZdZmcjQz+oFqMxChFU3r8BGgA
DEK-Info"标题包含解密密钥所需的所有信息,只要您知道密码即可.DES-EDE3-CBC"表示三重 DES(在 EDE 模式下).CBC 是链接模式.十六进制数是 CBC 所需的初始向量.
"DEK-Info" header has all the information you need to decrypt the key as long as you know the passphrase. "DES-EDE3-CBC" means Triple DES (in EDE mode). CBC is the chaining mode. The hex number is the initial vector needed for CBC.
PEM 是一种非常古老的格式,因此它只支持 DES/TripleDES.AES 和 Blowfish 是后来添加的,但并非所有实现都支持.我的 ssh (OpenSSH 5.2) 只支持 DES 和 TripleDES.
PEM is a very old format so it only supports DES/TripleDES. AES and Blowfish were added later on but not supported by all implementations. My ssh (OpenSSH 5.2) only supports DES and TripleDES.
这篇关于RSA 私钥密码如何在幕后工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!