“BEGIN RSA PRIVATE KEY"与“BEGIN RSA PRIVATE KEY"的区别和“开始私钥" [英] Differences between "BEGIN RSA PRIVATE KEY" and "BEGIN PRIVATE KEY"

问题描述

我正在编写一个程序，它从 .pem 文件中导入私钥并创建一个私钥对象以供以后使用.我遇到的问题是一些 pem 文件头以

Hi I was writing a program that imports private keys from a .pem file and create a private key object to use it later.. the problem I have faced is that some pem files header begin with

-----BEGIN PRIVATE KEY-----

而其他人以

-----BEGIN RSA PRIVATE KEY-----

通过我的搜索，我知道第一个是 PKCS#8 格式，但我不知道另一个属于什么格式.

through my search I knew that the first ones are PKCS#8 formatted but I couldn't know what format does the other one belongs to.

推荐答案

参见 https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem(在页面中搜索BEGIN RSA PRIVATE KEY")(存档链接供后代使用，以防万一).

See https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem (search the page for "BEGIN RSA PRIVATE KEY") (archive link for posterity, just in case).

BEGIN RSA PRIVATE KEY 是 PKCS#1，只是一个 RSA 密钥.它本质上只是来自 PKCS#8 的密钥对象，但前面没有版本或算法标识符.BEGIN PRIVATE KEY 是 PKCS#8，表示密钥类型包含在密钥数据本身中.来自链接:

BEGIN RSA PRIVATE KEY is PKCS#1 and is just an RSA key. It is essentially just the key object from PKCS#8, but without the version or algorithm identifier in front. BEGIN PRIVATE KEY is PKCS#8 and indicates that the key type is included in the key data itself. From the link:

未加密的 PKCS#8 编码数据以标签开头和结尾:

The unencrypted PKCS#8 encoded data starts and ends with the tags:

-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

在 base64 编码数据中，存在以下 DER 结构:

Within the base64 encoded data the following DER structure is present:

PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      BIT STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}

因此对于 RSA 私钥，OID 为 1.2.840.113549.1.1.1，并且有一个 RSAPrivateKey 作为 PrivateKey 密钥数据位串.

So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

与 BEGIN RSA PRIVATE KEY 相反，它总是指定一个 RSA 密钥，因此不包含密钥类型 OID.BEGIN RSA PRIVATE KEY 是 PKCS#1:

As opposed to BEGIN RSA PRIVATE KEY, which always specifies an RSA key and therefore doesn't include a key type OID. BEGIN RSA PRIVATE KEY is PKCS#1:

RSA 私钥文件 (PKCS#1)

RSA 私钥 PEM 文件专用于 RSA 密钥.

The RSA private key PEM file is specific for RSA keys.

它以标签开始和结束:

-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----

在 base64 编码数据中，存在以下 DER 结构:

Within the base64 encoded data the following DER structure is present:

RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

这篇关于“BEGIN RSA PRIVATE KEY"与“BEGIN RSA PRIVATE KEY"的区别和“开始私钥"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！