不对称密钥容器的可互换性（例如：X.509，PGP，OpenSSH） [英] Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)

问题描述

非对称加密密钥在主要密钥容器格式之间是否可以根本上互相交换？例如，我可以将X.509密钥文件转换为PGP或OpenGPG密钥文件吗？

Are asymmetrical cryptographic keys fundamentally inter-convertible between the major key container formats? For example, can I convert an X.509 key file into a PGP or OpenGPG key file?

并且 - 假设答案是肯定的 - 它是安全中立，保持一个密钥对以任何格式，并转换为任何容器文件格式需要的场合？

And--assuming the answer is yes--is it "security neutral" to keep one key pair in whatever format and convert into whichever container file format is needed for the occasion?

对于X.509，OpenGPG和SSH来说，当他们都是RSA的时候，我有点累了。

I'm getting a little tired of maintaining so many key pairs for X.509, OpenGPG, and SSH, when they're all RSA at the heart.

推荐答案

是和否：是的，嵌入证书和私钥的RSA密钥只是数字。您可以从证书中提取它们，并使用它们以其他格式构建密钥。这通常用于在不同证书格式之间进行转换。

Yes and no: yes, the RSA keys embedded into certificates and privkeys are just numbers. You can extract them from the certificate and use them to build keys in other formats. This is commonly done to convert between different certificate formats.

PGP对X.509的S / MIME有一些支持，但没有能力逐​​字使用X.509 privkey。

PGP has some support for X.509 for S/MIME, but no ability to use X.509 privkeys verbatim.

SSH对于直接使用X.509密钥和证书有一些测试支持。

SSH has some beta support for directly using X.509 keys and certificates.

这篇关于不对称密钥容器的可互换性（例如：X.509，PGP，OpenSSH）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！