devbox
我家小花儿
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

openSSL生成公钥/私钥对的命令行_openssl 生成 rsa 2048key pair

作者:我家小花儿 | 2024-03-25 08:39:00

openssl 生成 rsa 2048key pair
生成公钥、私钥对的openssl命令行: 
    
    
  1. genrsa -out private.pem 2048
  2. rsa -in private.pem -inform pem -out public.key -outform der -pubout
  3. rsa -in private.pem -inform pem -out private.key -outform der
  4. pkcs8 -topk8 -inform der -in  private.key -out pkcs8_private.key -outform der -nocrypt
  • 生成服务端私钥private.pem, 扩展名是pem, 即这个文件的内容是 human-readable的.
   
   
  1. openssl> genrsa -out private.pem 2048
  • 利用已经生成的密钥文件private.pem生成公钥文件public.key, 该文件是der格式的 ,即not-human-readable. 这条命令同时保证生成的公钥文件满足国际电联的X.509证书标准, 虽然public.key在这里只是个公钥文件并不是证书.
   
   
  1. openssl> rsa -in private.pem -inform pem -out public.key -outform der -pubout
  • 为了保护私钥的数据,防止被直接识别, 需要将pem文件转换成der文件, 转换之后的文件是not-human-readable.
   
   
  1. openssl> rsa -in private.pem -inform pem -out private.key -outform der
  • 最重要的一条, 要使得private.key符合PKCS#8标准, 需要使用pkcs8 命令行进行转换,转换后的密钥文件pkcs8_private.key可以直接为java使用.
      
      
  1. pkcs8 -topk8 -inform der -in  private.key -out pkcs8_private.key -outform der -nocrypt

测试代码: 
        
        
  1. package com.reindel.ciphers;
  2.  
  3. import java.io.FileInputStream;
  4. import java.io.IOException;
  5. import java.security.GeneralSecurityException;
  6. import java.security.KeyFactory;
  7. import java.security.spec.PKCS8EncodedKeySpec;
  8. import java.security.spec.X509EncodedKeySpec;
  10. import javax.crypto.Cipher;
  12. import org.apache.commons.codec.binary.Base64;
  13. import org.apache.commons.io.IOUtils;
  14.  
  15. public class RSACipher {
  16.     public String encrypt(String rawText, String publicKeyPath, String transformation, String encoding)
  17.             throws IOException, GeneralSecurityException {
  18.  
  19.         X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(publicKeyPath)));
  20.         Cipher cipher = Cipher.getInstance(transformation);
  21.         cipher.init(Cipher.ENCRYPT_MODE, KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec)); 
  22.         return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes(encoding)));
  23.     }
  24.  
  25.     public String decrypt(String cipherText, String privateKeyPath, String transformation, String encoding)
  26.             throws IOException, GeneralSecurityException { 
  27. 

  28.         PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(privateKeyPath))); 
  29.         Cipher cipher = Cipher.getInstance(transformation);
  30.         cipher.init(Cipher.DECRYPT_MODE, KeyFactory.getInstance("RSA").generatePrivate(pkcs8EncodedKeySpec));
  31.         return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), encoding);
  32.     }
  33. }
         
         
  1. package com.reindel.ciphers;
  2.  
  3. import org.junit.Assert;
  4. import org.junit.Test;
  5. import com.reindel.keys.RSAKeyPair;
  6.  
  7. public class RASACipherTest {
  8.     private final String privateKeyPathName = "C://temp//pkcs8_private.key";
  9.     private final String publicKeyPathName = "C://temp//public.key";
  10.     private final String transformation = "RSA/ECB/PKCS1Padding";
  11.     private final String encoding = "UTF-8";
  12.      
  13.     @Test
  14.     public void testEncryptDecryptWithKeyPairFiles()
  15.             throws Exception {     
  16.         try {
  17.             String toBeEncrypt = " 2.John has a long mustache too; 3.John has a long mustache too; 4.John has a long mustache too; 5.John has a long mustache too; 6.John has a long mustache too; 7.John has a long mustache too; 8.John has a ;";
  18. 

  19.             byte[] bytesToEncypt = toBeEncrypt.getBytes();
  20.             int length = bytesToEncypt.length;            
  21.             System.out.println("Bytes length = " + length);
  22.             
  23.             RSACipher rsaCipher = new RSACipher();
  24.             String encrypted = rsaCipher.encrypt(toBeEncrypt, publicKeyPathName, transformation, encoding);
  25.             System.out.println("encrypted string: " + encrypted);
  26. 

  27.             System.out.println("Before decrypt()");
  28.             String decrypted = rsaCipher.decrypt(encrypted, privateKeyPathName, transformation, encoding);
  29.             System.out.println("decrypted string: " + decrypted);
  30.              
  31.         } catch(Exception exception) {
  32.         	System.out.println(exception.getMessage());
  33.             Assert.fail("The testEncryptDecryptWithKeyPairFiles() test failed because: " + exception.getMessage());
  34.         }
  35.     }
  36. }

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家小花儿/article/detail/308345
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号