• RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)

    RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)

    2018年03月07日 11:57:22
    阅读数:674
    FormatNameDescription
    PKCS #7 Cryptographic Message Syntax Standard A PKCS #7 file can be used to store certificates, which is a SignedData structure without data (just the certificates). The file name extension is usually .p7b.p7c
    PKCS #8 Private-Key Information Syntax Standard. Used to carry private certificate keypairs (encrypted or unencrypted).
    PKCS #12 Personal Information Exchange Syntax Standard. Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. It is the successor to PFX from Microsoft.
    DER Distinguished Encoding Rules A binary format for keys or certificates. It is a message transfer syntax specified by the ITU in X.690.
    PEM Privacy Enhanced Mail Base64 encoded DER certificates or keys, with additional header and footer lines. 

    The PEM private key format uses the header and footer lines: 
    -----BEGIN RSA PRIVATE KEY----- 
    -----END RSA PRIVATE KEY----- 

    The PEM public key format uses the header and footer lines: 
    -----BEGIN PUBLIC KEY----- 
    -----END PUBLIC KEY----- 

    The PEM certificate uses the header and footer lines: 
    -----BEGIN CERTIFICATE----- 
    -----END CERTIFICATE----- 

    RSA Public Key file (PKCS#1)

    The RSA Public key PEM file is specific for RSA keys.

    It starts and ends with the tags:

    1.  
      -----BEGIN RSA PUBLIC KEY-----
    2.  
      BASE64 ENCODED DATA
    3.  
      -----END RSA PUBLIC KEY-----

    Within the base64 encoded data the following DER structure is present:

    1.  
      RSAPublicKey ::= SEQUENCE {
    2.  
      modulus INTEGER, -- n
    3.  
      publicExponent INTEGER -- e
    4.  
      }

     

    Public Key file (PKCS#8)

    Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.

    It starts and ends with the tags:

    1.  
      -----BEGIN PUBLIC KEY-----
    2.  
      BASE64 ENCODED DATA
    3.  
      -----END PUBLIC KEY-----

    Within the base64 encoded data the following DER structure is present:

    1.  
      PublicKeyInfo ::= SEQUENCE {
    2.  
      algorithm AlgorithmIdentifier,
    3.  
      PublicKey BIT STRING
    4.  
      }
    5.  
       
    6.  
      AlgorithmIdentifier ::= SEQUENCE {
    7.  
      algorithm OBJECT IDENTIFIER,
    8.  
      parameters ANY DEFINED BY algorithm OPTIONAL
    9.  
      }

    So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.

     

    RSA Private Key file (PKCS#1)

    The RSA private key PEM file is specific for RSA keys.

    It starts and ends with the tags:

    1.  
      -----BEGIN RSA PRIVATE KEY-----
    2.  
      BASE64 ENCODED DATA
    3.  
      -----END RSA PRIVATE KEY-----

    Within the base64 encoded data the following DER structure is present:

    1.  
      RSAPrivateKey ::= SEQUENCE {
    2.  
      version Version,
    3.  
      modulus INTEGER, -- n
    4.  
      publicExponent INTEGER, -- e
    5.  
      privateExponent INTEGER, -- d
    6.  
      prime1 INTEGER, -- p
    7.  
      prime2 INTEGER, -- q
    8.  
      exponent1 INTEGER, -- d mod (p-1)
    9.  
      exponent2 INTEGER, -- d mod (q-1)
    10.  
      coefficient INTEGER, -- (inverse of q) mod p
    11.  
      otherPrimeInfos OtherPrimeInfos OPTIONAL
    12.  
      }

    Private Key file (PKCS#8)

    Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.

    The unencrypted PKCS#8 encoded data starts and ends with the tags:

    1.  
      -----BEGIN PRIVATE KEY-----
    2.  
      BASE64 ENCODED DATA
    3.  
      -----END PRIVATE KEY-----

    Within the base64 encoded data the following DER structure is present:

    1.  
      PrivateKeyInfo ::= SEQUENCE {
    2.  
      version Version,
    3.  
      algorithm AlgorithmIdentifier,
    4.  
      PrivateKey BIT STRING
    5.  
      }
    6.  
       
    7.  
      AlgorithmIdentifier ::= SEQUENCE {
    8.  
      algorithm OBJECT IDENTIFIER,
    9.  
      parameters ANY DEFINED BY algorithm OPTIONAL
    10.  
      }

    So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

    The encrypted PKCS#8 encoded data start and ends with the tags:

    1.  
      -----BEGIN ENCRYPTED PRIVATE KEY-----
    2.  
      BASE64 ENCODED DATA
    3.  
      -----END ENCRYPTED PRIVATE KEY-----

    Within the base64 encoded data the following DER structure is present:

    1.  
      EncryptedPrivateKeyInfo ::= SEQUENCE {
    2.  
      encryptionAlgorithm EncryptionAlgorithmIdentifier,
    3.  
      encryptedData EncryptedData
    4.  
      }
    5.  
       
    6.  
      EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
    7.  
       
    8.  
      EncryptedData ::= OCTET STRING

    The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).
  • 相关阅读:
    命保住了!五年时间,我们也搞了一个技术中台(转)
    为什么要前后端分离?有什么优缺点?(转)
    Java WebService _CXF、Xfire、AXIS2、AXIS1_四种发布方式(优缺点对比)
    Java WebService _CXF、Xfire、AXIS2、AXIS1_四种发布方式(使用整理)
    Java WebService(实战) 简单实例
    Intellij IDEA svn的使用记录
    IDEA SonarLint安装及使用
    Java开发中的23种设计模式详解(收藏-转)
    Java中的static关键字解析
    触发器_实现ORACEL自动增长字段
  • 原文地址:https://www.cnblogs.com/mingzhang/p/9428964.html
Copyright © 2020-2023  润新知