关于openssl:“BEGIN RSA PRIVATE KEY”和“BEGIN PRIVATE KEY”之间的区别


Differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”

您好,我正在编写一个程序,该程序从.pem文件导入私钥,并创建一个私钥对象以供以后使用。我面临的问题是,一些pem文件头以

1
-----BEGIN PRIVATE KEY-----

当其他人开始

1
-----BEGIN RSA PRIVATE KEY-----

通过搜索,我知道第一个是PKCS#8格式的,但我不知道另一个属于哪种格式。

湖https://///polarssl.org KB密钥密码学的ASN1结构式和PEM(搜索页面"begin RSA密钥"(链接)的posterity档案,及时的案例)。

BEGIN RSA PRIVATE KEY是#只是在PKCS 1和RSA密钥。它是一个对象的本质和关键# PKCS 8,但没有版本的算法标识符或在前面。特别是# BEGIN PRIVATE KEYPKCS 8和密钥类型,这是包括在关键数据本身。从链接:

The unencrypted PKCS#8 encoded data starts and ends with the tags:

1
2
3
-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

1
2
3
4
5
6
7
8
9
10
PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      BIT STRING
}

AlgorithmIdentifier ::= SEQUENCE {
  algorithm       OBJECT IDENTIFIER,
  parameters      ANY DEFINED BY algorithm OPTIONAL
}

So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

作为一个BEGIN RSA PRIVATE KEY反对,这总是应该提醒在RSA密钥,因此不包括A密钥类型的OID。BEGIN RSA PRIVATE KEYPKCS#1

RSA Private Key file (PKCS#1)

The RSA private key PEM file is specific for RSA keys.

It starts and ends with the tags:

1
2
3
-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

1
2
3
4
5
6
7
8
9
10
11
12
RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
}
相关讨论

有一个看。它使可能的开始标记。

从上面的链接,复制内容的快速参考:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#define PEM_STRING_X509_OLD"X509 CERTIFICATE"
#define PEM_STRING_X509    "CERTIFICATE"
#define PEM_STRING_X509_PAIR   "CERTIFICATE PAIR"
#define PEM_STRING_X509_TRUSTED"TRUSTED CERTIFICATE"
#define PEM_STRING_X509_REQ_OLD"NEW CERTIFICATE REQUEST"
#define PEM_STRING_X509_REQ"CERTIFICATE REQUEST"
#define PEM_STRING_X509_CRL"X509 CRL"
#define PEM_STRING_EVP_PKEY"ANY PRIVATE KEY"
#define PEM_STRING_PUBLIC  "PUBLIC KEY"
#define PEM_STRING_RSA     "RSA PRIVATE KEY"
#define PEM_STRING_RSA_PUBLIC  "RSA PUBLIC KEY"
#define PEM_STRING_DSA     "DSA PRIVATE KEY"
#define PEM_STRING_DSA_PUBLIC  "DSA PUBLIC KEY"
#define PEM_STRING_PKCS7   "PKCS7"
#define PEM_STRING_PKCS7_SIGNED"PKCS #7 SIGNED DATA"
#define PEM_STRING_PKCS8   "ENCRYPTED PRIVATE KEY"
#define PEM_STRING_PKCS8INF"PRIVATE KEY"
#define PEM_STRING_DHPARAMS"DH PARAMETERS"
#define PEM_STRING_DHXPARAMS   "X9.42 DH PARAMETERS"
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
#define PEM_STRING_DSAPARAMS   "DSA PARAMETERS"
#define PEM_STRING_ECDSA_PUBLIC"ECDSA PUBLIC KEY"
#define PEM_STRING_ECPARAMETERS"EC PARAMETERS"
#define PEM_STRING_ECPRIVATEKEY"EC PRIVATE KEY"
#define PEM_STRING_PARAMETERS  "PARAMETERS"
#define PEM_STRING_CMS     "CMS"