关于ssl：Erlang从pem文件生成rsa密钥

Erlang generate rsa keys from pem files

我在shell中使用以下命令生成私有RSA密钥和证书文件：openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes

现在我尝试将这些文件转换为RSA公钥和私钥。我使用下面的代码，但不起作用。我认为根据http://erlang.org/doc/apps/public-key/using-public-key.html，PrivateKey变量必须是#RSAPrivateKey{}，但它是#PrivateKeyInfo{}。如何从key.pem和cert.pem生成ras公钥和私钥？

Erlang壳牌：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

1> {ok, PemBin} = file:read_file("key.pem").
{ok,<<"-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMd0dnMS9t27wo
hloldtGYbT3C/uR"...>>}
2> [RSAEntry] = public_key:pem_decode(PemBin).
[{'PrivateKeyInfo',<<48,130,4,189,2,1,0,48,13,6,9,42,134,
72,134,247,13,1,1,1,5,0,4,130,4,167,
...>>,
not_encrypted}]
3> PrivateKey = public_key:pem_entry_decode(RSAEntry).
{'PrivateKeyInfo',v1,
{'PrivateKeyInfo_privateKeyAlgorithm',{1,2,840,113549,1,1,1},
{asn1_OPENTYPE,<<5,0>>}},
<<48,130,4,163,2,1,0,2,130,1,1,0,204,119,71,103,49,47,109,
219,188,40,134,90,37,...>>,
asn1_NOVALUE}
4> {ok, CertBin} = file:read_file("cert.pem").
{ok,<<"-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIJAKBDxdUZ8v9/MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwY"...>>}
5> [CertEntry] = public_key:pem_decode(CertBin).
[{'Certificate',<<48,130,3,87,48,130,2,63,160,3,2,1,2,2,9,
0,160,67,197,213,25,242,255,127,48,13,
...>>,
not_encrypted}]
6> Cert = public_key:pem_entry_decode(CertEntry).
{'Certificate',{'TBSCertificate',v3,11548291388562145151,
{'AlgorithmIdentifier',{1,2,840,113549,1,1,11},<<5,0>>},
{rdnSequence,[[{'AttributeTypeAndValue',{2,5,4,6},
<<19,2,88,88>>}],
[{'AttributeTypeAndValue',{2,5,4,7},<<"\f\fDefault City">>}],
[{'AttributeTypeAndValue',{2,5,4,10},
<<12,19,68,101,102,97,117,108,116,32,67,111,109,...>>}]]},
{'Validity',{utcTime,"161226221244Z"},
{utcTime,"170125221244Z"}},
{rdnSequence,[[{'AttributeTypeAndValue',{2,5,4,6},
<<19,2,88,88>>}],
[{'AttributeTypeAndValue',{2,5,4,7},<<"\f\fDefault City">>}],
[{'AttributeTypeAndValue',{2,5,4,10},
<<12,19,68,101,102,97,117,108,116,32,67,...>>}]]},
{'SubjectPublicKeyInfo',{'AlgorithmIdentifier',{1,2,840,
113549,1,1,1},
<<5,0>>},
<<48,130,1,10,2,130,1,1,0,204,119,71,103,49,47,109,...>>},
asn1_NOVALUE,asn1_NOVALUE,
[{'Extension',{2,5,29,14},
false,
<<4,20,9,99,232,184,104,132,196,200,55,...>>},
{'Extension',{2,5,29,35},
false,
<<48,22,128,20,9,99,232,184,104,132,...>>},
{'Extension',{2,5,29,19},false,<<48,3,1,1,255>>}]},
{'AlgorithmIdentifier',{1,2,840,113549,1,1,11},<<5,0>>},
<<96,39,63,51,19,154,132,69,252,134,229,148,80,40,135,23,
44,230,150,154,106,53,135,0,68,...>>}

相关讨论

我终于找到了我问题的答案。可以使用以下功能从PEM文件中提取私钥和公钥：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

pubkey() ->
File ="cert.key",
{ok, PemBin} = file:read_file(File),
[CertEntry] = public_key:pem_decode(PemBin),
{_, DerCert, _} = CertEntry,
Decoded = public_key:pkix_decode_cert(DerCert, otp),
Decoded#'OTPCertificate'.tbsCertificate
#'OTPTBSCertificate'.subjectPublicKeyInfo
#'OTPSubjectPublicKeyInfo'.subjectPublicKey.

privkey() ->
File ="pem.key",
{ok, PemBin} = file:read_file(File),
[RSAEntry] = public_key:pem_decode(PemBin),
Decoded = public_key:pem_entry_decode(RSAEntry),
Key = Decoded#'PrivateKeyInfo'.privateKey,
public_key:der_decode('RSAPrivateKey', Key).