OpenSsl

Summary: Author: 张亚飞 | 阅读时间: 2 minute read | Published: 2016-04-23
Filed under Categories: LinuxTags: Note,

OpenSsl Rsa 证书加密解密…

  1. 生成私钥
  • genrsa 指使用 rsa 算法生成密钥文件
  • -des3 指的是给私钥加密的算法(可选)
openssl genrsa -des3 -out key_rsa 4096
openssl genrsa -out key_rsa 4096
  1. 根据刚才创建的私钥创建公钥
openssl rsa -in key_rsa -pubout -out key_rsa.pub

openssl 生成支付宝应用 RSA2(SHA256)密钥

~/ServerCoam/Web/applications/certificates/alipay

openssl genrsa -out app_private_key.pem 2048  #生成私钥
//openssl pkcs8 -topk8 -inform PEM -in app_private_key.pem -outform PEM -nocrypt -out app_private_key_pkcs8.pem #Java开发者需要将私钥转换成PKCS8格式
openssl rsa -in app_private_key.pem -pubout -out app_public_key.pem #生成公钥

生成如下密钥对:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1zgzTpmeFy1/uQA3ZOQ
Gx2XzN079lfnBJN2inXv6JxrXIcMugHJC99k9mML8odyt8pH8G5/LMo9U5b16+U9
+kHXv6xxlQQTgHF9mZO8wUm3+aS+mplZMC95Yl/izaAio5scWLE/hUccKWbK7DoR
/foq0NRUaisa4MaMeOfvgelgr8bcy9Wd7zzRUX4l5soMn3hPdR4IfD16RmfxBk9p
JSgAzRxcjdDJEHPgZEvxJEhPsir3hiX6KYszuXGER07FBmaUibEYKLJd/VdfBpIn
30rjSkuq1cvHfFvmk5mfJmqS1u/MJo49HHV/LfmkkTYJ0dZSMa5+yoX3bhbKSvNJ
qQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAt1zgzTpmeFy1/uQA3ZOQGx2XzN079lfnBJN2inXv6JxrXIcM
ugHJC99k9mML8odyt8pH8G5/LMo9U5b16+U9+kHXv6xxlQQTgHF9mZO8wUm3+aS+
mplZMC95Yl/izaAio5scWLE/hUccKWbK7DoR/foq0NRUaisa4MaMeOfvgelgr8bc
y9Wd7zzRUX4l5soMn3hPdR4IfD16RmfxBk9pJSgAzRxcjdDJEHPgZEvxJEhPsir3
hiX6KYszuXGER07FBmaUibEYKLJd/VdfBpIn30rjSkuq1cvHfFvmk5mfJmqS1u/M
Jo49HHV/LfmkkTYJ0dZSMa5+yoX3bhbKSvNJqQIDAQABAoIBAC3C/Ee7338ChFlM
xfqGrVxXEl+Kh0B/x6QYuWjs7ib7gr/g5Ig3kdlos2XaakzpCPRdg3651Pt0rcGC
13U8DS+75wBrJR2vmr5flJ0ThfQnVcb0Gq2yv9OKxZyLmar/4CU8vOJVuiilCp46
jUJPa9Ya7TyZAUhN4bNfWgeCuv+MtlCPNd+7PzdMAUlciD9OR1LocOEH9RtuEgZ3
H2JhfovMbmZ4JFNntCVfvFll1a3W53QEBqWOR6pjc4WCXvzfu5o7a68KaE+VJYf7
keyGIAJ8/kRO87HRdaQ7ZR5zUAOuR5vHcpxjNn0Nax1sagPeZ8RqnbBNxx7WN8M8
AnXeY0ECgYEA8X8FyxRuD4HEQ13z4lDNAYLMYniCgv588ippSYQ3NB7sqdhSHAZm
bf/eD+UdeP256TdL9NhTDFlt6o/UfqzCfuxky8EA3LmZAQkiCr7HxO7OiDHoc/R6
dfU6CfQUwVEkPM/vFed6au0lbxc1JwtpxU2FVFokWtEkvfQOz3XIt/UCgYEAwmAP
ql5sJKUD+Jy9A1qI7csZLaMA+VLhEIWIPE0tiqaFjqGLqfdbNjwpWibfGR5IcrSK
Uvqg0wG2hI/CI9rNgLvMecxJcQ6ZUHo7j2FFVpih6IEMIMSQHypVHaSVWzAk6j+d
QSyEZ+/EomtraMuZH5jgdC+i0RKm7ZMD0jvkHmUCgYBXzLm7esMFCkXjxD3OE1hl
azuJtYyluYaNuNOssdAsN+4NViOMItuMtJD0sHUFryGvY7ZO33NaMw1eUUqNf5v6
71E6LwJ0PVoeYUaqJ3CT7crTA2oi9kirqCugwMfm/Owy29pt2UnNpEiO2h4uAt1C
qYuG/nrnNdCo6xmTXZxLHQKBgCFUo5sNUfH+se2hwu+eSLiuCQVAXFxkj99rZm8g
tNx/rYtFvFNK7UMhkd25qKv/+2BgARA1lfpY4tlcZWgMjwyyJ2ADXdybKkMYkroF
bgRpa+oYpuG/kw8lDS9mF45pdQsOGYMhhRrljIxlayevMfSvHF4QBRVg42r9uLwG
NRnZAoGBAMEqI0bjagAcObJgAD4AmW7nBFqLa1sJbOvOIdMDBU8t7Em/7P2eOucK
TmxWQuF8oyP1t9x25k6R5RLA7hFUy30W3s9dFflz7FloriR0VUTuLzLGOARPtt3z
iT0S9T/C1GVZgTV33jEkM5v7VCSWOg9xjoDihakXnDqfkwbCp3Tw
-----END RSA PRIVATE KEY-----
  • 将公钥文件去除头尾、换行和空格,转成一行字符串.把该字符串提供给支付宝账号管理者,登录开放平台上传应用公钥并获取支付宝公钥
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1zgzTpmeFy1/uQA3ZOQGx2XzN079lfnBJN2inXv6JxrXIcMugHJC99k9mML8odyt8pH8G5/LMo9U5b16+U9+kHXv6xxlQQTgHF9mZO8wUm3+aS+mplZMC95Yl/izaAio5scWLE/hUccKWbK7DoR/foq0NRUaisa4MaMeOfvgelgr8bcy9Wd7zzRUX4l5soMn3hPdR4IfD16RmfxBk9pJSgAzRxcjdDJEHPgZEvxJEhPsir3hiX6KYszuXGER07FBmaUibEYKLJd/VdfBpIn30rjSkuq1cvHfFvmk5mfJmqS1u/MJo49HHV/LfmkkTYJ0dZSMa5+yoX3bhbKSvNJqQIDAQAB

以下为具体实践步骤:

  1. [web|common|ios] 完整的生成公钥私钥方法
openssl genrsa -out rsa.key 4096
cp rsa.key private.pem
openssl rsa -in rsa.key -pubout -out public.pem
  • 注意: Java 下如果签名报以下错误:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence

则说明rsa私钥的格式不是pksc8格式,需要使用以下命令转换一下:

//openssl pkcs8 -topk8 -inform PEM -in private.pem -outform PEM -nocrypt
openssl genrsa -out rsa.key 4096
openssl rsa -in rsa.key -pubout -out public.pem
openssl pkcs8 -topk8 -in rsa.key -out private.pem -nocrypt
  1. [android] 下生成证书完整步骤:
openssl genrsa -out rsa.key 4096
openssl rsa -in rsa.key -pubout -out public.pem
openssl pkcs8 -topk8 -in rsa.key -out private.pem -nocrypt

其它

Comments

Cor-Ethan, the beverage → www.iirii.com