其他文章:
安全系列之——手写JAVA加密、解密
安全系列之——数据传输的完整性、私密性、源认证、不可否认性
安全系列之——主流Hash散列算法介绍和使用
安全系列之——RSA的公钥私钥有多少人能分的清楚?RSA的签名验签与加密解密如何使用公私钥?
安全系列之——RSA的前世今生
cfssl生成密钥对
从cer和pfx证书文件获取公、私钥
一、背景
最近在对接chinapay支付接口。
chinapay会为每个商户号都会提供两个证书文件(cer和pfx),对接时使用chinapay提供的工具jar包,直接读取文件路径,进行请求体的签名、验签、加密、解密。
chinapay提供的jar包工具类需要两个配置文件:
// 该文件是:对方的公钥证书,内部只有公钥信息,用于请求的加密及响应的验签
verify.file=/Users/macuser/Desktop/chinaPay/368_cp_test.cer
// 该文件是:自己的证书,内部有自己的公钥和私钥信息,私钥用于请求的签名和响应的解密
sign.file=/Users/macuser/Desktop/chinaPay/0000XXXXXXX368.pfx
sign.file.password=1XXXXXX1 #解pfx文件需要的秘密
sign.cert.type=PKCS12 #pfx文件的格式 参考信息https://www.chinassl.net/ssltools/convert-ssl.html
这种方式会导致文件难以管理。因此可以将相关的文件解出来,并通过硬编码的形式对请求和响应进行签名/验签/加密/解密相关的操作。
关键是从上面两个文件中获得商户的公钥(用于加密和验签)、自己的私钥(用于解密和签名),即可解决上面的问题。
二、cer和pfx文件内容
368_cp_test.cer
该文件是验签时的对方的公钥证书,不能直接使用,需要通过该公钥证书获得公钥。
wuxiaolong:0000xxxxxxxx368 macuser$ cat /Users/macuser/Desktop/chinaPay/368_cp_test.cer
-----BEGIN CERTIFICATE-----
MIIESTCCAzGgAwIBAgIFEDkZd3MwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMC
Q04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEXMBUGA1UEAxMOQ0ZDQSBURVNUIE9DQTEwHhcNMjAwNjIzMDQzMDM2WhcN
MjUwNjIzMDQzMDM2WjB9MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNU
IENBMREwDwYDVQQLEwhMb2NhbCBSQTEZMBcGA1UECxMQT3JnYW5pemF0aW9uYWwt
MTEpMCcGA1UEAwwgMDUxQDDmlLvniZkwMDAwMDE5MTAyMzYyMDhAWjEyQDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFuZMqk0DU0RiZO2fzjm+8JEkO
2dL+fGe0D1BYfJujQNFdlB+yfl+huCDWos8/eqa3Mm+yBJfyJJqBuzI+rWtcsqNx
2jof2uCcH2XY7PHYmai7b7pzleRXsCXKLYEGLR8LhyRJ2ryvhDhH8NrWiIDHTFfx
Pmj7oqPJyTvr9gJ+JL1Tc/ZZ6Whr3BAhxHQTP5a9VwPHD0NSyZTZk7PcPvNoMCqm
rTRus4fCnYWxrggdHZNNOWJ1kQ90Zx3+HbLmzAv6BScsGW+QXPG/L+P2pJ/POWvQ
nTI7U/Lzy0ehOYImqnmPM09fF/T2o2upCgqwtJ5ycdUt7hXEaqq1xnQXJyHRAgMB
AAGjgfQwgfEwHwYDVR0jBBgwFoAUz3CdYeudfC6498sCQPcJnf4zdIAwSAYDVR0g
BEEwPzA9BghggRyG7yoBATAxMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNmY2Eu
Y29tLmNuL3VzL3VzLTE0Lmh0bTA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vdWNy
bC5jZmNhLmNvbS5jbi9SU0EvY3JsNzQ3OTQuY3JsMAsGA1UdDwQEAwID6DAdBgNV
HQ4EFgQUGPMS6ST14xhGMMgT5+tjkrd8/zgwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4IBAQBniQ/NMQlR0t2C2GXdDCmRFZMT
vQiU/5RvUhhE9hjFgPqUidBvHDpPXZ2q5FOifQUAFRsxt5xTnuiQaYQ7idTtgw1D
UulvxwbuM6Pjo8dE5xTTU2K8mlzuNxKfaBFxvPWvclLGugTJ8o6OrVY7LGkg12P1
cMunaJ08GJeIEm6GViRACCH+gISqjFZaqLQq+Qkd2hEjIaYbk5y4TT71Tv3FgKvn
Jzdc3uZYpHVpyUT+dh7pJXBF62/z3LVWTMl4d9CY7vfBFCI2bYqQt5pAkK3d80r8
pDI0+TqII+9waJBacw6DTsAk7LWr1r4h0x+ljL+kC38vOktbMxVjsEpND4OP
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxxx368 macuser$
该文件是请求方(自己)的数字证书,可以使用相关的本地/在线工具将pfx把文件解出来。
在线解析地址:/
将文件从pkcs12转成pem格式,需要输入上面配置文件中的
在线解析后,会获得一个zip文件,解压后获得三个文件:
-
该文件应该是请求方的公钥 -
该文件是请求方的私钥,签名会使用,但是不能直接使用 -
该文件应该是ca的根证书
三个文件的内容如下:
wuxiaolong:0000xxxxxxxx368 macuser$ ls
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIKGNDz/H99Hd/CxjANBgkqhkiG9w0BAQUFADBZMQswCQYD
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODMwMDMx
NDMzWhcNMzEwNTExMDMxNDMzWjBYMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRcwFQYDVQQDEw5D
RkNBIFRFU1QgT0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiL
J/BrdvHSbXNfLIMTwUg9tDtVjMRGXOl6aZnu9IpxjI5SMUJ4hVwgJnmbTokxs6GF
IXKsCLSm5H1jHLI22ysc/ltByEybLWj5jjJuC9+Uknbl3/Ls1RBG6MogUCqZckuo
hKrf5DmlV3C/jVLxGn3pUeanvmqVUi4TKpXxgm5QqKSPF8VtQY4qCpNcQwwZqbMr
D+IfJtfpGAeVrP+Kg6i1t65seeEnVSaLhqpRUDU0PTblOuUv3OhiKJWA3cYWxUrg
7U7SIHNJLSEUWmjy4mKty+g7Cnjzt29F9qXFb6oB2mR8yt4GHCilw1Rc5RBXY63H
eTuOwdtGE3M2p7Q++OECAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR03sWNCn0QGqpp
g1tNIc6Gm8xxODAMBgNVHRMEBTADAQH/MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6
Ly8yMTAuNzQuNDIuMy90ZXN0cmNhL1JTQS9jcmwxLmNybDALBgNVHQ8EBAMCAQYw
HQYDVR0OBBYEFM9wnWHrnXwuuPfLAkD3CZ3+M3SAMA0GCSqGSIb3DQEBBQUAA4IB
AQC0JOazrbkk0XMxMMeBCc3lgBId1RjQLgWUZ7zaUISpPstGIrE5A9aB6Ppq0Sxl
pt2gkFhPEKUqgOFN1CzCDEbP3n4H0chqK1DOMrgTCD8ID5UW+ECTYNe35rZ+1JiF
lOPEhFL3pv6XSkiKTfDnjum8+wFwUBGlfoWK1Hcx0P2Hk1jcZZKwGTx1IAkesF83
pufhxHE2Ur7W4d4tfp+eC7XXcA91pdd+VUrAfkj9eKHcDEYZz66HvHzmt6rtJVBa
pwrtCi9pW3rcm8c/1jSnEETZIaokai0fD7260h/LkD/GrNCibSWxFj1CqyP9Y5Yv
cj6aA5LnUcJYeNkrQ3V4XvVc
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIKUhN+zB19hbc65jANBgkqhkiG9w0BAQUFADBZMQswCQYD
VQQGEwJDTjEwMC4GA1UEChMnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MRgwFgYDVQQDEw9DRkNBIFRFU1QgQ1MgQ0EwHhcNMTIwODI5MDUw
MTI5WhcNMzIwODI5MDUwMTI5WjBZMQswCQYDVQQGEwJDTjEwMC4GA1UEChMnQ2hp
bmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRgwFgYDVQQDEw9D
RkNBIFRFU1QgQ1MgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
rMJGruH6rOBPFxUI7T1ybydSRRtOM1xvkVjQNX0qmYir8feE6Tb0ctgtKR7a20DI
YCj9kZ5ANBQqjRcj3Soq9XH3cirqhYHJ723OKyTpS0RPQ0N6vtVt3P5JQ+ztjWHd
qIbbTOQ6O024TGTiqi6uHgMuz9/OVur81X3a5YVkK7jFeZ9o8cTcvQxD853/1sgZ
QcmR9aUSw0RXH4XFLTrn7n4QSfWKiNotlD8Ag5gS1pH9ONUb6nGkMn3gh1xfJqjm
ONMSknPXTGiNpXtqvYi8oIvByVCbUDO59IwPP1r1SYyE3P8Nr7DdQRu0KQSdXLoG
iugSR3fn+toObVAQmplDAgMBAAGjXTBbMB8GA1UdIwQYMBaAFHTexY0KfRAaqmmD
W00hzoabzHE4MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR0
3sWNCn0QGqppg1tNIc6Gm8xxODANBgkqhkiG9w0BAQUFAAOCAQEAM0eTkM35D4hj
RlGC63wY0h++wVPUvOrObqAVBbzEEQ7ScBienmeY8Q6lWMUTXM9ALibZklpJPcJv
3ntht7LL6ztd4wdX7E9RzZCQnRvbL9A/BU3NxWdeSpCg/OyPod5oCKP+6Uc7kApi
F9OtYNWnt3l2Zp/NiedzEQD8H4qEWQLAq+0dFo5BkfVhb/jPcktndpfPOuH1IMhP
tVcvo6jpFHw4U/nP2Jv59osIE97KJz/SPt2JAYnZOlIDqWwp9/Afvt0/MDr8y0PK
Q9c6eqIzBx7a9LpUTUl5u1jS+xSDZ/KF2lXnjwaFp7jICLWEMlBstCoogi7KwH9A
LpJP7/dj9g==
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat
-----BEGIN CERTIFICATE-----
MIIESzCCAzOgAwIBAgIFEEODQ2EwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMC
Q04xMDAuBgNVBAoTJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEXMBUGA1UEAxMOQ0ZDQSBURVNUIE9DQTEwHhcNMjEwMzI2MDczMjI3WhcN
MjYwMzI2MDczMjI3WjB/MQswCQYDVQQGEwJDTjEVMBMGA1UEChMMQ0ZDQSBURVNU
IENBMREwDwYDVQQLEwhMb2NhbCBSQTEZMBcGA1UECxMQT3JnYW5pemF0aW9uYWwt
MTErMCkGA1UEAxQiMDUxQDBvcGVyYXRvcjAwMDA5MjEwMjA4OTM2OEBaMTFAMTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOVRegsltF3PzqYN9nXRUGn
kUYCReqbhCkFT6t7NAvgbwbeJdf7Me8q5Cqp7XAbIlBQcGslaq94Hi9Vf0paKC+k
67eok1+SSspP+6eEA8Xr6atUgYUyyIJibYyNk2xXEiV3xaQjayhFSXcf39/MrM7x
mh1NsPZS8cALATsyJB2tP578zRNt42TY4VSevqaO4OVfW2AuZ/o9NK+Kza0KEQqJ
Zi7S/1hqSR9d++gXcWgWSK7Wus1owiKPMXVrDccPK0nVxquabccrc67c/lZsTvP/
N//7NgXCbQVcSQvP01TmpaoYknqp9zWJxvQzzlcxtq9oehiK9rUwR0PVxz9nxo0C
AwEAAaOB9DCB8TAfBgNVHSMEGDAWgBTPcJ1h6518Lrj3ywJA9wmd/jN0gDBIBgNV
HSAEQTA/MD0GCGCBHIbvKgEBMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2Zj
YS5jb20uY24vdXMvdXMtMTQuaHRtMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly91
Y3JsLmNmY2EuY29tLmNuL1JTQS9jcmw3ODA5Ny5jcmwwCwYDVR0PBAQDAgPoMB0G
A1UdDgQWBBSvR795UlR6Yh1z2gQYGGFQa8++nzAdBgNVHSUEFjAUBggrBgEFBQcD
AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBAGUxZGTIdPfcF+if+jj+tiJG
LjwgkE3lcnpiwVYbvxPlnl6CBwXvPN2od7M3MEQHXQMn8UAr2b0CCmmc/6Rt/oGc
5TTq+8Ee2w+Qc/1sIMo6p3FM7VXN0GmVwewKIQOQ1NgQ+PbOW745/QmJH6ebFZQ9
sh9W4im/jQQbuxPTi5w7dHNwMKduT0uF5V5oo9ROnYbGLKBipV8tWaPkXj9np0bf
RLs0BrZNHfl0aE1LqB6RpgnHP1B8HpmI2Szv1BNUOj/sx86ve/SwV/amQDBBmAmi
QNu2vM50Ub70KfEdthXaw4F4ay1U2IG7hUhl7TzMyCkiaPANc5aqoZZgmx8huPo=
-----END CERTIFICATE-----
wuxiaolong:0000xxxxxxxx368 macuser$
wuxiaolong:0000xxxxxxxx368 macuser$ cat
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA05VF6CyW0Xc/Opg32ddFQaeRRgJF6puEKQVPq3s0C+BvBt4l
1/sx7yrkKqntcBsiUFBwayVqr3geL1V/SlooL6Trt6iTX5JKyk/7p4QDxevpq1SB
hTLIgmJtjI2TbFcSJXfFpCNrKEVJdx/f38yszvGaHU2w9lLxwAsBOzIkHa0/nvzN
E23jZNjhVJ6+po7g5V9bYC5n+j00r4rNrQoRColmLtL/WGpJH1376BdxaBZIrta6
zWjCIo8xdWsNxw8rSdXGq5ptxytzrtz+VmxO8/83//s2BcJtBVxJC8/TVOalqhiS
eqn3NYnG9DPOVzG2r2h6GIr2tTBHQ9XHP2fGjQIDAQABAoIBAGm5sZDulv5cQ/AX
l/D2rNi9zs3Y3O76fvOwf7sEeWFl6JTZ9LcUAkOsfw8Ckm7uYBsZ1tLzg3fi4dJt
OooAuwvzsQW46sta4pxtkyaFxQzlcYH3XDEeyyq73FnbdMsyRxMJ4my+dhFNbgRk
nQ3LzJ4sBAKYi9DKaZq45QibaYiZ3Luso8W4njRew47rch0XUZK01y+viu+Ia9ED
jHZUa6AQ8mj1CheuwX+Tu3IXewZ2QaQFepgM+0dBG0pm5rF2Fe7WSiH2ZDNBiGU7
/DjgDnU5iQgFNnO9cRQ1YfkFNoyPsneAHaxEkSP01plFFV1sUzgcu2I5jkEA5SYM
VlEnclECgYEA3FQHk7iV8GAmnlgwT1uuSl5Rz7PUOHYWL8TUzVW2JTl2ca1b+4xx
lKmFR3vAgWx2XBmm3X8UCc/3KE8pxUg+bKZDafdoNYPRAojyQYSHQ1tXweUXTs6l
UCcoC1ALbpoL6c8k9X98nlff3mK23ryiykkhyJLoMVb0A5QTg+MbZvsCgYEA9dbI
U3Iy0V12Mb5eusWY5f9rhpKAsEofPQCasR8xYoKljnW2R5Ueb/57l9Q5UR7q4Bat
28MHzaV0NnZRaNMkXOp0/izsCPirTnr3Q91GRB7sdF+CIv6MfKHd4+Dr08CnJb0Z
yJk5j/U5oeo7cBmfZbBaXZqcK2EOaDeUg3tVshcCgYBdMsZJvEjgdyuey1sUFonx
N1iP7VeV0o2sAyyo9tqngFkT2OsRyuS4p8SS6kwR8xlV+BvXkcueIvQ/fs0CgH63
YtUdW+QezvV4hwlCoZa97UN/5zImyc6vywBrWJ6dWFg1vMO7fQPvzugJn+QO7+hE
fQ7nUw0Y4dkyMk7W+Rg8RQKBgQDhyvjJc8zq8N2bCI93Gf+512PKAQsDX8DbRY/O
+KhiIz6t3r2hd3uyP1kC9WADetMdKJdcjf+/yKQ5VWimT69JS+pSfa34+3RTq6sp
gLWF4aUpqYMcYxFjc0Qahb30CjE6/zkMPndZGlFpvnoDFvWI73XAHT4stYMHA217
aa8m1wKBgBPpT7mRqDcYVnhIVCzH0RKaphmzyux7GsUIEqlX3lmrKrIG7okuzSbu
4hSDX5fRmPRSVLPUK4vOuLYREm/YMbE/2N6pRfudMf53zJDeUQnUhc89a6nDEQB4
wpArMpm+WCq+iiJ46lTSNZC7Yu0fBUrPF9eQYiK988Hf8It7RsPm
-----END RSA PRIVATE KEY-----
wuxiaolong:0000xxxxxxxx368 macuser$
其中文件是请求chinapay接口签名时使用的私钥,当前是pkcs1格式。
net,ios中rsa加解密使用的是pkcs1,而java使用的是pkcs8。因为当前这个文件是pkcs1,java不能直接使用,所以需要转换。
pkcs1格式: -----BEGIN RSA PRIVATE KEY----- XXXXXXXXXXXXXXXXX -----END RSA PRIVATE KEY-----
pkcs8格式: -----BEGIN PRIVATE KEY----- XXXXXXXXXXXXXXXXX -----END PRIVATE KEY-----
可以使用openssl将pkcs1转换成pkcs8
三、公钥证书转公钥
将368_cp_test.cer公钥证书转换成公钥
public static PublicKey getPublicKey() throws SecurityException {
String verifyFile = "/Users/macuser/Desktop/chinaPay/368_cp_test.cer";
if (SecssUtil.isEmpty(verifyFile)) {
throw new SecurityException(SecssConstants.VERIFY_CERT_ERROR);
} else {
CertificateFactory cf = null;
FileInputStream in = null;
try {
cf = CertificateFactory.getInstance("X.509");
in = new FileInputStream(verifyFile);
X509Certificate verifyCert = (X509Certificate) cf.generateCertificate(in);
PublicKey pubKey = verifyCert.getPublicKey();
String pk = com.sun.org.apache.xerces.internal.impl.dv.util.Base64.encode(pubKey.getEncoded());
System.out.println("从证书中获得公钥是:" +pk);
if (in != null) {
try {
in.close();
} catch (IOException var16) {
}
}
return pubKey;
} catch (Exception var17) {
LogUtil.writeErrorLog("初始化验签证书异常", var17);
if (in != null) {
try {
in.close();
} catch (IOException var15) {
}
}
throw new SecurityException(SecssConstants.INIT_VERIFY_CERT_ERROR);
} finally {
if (in != null) {
try {
in.close();
} catch (IOException var14) {
}
}
}
}
}
四、安装openssl并转换私钥(将pkcs1转换成pkcs8)
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# wget /source/openssl-1.1.
--2021-04-06 17:24:19-- /source/openssl-1.1.
正在解析主机 ... 104.102.153.249, 2600:1417:76:592::c1e, 2600:1417:76:591::c1e
正在连接 |104.102.153.249|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:9823400 (9.4M) [application/x-gzip]
正在保存至: “openssl-1.1.”
100%[==================================================================================================================================================================>] 9,823,400 12.1M/s in 0.8s
2021-04-06 17:24:21 (12.1 MB/s) - 已保存 “openssl-1.1.” [9823400/9823400])
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# ls
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# tar -zxvf openssl-1.1.
openssl-1.1.1k/
openssl-1.1.1k/ACKNOWLEDGEMENTS
openssl-1.1.1k/AUTHORS
openssl-1.1.1k/CHANGES
openssl-1.1.1k/CONTRIBUTING
openssl-1.1.1k/Configurations/
openssl-1.1.1k/Configurations/
openssl-1.1.1k/Configurations/
openssl-1.1.1k/Configurations/
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]#
[root@iZuf61pdvb2o7cf4mu9ccyZ ~]# cd openssl-1.1.1k
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ll
总用量 1032
-rw-rw-r-- 1 root root 87 3月 25 21:28 ACKNOWLEDGEMENTS
drwxrwxr-x 3 root root 4096 3月 25 21:28 apps
-rw-rw-r-- 1 root root 2549 3月 25 21:28
-rw-rw-r-- 1 root root 854 3月 25 21:28 AUTHORS
-rw-rw-r-- 1 root root 4099 3月 25 21:28
-rw-rw-r-- 1 root root 595440 3月 25 21:28 CHANGES
-rwxrwxr-x 1 root root 28586 3月 25 21:28 config
-rw-rw-r-- 1 root root 2510 3月 25 21:28
drwxrwxr-x 2 root root 4096 3月 25 21:28 Configurations
-rwxrwxr-x 1 root root 130245 3月 25 21:28 Configure
-rw-rw-r-- 1 root root 3627 3月 25 21:28 CONTRIBUTING
drwxrwxr-x 64 root root 4096 3月 25 21:28 crypto
drwxrwxr-x 9 root root 4096 3月 25 21:28 demos
drwxrwxr-x 7 root root 4096 3月 25 21:28 doc
drwxrwxr-x 3 root root 4096 3月 25 21:28 engines
-rw-rw-r-- 1 root root 11055 3月 25 21:28 e_os.h
drwxrwxr-x 3 root root 4096 3月 25 21:28 external
-rw-rw-r-- 1 root root 84 3月 25 21:28 FAQ
drwxrwxr-x 2 root root 4096 3月 25 21:28 fuzz
drwxrwxr-x 5 root root 4096 3月 25 21:28 include
-rw-rw-r-- 1 root root 57824 3月 25 21:28 INSTALL
-rw-rw-r-- 1 root root 6121 3月 25 21:28 LICENSE
drwxrwxr-x 2 root root 4096 3月 25 21:28 ms
-rw-rw-r-- 1 root root 44165 3月 25 21:28 NEWS
-rw-rw-r-- 1 root root 4492 3月 25 21:28
-rw-rw-r-- 1 root root 2093 3月 25 21:28
-rw-rw-r-- 1 root root 4578 3月 25 21:28
-rw-rw-r-- 1 root root 5532 3月 25 21:28
-rw-rw-r-- 1 root root 3861 3月 25 21:28
-rw-rw-r-- 1 root root 7488 3月 25 21:28
drwxrwxr-x 2 root root 4096 3月 25 21:28 os-dep
-rw-rw-r-- 1 root root 3158 3月 25 21:28 README
-rw-rw-r-- 1 root root 16069 3月 25 21:28
-rw-rw-r-- 1 root root 61 3月 25 21:28
drwxrwxr-x 4 root root 4096 3月 25 21:28 ssl
drwxrwxr-x 11 root root 12288 3月 25 21:28 test
drwxrwxr-x 2 root root 4096 3月 25 21:28 tools
drwxrwxr-x 3 root root 4096 3月 25 21:28 util
drwxrwxr-x 2 root root 4096 3月 25 21:28 VMS
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ./config
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64
Using os-specific seed configuration
Creating
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub </openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# make
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" include/crypto/bn_conf. > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" include/crypto/dso_conf. > include/crypto/dso_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" include/openssl/ > include/openssl/
make depend && make _all
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Leaving directory `/root/openssl-1.1.1k'
make[1]: Entering directory `/root/openssl-1.1.1k'
gcc -I. -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -DNDEBUG -MMD -MF apps/app_rand. -MT apps/app_rand.o -c -o apps/app_rand.o apps/app_rand.c
gcc -I. -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -DNDEBUG -MMD -MF apps/ -MT apps/ -c -o apps/ apps/
gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test. -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c
rm -f test/x509_time_test
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \
-o test/x509_time_test test/x509_time_test.o \
test/ -lcrypto -ldl -pthread
gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/ -MT test/ -c -o test/ test/
rm -f test/x509aux
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \
-o test/x509aux test/ \
test/ -lcrypto -ldl -pthread
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" apps/ > "apps/"
chmod a+x apps/
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" apps/ > "apps/"
chmod a+x apps/
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" tools/c_rehash.in > "tools/c_rehash"
chmod a+x tools/c_rehash
/usr/bin/perl "-I." -Mconfigdata "util/" \
"-oMakefile" util/shlib_wrap. > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
make[1]: Leaving directory `/root/openssl-1.1.1k'
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# make install
make depend && make _build_libs
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Leaving directory `/root/openssl-1.1.1k'
make[1]: Entering directory `/root/openssl-1.1.1k'
make[1]: Nothing to be done for `_build_libs'.
make[1]: Leaving directory `/root/openssl-1.1.1k'
*** Installing runtime libraries
install .1.1 -> /usr/local/lib64/.1.1
install .1.1 -> /usr/local/lib64/.1.1
*** Installing development files
created directory `/usr/local/include/openssl'
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/asn1_mac.h -> /usr/local/include/openssl/asn1_mac.h
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
install ./include/openssl/ -> /usr/local/include/openssl/
/usr/local/share/doc/openssl/html/man3/i2d_re_X509_REQ_tbs.html -> /usr/local/share/doc/openssl/html/man3/i2d_re_X509_tbs.html
/usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/i2o_SCT_LIST.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/o2i_SCT.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man3/i2o_SCT.html -> /usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html
/usr/local/share/doc/openssl/html/man5/
/usr/local/share/doc/openssl/html/man5/x509v3_config.html
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/ -> /usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/RAND_DRBG.html
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/ -> /usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/des_modes.html
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/ossl_store
/usr/local/share/doc/openssl/html/man7/ossl_store.html
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
/usr/local/share/doc/openssl/html/man7/
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]# ls
ACKNOWLEDGEMENTS crypto e_os.h include LICENSE util
apps CHANGES Configurations demos external INSTALL Makefile ssl VMS
config Configure doc FAQ .1.1 ms README test
AUTHORS CONTRIBUTING engines fuzz .1.1 NEWS os-dep tools
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
[root@iZuf61pdvb2o7cf4mu9ccyZ openssl-1.1.1k]#
// 将文件内容放入rsa_private_key.pem
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# vim rsa_private_key.pem
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# cat rsa_private_key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA05VF6CyW0Xc/Opg32ddFQaeRRgJF6puEKQVPq3s0C+BvBt4l
1/sx7yrkKqntcBsiUFBwayVqr3geL1V/SlooL6Trt6iTX5JKyk/7p4QDxevpq1SB
hTLIgmJtjI2TbFcSJXfFpCNrKEVJdx/f38yszvGaHU2w9lLxwAsBOzIkHa0/nvzN
E23jZNjhVJ6+po7g5V9bYC5n+j00r4rNrQoRColmLtL/WGpJH1376BdxaBZIrta6
zWjCIo8xdWsNxw8rSdXGq5ptxytzrtz+VmxO8/83//s2BcJtBVxJC8/TVOalqhiS
eqn3NYnG9DPOVzG2r2h6GIr2tTBHQ9XHP2fGjQIDAQABAoIBAGm5sZDulv5cQ/AX
l/D2rNi9zs3Y3O76fvOwf7sEeWFl6JTZ9LcUAkOsfw8Ckm7uYBsZ1tLzg3fi4dJt
OooAuwvzsQW46sta4pxtkyaFxQzlcYH3XDEeyyq73FnbdMsyRxMJ4my+dhFNbgRk
nQ3LzJ4sBAKYi9DKaZq45QibaYiZ3Luso8W4njRew47rch0XUZK01y+viu+Ia9ED
jHZUa6AQ8mj1CheuwX+Tu3IXewZ2QaQFepgM+0dBG0pm5rF2Fe7WSiH2ZDNBiGU7
/DjgDnU5iQgFNnO9cRQ1YfkFNoyPsneAHaxEkSP01plFFV1sUzgcu2I5jkEA5SYM
VlEnclECgYEA3FQHk7iV8GAmnlgwT1uuSl5Rz7PUOHYWL8TUzVW2JTl2ca1b+4xx
lKmFR3vAgWx2XBmm3X8UCc/3KE8pxUg+bKZDafdoNYPRAojyQYSHQ1tXweUXTs6l
UCcoC1ALbpoL6c8k9X98nlff3mK23ryiykkhyJLoMVb0A5QTg+MbZvsCgYEA9dbI
U3Iy0V12Mb5eusWY5f9rhpKAsEofPQCasR8xYoKljnW2R5Ueb/57l9Q5UR7q4Bat
28MHzaV0NnZRaNMkXOp0/izsCPirTnr3Q91GRB7sdF+CIv6MfKHd4+Dr08CnJb0Z
yJk5j/U5oeo7cBmfZbBaXZqcK2EOaDeUg3tVshcCgYBdMsZJvEjgdyuey1sUFonx
N1iP7VeV0o2sAyyo9tqngFkT2OsRyuS4p8SS6kwR8xlV+BvXkcueIvQ/fs0CgH63
YtUdW+QezvV4hwlCoZa97UN/5zImyc6vywBrWJ6dWFg1vMO7fQPvzugJn+QO7+hE
fQ7nUw0Y4dkyMk7W+Rg8RQKBgQDhyvjJc8zq8N2bCI93Gf+512PKAQsDX8DbRY/O
+KhiIz6t3r2hd3uyP1kC9WADetMdKJdcjf+/yKQ5VWimT69JS+pSfa34+3RTq6sp
gLWF4aUpqYMcYxFjc0Qahb30CjE6/zkMPndZGlFpvnoDFvWI73XAHT4stYMHA217
aa8m1wKBgBPpT7mRqDcYVnhIVCzH0RKaphmzyux7GsUIEqlX3lmrKrIG7okuzSbu
4hSDX5fRmPRSVLPUK4vOuLYREm/YMbE/2N6pRfudMf53zJDeUQnUhc89a6nDEQB4
wpArMpm+WCq+iiJ46lTSNZC7Yu0fBUrPF9eQYiK988Hf8It7RsPm
-----END RSA PRIVATE KEY-----
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#转换
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
openssl: error while loading shared libraries: .1.1: cannot open shared object file: No such file or directory #缺少库
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#添加库
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# find / -name .1.1
/root/openssl-1.1.1k/.1.1
/usr/local/lib64/.1.1
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# ln -s /root/openssl-1.1.1k/.1.1 /usr/lib64/.1.1 #第一步
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
openssl: error while loading shared libraries: .1.1: cannot open shared object file: No such file or directory
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# ln -s /usr/local/lib64/.1.1 /usr/lib64/.1.1 #第二步
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
#转换成功
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]# openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTlUXoLJbRdz86
mDfZ10VBp5FGAkXqm4QpBU+rezQL4G8G3iXX+zHvKuQqqe1wGyJQUHBrJWqveB4v
VX9KWigvpOu3qJNfkkrKT/unhAPF6+mrVIGFMsiCYm2MjZNsVxIld8WkI2soRUl3
H9/fzKzO8ZodTbD2UvHACwE7MiQdrT+e/M0TbeNk2OFUnr6mjuDlX1tgLmf6PTSv
is2tChEKiWYu0v9YakkfXfvoF3FoFkiu1rrNaMIijzF1aw3HDytJ1carmm3HK3Ou
3P5WbE7z/zf/+zYFwm0FXEkLz9NU5qWqGJJ6qfc1icb0M85XMbavaHoYiva1MEdD
1cc/Z8aNAgMBAAECggEAabmxkO6W/lxD8BeX8Pas2L3Ozdjc7vp+87B/uwR5YWXo
lNn0txQCQ6x/DwKSbu5gGxnW0vODd+Lh0m06igC7C/OxBbjqy1rinG2TJoXFDOVx
gfdcMR7LKrvcWdt0yzJHEwnibL52EU1uBGSdDcvMniwEApiL0MppmrjlCJtpiJnc
u6yjxbieNF7DjutyHRdRkrTXL6+K74hr0QOMdlRroBDyaPUKF67Bf5O7chd7BnZB
pAV6mAz7R0EbSmbmsXYV7tZKIfZkM0GIZTv8OOAOdTmJCAU2c71xFDVh+QU2jI+y
d4AdrESRI/TWmUUVXWxTOBy7YjmOQQDlJgxWUSdyUQKBgQDcVAeTuJXwYCaeWDBP
W65KXlHPs9Q4dhYvxNTNVbYlOXZxrVv7jHGUqYVHe8CBbHZcGabdfxQJz/coTynF
SD5spkNp92g1g9ECiPJBhIdDW1fB5RdOzqVQJygLUAtumgvpzyT1f3yeV9/eYrbe
vKLKSSHIkugxVvQDlBOD4xtm+wKBgQD11shTcjLRXXYxvl66xZjl/2uGkoCwSh89
AJqxHzFigqWOdbZHlR5v/nuX1DlRHurgFq3bwwfNpXQ2dlFo0yRc6nT+LOwI+KtO
evdD3UZEHux0X4Ii/ox8od3j4OvTwKclvRnImTmP9Tmh6jtwGZ9lsFpdmpwrYQ5o
N5SDe1WyFwKBgF0yxkm8SOB3K57LWxQWifE3WI/tV5XSjawDLKj22qeAWRPY6xHK
5LinxJLqTBHzGVX4G9eRy54i9D9+zQKAfrdi1R1b5B7O9XiHCUKhlr3tQ3/nMibJ
zq/LAGtYnp1YWDW8w7t9A+/O6Amf5A7v6ER9DudTDRjh2TIyTtb5GDxFAoGBAOHK
+MlzzOrw3ZsIj3cZ/7nXY8oBCwNfwNtFj874qGIjPq3evaF3e7I/WQL1YAN60x0o
l1yN/7/IpDlVaKZPr0lL6lJ9rfj7dFOrqymAtYXhpSmpgxxjEWNzRBqFvfQKMTr/
OQw+d1kaUWm+egMW9YjvdcAdPiy1gwcDbXtprybXAoGAE+lPuZGoNxhWeEhULMfR
EpqmGbPK7HsaxQgSqVfeWasqsgbuiS7NJu7iFINfl9GY9FJUs9Qri864thESb9gx
sT/Y3qlF+50x/nfMkN5RCdSFzz1rqcMRAHjCkCsymb5YKr6KInjqVNI1kLti7R8F
Ss8X15BiIr3zwd/wi3tGw+Y=
-----END PRIVATE KEY-----
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
[root@iZuf61pdvb2o7cf4mu9ccyZ mytest]#
通过上面的操作,就完成了两个操作:
公钥证书转公钥
证书转私钥的操作
后面在代码中就可以通过公钥做验签和加密,通过私钥做签名和解密了