相关疑难解决方法(0)

我有一个der格式的证书,从这个命令我生成一个公钥:

openssl x509 -inform der -in ejbcacert.cer -noout -pubkey > pub1key.pub

结果如下:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7vbqajDw4o6gJy8UtmIbkcpnk
O3Kwc4qsEnSZp/TR+fQi62F79RHWmwKOtFmwteURgLbj7D/WGuNLGOfa/2vse3G2
eHnHl5CB8ruRX9fBl/KgwCVr2JaEuUm66bBQeP5XeBotdR4cvX38uPYivCDdPjJ1
QWPdspTBKcxeFbccDwIDAQAB
-----END PUBLIC KEY-----

我怎样才能获得这样的公钥？来自证书还是来自这个公钥？

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC7vbqajDw4o6gJy8UtmIbkcpnkO3Kwc4qsEnSZp/TR+fQi62F79RHWmwKOtFmwteURgLbj7D/WGuNLGOfa/2vse3G2eHnHl5CB8ruRX9fBl/KgwCVr2JaEuUm66bBQeP5XeBotdR4cvX38uPYivCDdPjJ1QWPdspTBKcxeFbccDw==

这是通过以下命令获得的:

ssh-keygen -y -f private_key1.pem > public_key1.pub

我在哪里可以找到有关RSA公钥格式的文档？

RSA公钥,格式为OpenSSH:

SSH-RSA AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYsc8/tRtx + RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER + A0w/fX8ALuk78ktP31K69LcQgxIsl7rNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaXfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN + ffE7iiayQf/2XR + 8j4N4bW30DiPtOQLGUrH1y5X/rpNZNlWW2 + jGIxqZtgWg7lTy3mXy5x836Sj/6L

格式化用于Secure Shell的相同公钥(RFC 4716 - 安全Shell(SSH)公钥文件格式):

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYs
c8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS
0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7r
NzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaX
fgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQ
LGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L
---- END SSH2 PUBLIC KEY ----

格式化为RSA公钥的相同公钥(注意五个 -,没有空格):

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+xGZ/wcz9ugFpP07Nspo6U17l0YhFiFpxxU4pTk3Lifz9R3zsIsu
ERwta7+fWIfxOo208ett/jhskiVodSEt3QBGh4XBipyWopKwZ93HHaDVZAALi/2A
+xTBtWdEo7XGUujKDvC2/aZKukfjpOiUI8AhLAfjmlcD/UZ1QPh0mHsglRNCmpCw
mwSXA9VNmhz+PiB+Dml4WWnKW/VHo2ujTXxq7+efMU4H2fny3Se3KYOsFPFGZ1TN
QSYlFuShWrHPtiLmUdPoP6CV2mML1tk+l7DIIqXrQhLUKDACeM5roMx0kLhUWB8P
+0uj1CNlNN4JRZlC7xFfqiMbFRU9Z4N6YwIDAQAB
-----END RSA PUBLIC KEY-----

base-64编码数据的十六进制转储:

00 00 00 07 73 73 68 2d 72 73 61 00 00 00 01 25 00 00 01 00 …

我想使用RSA公钥加密.存储或检索私钥和公钥的最佳方法是什么？XML在这里是个好主意吗？

如何获得钥匙？

RSAParameters privateKey = RSA.ExportParameters(true);
RSAParameters publicKey = RSA.ExportParameters(false);

因为RSAParameters具有以下成员:D,DP,DQ,Exponent,InverseQ,Modulus,P,Q

哪一个是关键？

我有ssh-keygen生成的id_rsa.pub密钥.如何以编程方式将id_rsa.pub文件转换为RSA DER格式的密钥？

我一直尝试使用PHP的openssl扩展生成RSA密钥对,并将结果保存为OpenSSH兼容密钥对 - 意味着私钥是PEM编码(这很容易),公钥以OpenSSH特定格式存储以下形式:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA...more base64 encoded stuff...

据我所知,这种格式包括:

• 明文中的键类型,后跟空格(即"openssh-rsa")
• base64编码的字符串,表示以下数据:
  • 算法名称的长度(以字节为单位)(在本例中为7)编码为32位无符号长大端
  • 算法名称,在本例中为'ssh-rsa'
  • RSA'e'数字的长度,以字节为单位,编码为32位无符号长大端
  • RSA'e'号码
  • RSA'n'的长度,以字节为单位,编码为32位无符号长大端
  • RSA'n'号码

我尝试使用PHP的pack()函数实现这一点,但无论我尝试什么,结果永远不会等同于我ssh-keygen -y -f在openssl生成的相同RSA私钥上使用命令所得到的结果.

这是我的代码的简化版本:

<?php

// generate private key
$privKey = openssl_pkey_new(array(
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA
));

// convert public key to OpenSSH format
$keyInfo = openssl_pkey_get_details($privKey);
$data = pack("Na*", 7, 'ssh-rsa');
$data .= pack("Na*", strlen($keyInfo['rsa']['e']), $keyInfo['rsa']['e']);
$data .= pack("Na*", strlen($keyInfo['rsa']['n']), $keyInfo['rsa']['n']);

$pubKey = "ssh-rsa " . base64_encode($data);

echo "PHP generated RSA public key:\n$pubKey\n\n";

// For comparison, generate public …

我正在尝试使用Apples安全框架将生成的公共RSA密钥转换为SSH.

这是我用于生成密钥对的代码:

- (void)generatePrivateKey {
    NSDictionary *privateKeyAttr = @{(__bridge id)kSecAttrIsPermanent: @YES,
                                     (__bridge id)kSecAttrApplicationTag: self.privateTag};
    NSDictionary *publicKeyAttr = @{(__bridge id)kSecAttrIsPermanent: @YES,
                                    (__bridge id)kSecAttrApplicationTag: self.publicTag};


    NSDictionary *keyPairAttr = @{(__bridge id)kSecAttrKeySizeInBits: @1024,
                                  (__bridge id)kSecAttrKeyType: (__bridge id)kSecAttrKeyTypeRSA,
                                  (__bridge id)kSecPrivateKeyAttrs: privateKeyAttr,
                                  (__bridge id)kSecPublicKeyAttrs: publicKeyAttr};

    SecKeyRef publicKey;
    SecKeyRef privateKey;

    SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKey, &privateKey);
}

- (NSString *)getPublicKey {
    NSString *contents = [self keyForTag:self.publicTag];
    return [NSString stringWithFormat:@"-----BEGIN RSA PUBLIC KEY-----\n%@\n-----END RSA PUBLIC KEY-----", contents];
}

- (NSString *)getPrivateKey {
    NSString *contents = [self keyForTag:self.privateTag];
    return [NSString stringWithFormat:@"-----BEGIN …

作为标题，如何从Java中的SSH RSA公钥计算指纹？我从sample.pub获得了一个rsaPublicKey对象，并使用库Apache Commons Codec计算了指纹， DigestUtils.sha256Hex(rsaPublicKey.getEncoded()); 但是使用ssh-keygen命令 ssh-keygen -E sha256 -lf sample.pub sample.pub 时却得到了不同的指纹 ，如下所示 ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsuVPKUpLYSCNVIHD+e6u81IUznkDoiOvn/t56DRcutRc4OrNsZZ+Lmq49T4JCxUSmaT8PeLGS/IC946CNQzFwMh++sVoc19UUkZtRaDgiYn+HkYk8VW4IFI1dKfXomKSbX/lB+ohzLzXLVP2/UJgfBmdaE10k+6b+/Yd8YGXIeS8/Z9zToHPo0ORNSGIolgq3xMXUtfAOK/0KC6IFc/FuvuOSAG1UWup91bcm5GSXv4BWWjgFtOxCLIknYjsDah4qfrP8Olp5eUDhn/65xRcZsmRXoYe1ylhlSjJoPDFWXVs9npwqQmi3JaZtgg7xJxMu1ZcdpYxoj280zM9/6w1Lw==