我想知道如果pem文件包含私钥和公钥? Pem代表什么?.pem文件是否包含私钥和公钥?
25
A
回答
36
由于PEM文件不是标准文件,PEM文件可能只包含任何内容,包括公钥和/或私钥。实际上PEM只是意味着文件包含一个base64编码的数据位。通过引用S/MIME之前作为邮件安全标准的旧的隐私增强邮件标准,它被称为PEM文件。这些标准以特定的base64格式指定了各种密钥和消息的格式。例如,请参阅RFC 1421。
通常,PEM文件包含一个base64编码密钥或证书,其格式为-----BEGIN <whatever>-----
和-----END <whatever>----
。随着时间的推移,对于<whatever>
,包括私钥,公钥,X509证书,PKCS7数据,包含多个证书的文件,包含私钥和X509证书的文件,PKCS#10证书签名请求等等,已经形成了许多可能性...
2
您可以decode您PEM格式化x509certificate用下面的命令:
openssl x509 -in cert.pem -text -noout
对于以下example:
-----BEGIN CERTIFICATE-----
MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw
CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy
dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu
dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X
uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud
DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG
SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA
l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
-----END CERTIFICATE-----
您将获得:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = BE, O = GnuTLS, OU = GnuTLS certificate authority, ST = Leuven, CN = GnuTLS certificate authority
Validity
Not Before: May 23 20:38:21 2011 GMT
Not After : Dec 22 07:41:51 2012 GMT
Subject: C = BE, O = GnuTLS, OU = GnuTLS certificate authority, ST = Leuven, CN = GnuTLS certificate authority
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:52:d8:8d:23:8a:e3:67:d7:86:36:b1:20:0b:09:
7d:c8:c9:ba:a2:20:95:2f:c5:4a:63:fa:83:5f:ce:
78:2f:8f:f3:62:ca:fd:b7:f7:80:56:9d:6e:17:b9:
0e:11:4c:48:b2:c0:af:3b:59:17:16:30:68:09:07:
99:17:fe:dd:a7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
F0:B4:81:FE:98:12:BF:B5:28:B9:64:40:03:CB:CC:1F:66:4E:28:03
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:31:ae:c0:3d:4a:3f:21:be:85:17:fc:f0:c7:b2:
31:07:2a:38:56:43:d1:36:d5:95:e1:7e:52:c0:06:43:87:a7:
02:21:00:97:8c:0e:b8:3c:0a:41:af:ae:a5:cf:06:7e:d5:c4:
d8:2f:ff:e2:62:80:34:10:ba:22:dd:35:81:46:93:22:9a
了解Public Key Algorithm
和Signature Algorithm
部分之间的差异读this(两者都是公共的)。
相关问题
- 1. 如何创建包含RSA私钥/公钥的PEM文件
- 2. 是.snk包含私钥和公钥吗?
- 3. 将.pem公钥和私钥导入JKS密钥库
- 4. 公钥和私钥文件(.pkr,.skr)
- 5. 私钥/公钥
- 6. 将PEM私钥文件转换为JAVA私钥对象
- 7. 创建公钥和私钥
- 8. Google recaptcha公钥和私钥
- 9. 公钥和私钥混淆
- 10. Bouncycastle加密私钥PEM输出:RSA私钥与私钥
- 11. EC公钥/私钥的文件格式?
- 12. 无法设置私钥文件:'./cert.pem'type PEM
- 13. 与公钥/私钥
- 14. 公钥和私钥API密钥
- 15. 提取从OpenSSL的密钥文件的公钥和私钥
- 16. PyCrypto:解密只用文件中的公钥(无私钥+公钥)
- 17. 从pem格式的私钥中提取公钥
- 18. C#导出私钥/ RSA公钥到PEM串
- 19. 是否可以将私钥包含在.CER证书文件中?
- 20. PHP RSA得到的PEM文件公钥
- 21. .Net公钥文件(.pke)到OpenSSL PEM
- 22. 如何获取pem文件的公钥?
- 23. 私钥长度>公钥?
- 24. OpenSSL AES_cfb128_encrypt公钥/私钥C++
- 25. OpenSSL转换.PEM只包含RSA私钥到.PKCS12
- 26. Javascript ECDSA获取私钥和公钥?
- 27. JWT公钥和私钥无效
- 28. 公钥和私钥的关系
- 29. 生成OpenSSL私钥和公钥
- 30. 扩展的私钥和公钥
感谢您解释缩写代表什么 – hek2mgl