RSA私钥和公钥文件格式 (pkcs#1, pkcs#8, pkcs#12, pem)

RSA Public Key file (PKCS#1)

The RSA Public key PEM file is specific for RSA keys.

It starts and ends with the tags:

1. -----BEGIN RSA PUBLIC KEY-----
2. BASE64 ENCODED DATA
3. -----END RSA PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

1. RSAPublicKey ::= SEQUENCE {
2. modulus INTEGER, -- n
3. publicExponent INTEGER -- e
4. }

Public Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of public key and contains the relevant data.

It starts and ends with the tags:

1. -----BEGIN PUBLIC KEY-----
2. BASE64 ENCODED DATA
3. -----END PUBLIC KEY-----

Within the base64 encoded data the following DER structure is present:

1. PublicKeyInfo ::= SEQUENCE {
2. algorithm AlgorithmIdentifier,
3. PublicKey BIT STRING
4. }
6. AlgorithmIdentifier ::= SEQUENCE {
7. algorithm OBJECT IDENTIFIER,
8. parameters ANY DEFINED BY algorithm OPTIONAL
9. }

So for an RSA public key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPublicKey as the PublicKey key data bitstring.

RSA Private Key file (PKCS#1)

The RSA private key PEM file is specific for RSA keys.

It starts and ends with the tags:

1. -----BEGIN RSA PRIVATE KEY-----
2. BASE64 ENCODED DATA
3. -----END RSA PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

1. RSAPrivateKey ::= SEQUENCE {
2. version Version,
3. modulus INTEGER, -- n
4. publicExponent INTEGER, -- e
5. privateExponent INTEGER, -- d
6. prime1 INTEGER, -- p
7. prime2 INTEGER, -- q
8. exponent1 INTEGER, -- d mod (p-1)
9. exponent2 INTEGER, -- d mod (q-1)
10. coefficient INTEGER, -- (inverse of q) mod p
11. otherPrimeInfos OtherPrimeInfos OPTIONAL
12. }

Private Key file (PKCS#8)

Because RSA is not used exclusively inside X509 and SSL/TLS, a more generic key format is available in the form of PKCS#8, that identifies the type of private key and contains the relevant data.

The unencrypted PKCS#8 encoded data starts and ends with the tags:

1. -----BEGIN PRIVATE KEY-----
2. BASE64 ENCODED DATA
3. -----END PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

1. PrivateKeyInfo ::= SEQUENCE {
2. version Version,
3. algorithm AlgorithmIdentifier,
4. PrivateKey BIT STRING
5. }
7. AlgorithmIdentifier ::= SEQUENCE {
8. algorithm OBJECT IDENTIFIER,
9. parameters ANY DEFINED BY algorithm OPTIONAL
10. }

So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is a RSAPrivateKey as the PrivateKey key data bitstring.

The encrypted PKCS#8 encoded data start and ends with the tags:

1. -----BEGIN ENCRYPTED PRIVATE KEY-----
2. BASE64 ENCODED DATA
3. -----END ENCRYPTED PRIVATE KEY-----

Within the base64 encoded data the following DER structure is present:

1. EncryptedPrivateKeyInfo ::= SEQUENCE {
2. encryptionAlgorithm EncryptionAlgorithmIdentifier,
3. encryptedData EncryptedData
4. }
6. EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
8. EncryptedData ::= OCTET STRING

The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo (see above).