摘要:
使用openssl生成rsa密钥对。密钥长度在512-65536之间(JDK中的默认长度为1024)。私钥以PKCS#8格式编码。RSA使用pkcs协议定义密钥的存储结构。OpenSSL安装位置:
方法一:使用openssl生成rsa密钥对
密钥长度介于 512 - 65536 之间(JDK 中默认长度是1024),且必须是64 的倍数。密钥的常用文件格式有pem(文本存储)或者der(二进制存储)。
当使用Java API生成RSA密钥对时,公钥以X.509格式编码,私钥以PKCS#8格式编码。
RSA使用pkcs协议定义密钥的存储结构等内容
OpenSSL安装位置:F: ensquare_v2OpenSSL-Win64(portable)in
打开cmd,执行以下命令:
第一步:生成私钥,这里我们指定私钥的长度为2048
openssl genrsa -out rsa_private_key.pem 2048
生成文件,文本存储格式,长度2048:
文件内容如下:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA7/qffwbF7wd3N6h0KS1nQLkPY0bSZD93/srTLw5sX2eh7suI Cik9NG8M2Bx01va68MSEgIVhmYVShSuuK9nJMDEygEbTHmnf2iJQJCUUy4ZPBnvi cUjqpyGsWhVJckTNB41a6oLd1TOTrO07d460fzfEJkRxMx1+qQ5fRiUxVEprxC+5 qT5Z2ILonBh4Zm7dZ6ycIwUs9i9jwQkZCx4j6DYBbJo1HxB5+QLJ5hgleh/MVSSZ TXIUoUdkXo6VrrxTTSiVcTaqrRAF3PbDJSjF4NZVv1hJWe0REKDIfnQAgFTFLmeE fM7Av/i2z+xI/OYpsgwkzqY6HtViJmYAq0QnywIDAQABAoIBAGb6mlTtOCThhEQr EmXVKPi6MSM98ey426pHqSYJP3IVS4TobCFIHw6QFOfsFitkx0WoXt+z3PT/JDEn VF9W3qHCitRHEDN95WR60v8ftnO718+Fe993FdLQfWBOwCy732u9OeVmcQEbV+Se DKW6ZDQvXwm41wbDQmYTV8kHDssHK8vle3Q0qzbMI9RS5fq/owH3HWtZKS5HWoWR utqOIZTcz+ao6upv5qnwv2B5XBcYQ+OdENRQgFZN3hpHLPurwSBrtHblkkys/X2p N0BDxnmWmIZtkPHmpd2E6RzPgSczQ+qp0N6uxNcYubYyv9+P7jP/np60h11XKXpC dWoEdpECgYEA+EtrZgV9lIut7wvcOcyVX5VrcBpWh17K5Ic3RwWv6h/SVGpCyrwB k9fSmSseONUAbuaIO9XapOMLgOy2SgwkFRETsXmP32A9E3gEiZPesrMWbuOX9O4c P+HoPnN8k1GL/gdNkHJz7ci/qLSXTlQAF3/5s/sYE0DLROIc8vp0c8MCgYEA920j 1wYzDaw8Ywi92TK+r43MxSYpP6Ke4nT6FBr+0tRR08YjAU8t4AXnOAdjXe0T1O+G qz9qK80R21eB/R/Q8AfE2ZpUHr5s2PkibOTtIL0Z2KFiAvSQDWV+r0tYcfk6ccS6 poZkzh/MXlu9WhwPl2YGEspxI+2laTL0Prk241kCgYEAtm3zgwoVssbODQ0RygXe 2lPWlI9FdEDZof8XRj+PeN3Yk91fJcXtAstYGOHtWqRlpRYMkqoV84A+O4Owi8dP 24qohYVjiCQVu/A6pTrYLUQX/3GJfJRWfTlmgjwoE7Wevg5vluoA83zEFRha81oU ly+YL/0VO1AoCXx4+K28UjECgYEAnciyv0/LxN9eTwVnFBhhM9CokdzJFzScP+u7 ApFIiaguWm+TKSWWKrN5BOjpPB+Qswzgg1pYWYBX79l5IrNkaX160g2xsT1cam1N v8WpVmRhFB2uRBYzuudLh3vz9hKqa5y6LrGrnSr4CABW2xzj8Hd2TgtdZT0Ka/C7 gzhXwVkCgYBHEcUgn+4RyEYJZ/NC4dDPw4qsjnM21KR3BGaiOM3Jk2uzO3i/v3HC vzH1DypaJvaMU1qbpweq64zTYlrYTEPRrFcFwzNlV83SNvKXusxLJZdy8nE3fNMr t+z532dPSf/ylu9EmBfEx0AdobylV+tLF0sDoIw450Ntfg5lakIhHw== -----END RSA PRIVATE KEY-----
第二步:根据私钥生成对应的公钥:
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key_2048.pub
生成文件:
文件内容如下:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/qffwbF7wd3N6h0KS1n QLkPY0bSZD93/srTLw5sX2eh7suICik9NG8M2Bx01va68MSEgIVhmYVShSuuK9nJ MDEygEbTHmnf2iJQJCUUy4ZPBnvicUjqpyGsWhVJckTNB41a6oLd1TOTrO07d460 fzfEJkRxMx1+qQ5fRiUxVEprxC+5qT5Z2ILonBh4Zm7dZ6ycIwUs9i9jwQkZCx4j 6DYBbJo1HxB5+QLJ5hgleh/MVSSZTXIUoUdkXo6VrrxTTSiVcTaqrRAF3PbDJSjF 4NZVv1hJWe0REKDIfnQAgFTFLmeEfM7Av/i2z+xI/OYpsgwkzqY6HtViJmYAq0Qn ywIDAQAB -----END PUBLIC KEY-----
第三步:私钥转化成pkcs8格式
尖括号的意思是:将转化好的私钥写到rsa_private_key_pkcs8.pem文件里
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt > rsa_private_key_pkcs8.pem
生成文件:
文件内容如下:
-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDv+p9/BsXvB3c3 qHQpLWdAuQ9jRtJkP3f+ytMvDmxfZ6Huy4gKKT00bwzYHHTW9rrwxISAhWGZhVKF K64r2ckwMTKARtMead/aIlAkJRTLhk8Ge+JxSOqnIaxaFUlyRM0HjVrqgt3VM5Os 7Tt3jrR/N8QmRHEzHX6pDl9GJTFUSmvEL7mpPlnYguicGHhmbt1nrJwjBSz2L2PB CRkLHiPoNgFsmjUfEHn5AsnmGCV6H8xVJJlNchShR2RejpWuvFNNKJVxNqqtEAXc 9sMlKMXg1lW/WElZ7REQoMh+dACAVMUuZ4R8zsC/+LbP7Ej85imyDCTOpjoe1WIm ZgCrRCfLAgMBAAECggEAZvqaVO04JOGERCsSZdUo+LoxIz3x7LjbqkepJgk/chVL hOhsIUgfDpAU5+wWK2THRahe37Pc9P8kMSdUX1beocKK1EcQM33lZHrS/x+2c7vX z4V733cV0tB9YE7ALLvfa7055WZxARtX5J4MpbpkNC9fCbjXBsNCZhNXyQcOywcr y+V7dDSrNswj1FLl+r+jAfcda1kpLkdahZG62o4hlNzP5qjq6m/mqfC/YHlcFxhD 450Q1FCAVk3eGkcs+6vBIGu0duWSTKz9fak3QEPGeZaYhm2Q8eal3YTpHM+BJzND 6qnQ3q7E1xi5tjK/34/uM/+enrSHXVcpekJ1agR2kQKBgQD4S2tmBX2Ui63vC9w5 zJVflWtwGlaHXsrkhzdHBa/qH9JUakLKvAGT19KZKx441QBu5og71dqk4wuA7LZK DCQVEROxeY/fYD0TeASJk96ysxZu45f07hw/4eg+c3yTUYv+B02QcnPtyL+otJdO VAAXf/mz+xgTQMtE4hzy+nRzwwKBgQD3bSPXBjMNrDxjCL3ZMr6vjczFJik/op7i dPoUGv7S1FHTxiMBTy3gBec4B2Nd7RPU74arP2orzRHbV4H9H9DwB8TZmlQevmzY +SJs5O0gvRnYoWIC9JANZX6vS1hx+TpxxLqmhmTOH8xeW71aHA+XZgYSynEj7aVp MvQ+uTbjWQKBgQC2bfODChWyxs4NDRHKBd7aU9aUj0V0QNmh/xdGP4943diT3V8l xe0Cy1gY4e1apGWlFgySqhXzgD47g7CLx0/biqiFhWOIJBW78DqlOtgtRBf/cYl8 lFZ9OWaCPCgTtZ6+Dm+W6gDzfMQVGFrzWhSXL5gv/RU7UCgJfHj4rbxSMQKBgQCd yLK/T8vE315PBWcUGGEz0KiR3MkXNJw/67sCkUiJqC5ab5MpJZYqs3kE6Ok8H5Cz DOCDWlhZgFfv2Xkis2RpfXrSDbGxPVxqbU2/xalWZGEUHa5EFjO650uHe/P2Eqpr nLousaudKvgIAFbbHOPwd3ZOC11lPQpr8LuDOFfBWQKBgEcRxSCf7hHIRgln80Lh 0M/DiqyOczbUpHcEZqI4zcmTa7M7eL+/ccK/MfUPKlom9oxTWpunB6rrjNNiWthM Q9GsVwXDM2VXzdI28pe6zEsll3LycTd80yu37PnfZ09J//KW70SYF8THQB2hvKVX 60sXSwOgjDjnQ21+DmVqQiEf -----END PRIVATE KEY-----
方法二:使用keytool生成密钥证书
注意使用Openssl先生成私钥,再由私钥生成公钥。而使用keytool则是生成密钥证书,每个证书包含公钥和私钥。
一、生成秘钥证书xc.keystore的命令
在一个没有英文的目录中打开cmd,执行以下命令:
keytool -genkeypair -alias xckey -keyalg RSA -keypass xuecheng -keystore xc.keystore -storepass xuechengkeystore
Keytool 是一个java提供的证书管理工具
-alias:密钥(即密钥对,包括公钥和私钥)的别名
-keyalg:使用的hash算法
-keypass:密钥(密钥对)的访问密码
-keystore:密钥库文件名,xc.keystore保存了生成的证书
-storepass:密钥库的访问密码
执行完之后,会多出一个文件
查询证书信息:keytool -list -keystore xc.keystore(需要输入密钥库的密码)
删除别名:keytool -delete -alias xckey -keystore xc.keystore
二、从密钥证书中导出公钥pubkey
openssl是一个加解密工具包,这里使用openssl来导出公钥信息。公钥放在资源服务中。
cmd进入xc.keystore文件所在目录执行如下命令:
keytool -list -rfc --keystore xc.keystore | openssl x509 -inform pem -pubkey
下边这一段就是公钥内容:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDFL6SdYkToAxEbLrzzL VdXF/p1jSz4Cp/rusQE/VDSXC2PpA17bz2TQq3bhCkTREFZKWM7wRdWFVq9CIBJ1 N5nZ/33Zdt2sVIzBIhZUXiUqpU83PZPzy+46wAqrCZHrNtUETf1V7u3z50mcoDUI 9WpsYYzrWCyaIlZGUZIfgxf7HU5XE1T89Y/BMuFEW7sipchrKudlrxEyYwofr3+1 m48NKuGxmwW7gCchlklyTGY5xA1+CJODIu6IJFRgzyh1Q0skJsKZJ5c0fWfO1tsn E6abmQcQLANVfQBo7q1WLucxb3JCrJF2ccrpQbhGbytZqrDg6naYm4MtdvE86zNx sQIDAQAB -----END PUBLIC KEY-----
将上边的公钥拷贝到文本文件中,合并为一行。