由于Mac自带openssl工具,所以不用像windows那样要下载安装openssl工具,我们直接在本地使用openssl来生成私钥和公钥
步骤
1、在本地创建文件夹rsa,并进入文件夹
cd /jokki/rsa
2、终端输入命令openssl打开工具
3、生成RSA私钥
genrsa -out rsa_private_key.pem 1024
OpenSSL> genrsa -out rsa_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
...............++++++
..................++++++
e is 65537 (0x10001)
OpenSSL>
此时我们就可以在rsa文件夹中看到rsa_private_key.pem文件了。
4、转换秘钥格式,把RSA私钥PKCS1转换成PKCS8格式
pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt
OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALsVZ/kunGMqLKa1
ZLtFH+bx+i08yKKbcbwKGZ45n6isGXHgVmMqyF2N/RYHf8u3qL+dSAf7TKJ3rl49
jPGlUUZHwccIlLqQ7CSIcwSRPH0ZbrPffxlWITTJUHKBDnWLZzLBZzaMj5mgmbSN
XLmG++1YcjWG0S8oxBTvKVxPHWU/AgMBAAECgYEAtVfMjweVY7Iv0fCmkbgxckVA
AbWXrbcLigAoUOz+TBt2FqIkWr/PtI+7sSzXvXprQkGM3t/CqwFjrcnv4xQiMFpZ
ILV5v0rmwdZenVFEMD46muDhUzERQNryfCdSXAdLGeOlftMcfmudRwX/6v4Vd59b
OCYUvp95kzv9jP4UEKECQQDrgbtEFro4i6+5NxTq+kQU13PQ5Nhqov3EY70Yx+l/
fuKnefOJ2btY7eyd6uHJ6R61kkVtLUl+DLZ8Ah0JE7/nAkEAy1z520JM1D75LWbY
4Zy8K+9QY1dhzUaDw0f2zfA/Gh7GiRKLQ2Z3USRyuR5bP6Fssxh0Vp3CyJvf3bUT
4bbk6QJAdXtpJMVFrnGYfofIypOAJPl50AppH4EhoLe0nEkV5UEx5iQC5pCUUf+W
mwySCDxf0moeciE2WUgUPHZ9b4rHnwJAKwOhfbUKVyJyxh2o5h+m1Ywq7rg+4ZJ2
sEl6dJjKYBX+XGPlvP3hYvJYqbs4Bb95JHCZuvBnkNMXiOeSKv3qcQJANgkCgzxN
xM/4byx54KOVc2XTuXBD1GyeiRVdDShmFn1tPElZ9w3RVIC/chWZ1g2QvWnqsb6a
653pkG7Cs138Ng==
-----END PRIVATE KEY-----
OpenSSL>
注意:
很多同学执行这个命令的时候会报下面的错误,首先查看命令是否输入正确,如果命令正确还是提示错误,可以删除之前的私钥,重新生成,再执行此命令
OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt
unknown option '–nocrypt'
usage: pkcs8 [-embed] [-in file] [-inform fmt] [-nocrypt]
[-noiter] [-nooct] [-nsdb] [-out file] [-outform fmt] [-passin src]
[-passout src] [-topk8] [-v1 alg] [-v2 alg]
-embed Generate DSA keys in a broken format
-in file Input file (default stdin)
-inform format Input format (DER or PEM (default))
-nocrypt Use or expect unencrypted private key
-noiter Use 1 as iteration count
-nooct Generate RSA keys in a broken format (no octet)
-nsdb Generate DSA keys in the broken Netscape DB format
-out file Output file (default stdout)
-outform format Output format (DER or PEM (default))
-passin source Input file passphrase source
-passout source Output file passphrase source
-topk8 Read traditional format key and write PKCS#8 format key
-v1 algorithm Use PKCS#5 v1.5 or PKCS#12 with given algorithm
-v2 cipher Use PKCS#5 v2.0 with given cipher
error in pkcs8
5、生成RSA公钥
rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
OpenSSL> rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
OpenSSL>
6、exit退出
7、这时我们到文件夹中便能看到生成的两个文件,如果想查看文件内容,将里面的.pem文件改为txt文件就可以查看里面的内容了
image.png
注意:
你在mac上生成的可能是PKCS#1格式,网上很多算法是基于PKCS#8的,需要进行转换,或者换openssl版本(支付宝是pkcs#8格式)
在线转换生成公钥私钥地址:http://tool.chacuo.net/cryptrsapkcs1pkcs8
网友评论