先简单介绍一下RSA。
- 加密、解密:使用公钥对数据进行加密,通过私钥对加密后的数据解密。
- 加签、解签:使用私钥对数据进行签名,通过加签名的数据和公钥进行数据验证,以确认合法性。
- 第一步:生成私钥,这里我们指定私钥的长度为2048
openssl genrsa -out rsa_private_key.pem 2048
生成的rsa_private_key.pem内容如下:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzuT124KbsXqqOvHbpD9uqVBSNbodP9IjErDtvfKvjRlJpI37
FkGZrHzz3w6CoXm2VrPtTOtWDF0FcqEFoeRi4ayEWaShF7kEXI0QCAgqCXZX1Q8w
YPq0PCLJDTfnKvEYP1f83kY2oYLI38v1ft1Usztharkspgum0FaNZrsJnV27tRlH
LNtzsza/B020AAJwRov6xAU09KeMCTjveGI9jNtjt+sN91vXORis9m3jKEYgzKrZ
BFHMRYbaWJQK1oIxFgkwetmst2I3K6QLfOEOoml+FuUJIUQp63JM5UmIkjxo3sK0
fwFpGudlJ2n8FdtDkl2UGgJZgImE9Vc2QPTEbQIDAQABAoIBACSM+opPJqZSH2TO
eZkow6oR0JRBTw2JWDzjGP0ntK/euc3ib2tdJ4L7iDHt5FIWqInku5WNNeR1QpMf
s1kIeheYXMFhfjwsqYKYQS7KEnMdfyLazhcz80d0dcRqDeLeOQRnzPqPuPMLoeU3
qSVCgMYxRWKPWD31bQD9aXmurWIpbcBz3HHqrJ5Q9/dS0GW7tYHZkiqOhks7+sqB
6ld1Io3M1/qsJd5/irXhLolDWDpoYKyx3fsxS46BExxU1Bwuu2FghQf3/dRug4dY
DzkbvINSmUiU0W+8Vnyz+WHyqnZbydS7bpoP5eguRbU1yLR5wbbOozY7XiP6Qi5V
cDC1HAECgYEA57pge5pEpUpDfC//WeDFJ1Uq9PDGYiU0nMiXekFSS3QKZ60bZScN
tCZeebAckJVBXVF5r4aIjM2X3kG8c/mArpc/3byBKzZpWO54pSL97xcaBRvuh2BX
LD+HPcrix5UW1BFFRKuEA7FOUeP7B4jllLx6zgPDTSLnlCOAU5NOKe0CgYEA5JCv
wQ2APchj1/NTT6Ed0NiimnOqtLNcsMGcLTxhZukGoWXzEbGKNSwzlHbgNuWcjZhp
IcX427VjS+w2s10vr91KZcrWf4x2U4Svbv4mZJhgIXvHXbNayei2hYfku5I2g5bC
e1XBljtLM/+9t1eHkQR84uZ5UwvyMyOofDaTtIECgYEA0MqDqJsFgxD44Wq135vA
yIHapLxVY5U2ZJXwtn0o00eJIIU/C9M2a72unmJqOnPhY13IELldS9DrJ51/WdfT
dHxfVUFF+VObdD/agKCYwNbF4RibwWqy4PGUv76Qu1fAK/Arw4Xu+wzFDtAmHVHh
2jRBSmLllBkBI98g/yzY3rkCgYA5pkzOMquP6cVVKKhww0CT9rA8qMP7w+mzI4JS
3pHqtQfZGa/PXKpxcu6nmbw/3HY6OKD7xcVZFU0wTyoU34Ixp20mc5zamwEVW7gs
FKp2YQCOMXw9pAlYN/whff8xWFWrpxDyrtSfIeF8AhtF7SviZfFiAaPEUJUMVQgg
HFvxAQKBgQCY/tdNGZfMUYM0+uxoVKDc6J/QYLgqEU0KC8pDj7HYuKNqPxLvBT38
nUsYEdDFbgQbtLoMtwjjvAQ7RRnwa87jTc3HiNICbDuMFDy14OwXfgDRM6SHCuzp
DMX7hBkzeMzzDqfJZjTR9dIPIj/pP7kBw6CuSGmYByrg+BLwtSOmCw==
-----END RSA PRIVATE KEY-----
- 第二步:根据私钥生成对应的公钥:
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key_2048.pem
生成的rsa_public_key_2048.pem文件内容为:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuT124KbsXqqOvHbpD9u
qVBSNbodP9IjErDtvfKvjRlJpI37FkGZrHzz3w6CoXm2VrPtTOtWDF0FcqEFoeRi
4ayEWaShF7kEXI0QCAgqCXZX1Q8wYPq0PCLJDTfnKvEYP1f83kY2oYLI38v1ft1U
sztharkspgum0FaNZrsJnV27tRlHLNtzsza/B020AAJwRov6xAU09KeMCTjveGI9
jNtjt+sN91vXORis9m3jKEYgzKrZBFHMRYbaWJQK1oIxFgkwetmst2I3K6QLfOEO
oml+FuUJIUQp63JM5UmIkjxo3sK0fwFpGudlJ2n8FdtDkl2UGgJZgImE9Vc2QPTE
bQIDAQAB
-----END PUBLIC KEY-----
- 第三步:私钥转化成pkcs8格式(该格式一般Java调用)
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform pem -nocrypt -out private_pkcs8.pem
生成的private_pkcs8.pem的文件内容为:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO5PXbgpuxeqo6
8dukP26pUFI1uh0/0iMSsO298q+NGUmkjfsWQZmsfPPfDoKhebZWs+1M61YMXQVy
oQWh5GLhrIRZpKEXuQRcjRAICCoJdlfVDzBg+rQ8IskNN+cq8Rg/V/zeRjahgsjf
y/V+3VSzO2FquSymC6bQVo1muwmdXbu1GUcs23OzNr8HTbQAAnBGi/rEBTT0p4wJ
OO94Yj2M22O36w33W9c5GKz2beMoRiDMqtkEUcxFhtpYlArWgjEWCTB62ay3Yjcr
pAt84Q6iaX4W5QkhRCnrckzlSYiSPGjewrR/AWka52UnafwV20OSXZQaAlmAiYT1
VzZA9MRtAgMBAAECggEAJIz6ik8mplIfZM55mSjDqhHQlEFPDYlYPOMY/Se0r965
zeJva10ngvuIMe3kUhaoieS7lY015HVCkx+zWQh6F5hcwWF+PCypgphBLsoScx1/
ItrOFzPzR3R1xGoN4t45BGfM+o+48wuh5TepJUKAxjFFYo9YPfVtAP1pea6tYilt
wHPcceqsnlD391LQZbu1gdmSKo6GSzv6yoHqV3UijczX+qwl3n+KteEuiUNYOmhg
rLHd+zFLjoETHFTUHC67YWCFB/f91G6Dh1gPORu8g1KZSJTRb7xWfLP5YfKqdlvJ
1Ltumg/l6C5FtTXItHnBts6jNjteI/pCLlVwMLUcAQKBgQDnumB7mkSlSkN8L/9Z
4MUnVSr08MZiJTScyJd6QVJLdApnrRtlJw20Jl55sByQlUFdUXmvhoiMzZfeQbxz
+YCulz/dvIErNmlY7nilIv3vFxoFG+6HYFcsP4c9yuLHlRbUEUVEq4QDsU5R4/sH
iOWUvHrOA8NNIueUI4BTk04p7QKBgQDkkK/BDYA9yGPX81NPoR3Q2KKac6q0s1yw
wZwtPGFm6QahZfMRsYo1LDOUduA25ZyNmGkhxfjbtWNL7DazXS+v3UplytZ/jHZT
hK9u/iZkmGAhe8dds1rJ6LaFh+S7kjaDlsJ7VcGWO0sz/723V4eRBHzi5nlTC/Iz
I6h8NpO0gQKBgQDQyoOomwWDEPjharXfm8DIgdqkvFVjlTZklfC2fSjTR4kghT8L
0zZrva6eYmo6c+FjXcgQuV1L0OsnnX9Z19N0fF9VQUX5U5t0P9qAoJjA1sXhGJvB
arLg8ZS/vpC7V8Ar8CvDhe77DMUO0CYdUeHaNEFKYuWUGQEj3yD/LNjeuQKBgDmm
TM4yq4/pxVUoqHDDQJP2sDyow/vD6bMjglLekeq1B9kZr89cqnFy7qeZvD/cdjo4
oPvFxVkVTTBPKhTfgjGnbSZznNqbARVbuCwUqnZhAI4xfD2kCVg3/CF9/zFYVaun
EPKu1J8h4XwCG0XtK+Jl8WIBo8RQlQxVCCAcW/EBAoGBAJj+100Zl8xRgzT67GhU
oNzon9BguCoRTQoLykOPsdi4o2o/Eu8FPfydSxgR0MVuBBu0ugy3COO8BDtFGfBr
zuNNzceI0gJsO4wUPLXg7Bd+ANEzpIcK7OkMxfuEGTN4zPMOp8lmNNH10g8iP+k/
uQHDoK5IaZgHKuD4EvC1I6YL
-----END PRIVATE KEY-----
- 第四步:PKCS8格式私钥转换为PKCS1(传统私钥格式)
openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem
实际private_pkcs1.pem 和 rsa_private_key.pem 内容一致才对
