macos下openssl 生成pkcs1格式rsa密钥的问题

在linux下openssl genrsa 生成的密钥为PKCS#1格式,但在macos下生成的密钥却为PKCS#8格式。经检查发现是因为在macos上新安装了MacPorts,而MacPorts新安装的openssl为新的版本,新版本生成密钥的默认格式为pkcs#8。

运行macos下旧版本genrsa帮助如下:

/usr/bin/openssl genrsa -help
usage: genrsa [args] [numbits]
 -des            encrypt the generated key with DES in cbc mode
 -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)
 -aes128, -aes192, -aes256
                 encrypt PEM output with cbc aes
 -camellia128, -camellia192, -camellia256
                 encrypt PEM output with cbc camellia
 -out file       output the key to 'file'
 -passout arg    output file pass phrase source
 -f4             use F4 (0x10001) for the E value
 -3              use 3 for the E value

而运行MacPorts安装的openssl genrsa帮助如下:

/opt/local/bin/openssl genrsa -help
Usage: genrsa [options] numbits

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device

Input options:
 -3                  (deprecated) Use 3 for the E value
 -F4                 Use the Fermat number F4 (0x10001) for the E value
 -f4                 Use the Fermat number F4 (0x10001) for the E value

Output options:
 -out outfile        Output the key to specified file
 -passout val        Output file pass phrase source
 -primes +int        Specify number of primes
 -verbose            Verbose output
 -traditional        Use traditional format for private keys
 -*                  Encrypt the output with any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 numbits             Size of key in bits

我们看到后者多了 ’-traditional‘ 参数。查看 genrsa帮助看到这个参数就是用来生成PKCS#1格式的密钥的。

man openssl-genrsa

       -traditional
           Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.

因此新版本openssl生成PKCS#1格式rsa密钥要加止 "-traditional“ 参数。

openssl genrsa -traditional -out rsa-traditional-1024 1024

猜你喜欢

转载自blog.csdn.net/alpbrook/article/details/121883918

相关文章