RSA 加密 公钥密钥生成以及der文件的使用

具体实现:

iOS端

生成公钥和私钥

  1. 新建文件夹,用来保存生成的私钥和公钥,打开终端 cd 新建,进入到新建文件夹中,openssl 打开openssl
  2. genrsa -out rsa_private_key.pem 1024 生成私钥
  3. pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt 这步一定要有,需要将私钥转成PKCS8的格式才能使用,此时复制私钥(先复制私钥,然后在4步取出公钥, 使用这里的私钥和第四部生成的公钥, 不要使用rsa_private_key.pem里面的私钥, 否则会报algid parse error, not a sequence 错误, 就是说没有进行pkcs8 编码)
  4. rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem 生成公钥
    writing RSA key

此时在新建文件夹中会出现两个文件


储存公钥和私钥的pem文件
  1. 生成 .csr 文件
    req -new -out cert.csr -key rsa_private_key.pem(创建证书请求)
    注意: 这一步一定是私钥, 不能是公钥

[图片上传中...(屏幕快照 2018-05-23 上午12.36.41.png-9c8012-1527007028144-0)]

下面是输出结果:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:ZJ
Locality Name (eg, city) []:HZ
Organization Name (eg, company) []:BeiLian
Organizational Unit Name (eg, section) []:BillionTect
Common Name (eg, fully qualified host name) []:BL
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456

最终的显示效果

屏幕快照 2018-05-23 上午12.36.41.jpg
  1. 生成 .der文件

x509 -req -in cert.csr -out rsa_public_key.der -outform der -signkey rsa_private_key.pem -days 3650(自签署根证书)

输出结果:

Signature ok
subject=/C=CN/ST=ZJ/L=HZ/O=BeiLian/OU=BillionTect/CN=BL/[email protected]
Getting Private key
  1. 退出
OpenSSL> exit

最终生成4个文件


屏幕快照 2018-05-23 上午12.41.39.png

你可能感兴趣的:(RSA 加密 公钥密钥生成以及der文件的使用)