19

我正在尝试从 pkcs #12 文件中获取私有 RSA 密钥。

我试过运行标准

openssl pkcs12 -nocerts -out priv.pem -in domain.com.pfx

但是,这会产生一个如下所示的密钥文件:

Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00 
friendlyName: xxxxxxxx
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Key Attributes
X509v3 Key Usage: 10
-----BEGIN ENCRYPTED PRIVATE KEY-----

我需要将其放入的服务器无法处理密钥文件,当我查看示例数据时,我看到如下文件

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2CF27DD60B8BB3FF

当然,这两个文件中都存在密钥。但是,服务器似乎只接受 RSA 私钥文件,在我看来,我得到的输出是一个 X509v3 文件,有人知道如何将其转换为 RSA 私钥文件吗?

4

3 回答 3

32

好吧 - 使用文本编辑器删除有问题的行可能是最简单的。否则下面将清理包属性:

openssl pkcs12 -in x.pfx  -nocerts -nodes -passin pass:123456 | openssl rsa -out privkey.pem

也可以用来获取der/net

openssl pkcs12 -in x-fred.p12  -nocerts -nodes -passin pass: | openssl rsa -outform DER -out privkey.der

which may be in fact the format you want. It is fairly common for tools to not accept a password less private key though (and a lot of tools will silently fail if the # of chars are not at least 4 or 6). So in those cases change the tailend to:

.... | openssl rsa -passout pass:123456 -out privkey.pem
.... | openssl rsa -passout pass:123456 -out privkey.der -outform der
于 2012-09-14T11:22:33.053 回答
1

On windows 7 64bit, you can simply use your command.But in mac and linux, you should do the following steps:

1, create your pem file:
openssl pkcs12 -in xxx.pfx -out xxx.pem

2, create your rsa private key :
openssl pkcs12 -in xxx.pfx -passin pass:yourpassword | openssl rsa -des3 -passout pass:yourpassowrd -out xxx.key

this step will create the key file with the conten:" -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,2CF27DD60B8BB3FF"

3, open your .pem and .key file in a text editor, and replace the origin key" -----BEGIN ENCRYPTED PRIVATE KEY-----" in the .pem file with the rsa key in the .key file.

于 2013-12-19T09:43:38.950 回答
1

This works for me:

openssl pkcs12 -in "$1" \
    -nocerts -nomacver \
    -passin file:<(cat "$pw") \
    -passout file:<(cat "$pw") |
sed -n '/^-----BEGIN ENCRYPTED PRIVATE KEY-----/,/^-----END ENCRYPTED PRIVATE KEY-----/p'
于 2018-12-07T14:45:25.873 回答