将 HEX 格式的私钥读回 OpenSSL

问题描述 投票:0回答:1

我生成一个 ED25519 密钥对:

$ openssl genpkey -algorithm ed25519 | openssl pkey -text
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEp53xeY8qoDU5mi2h7O//pJnI5CXWHWI9SVhgjKq1kt
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
    4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
    fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
    59:2d
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30

然后我将 priv 密钥存储为十六进制以供以后使用。

$ hex=4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:59:2d

根据另一个答案,以下应该为我提供原始数据,但我收到错误:

$ echo $hex | xxd -r -ps > ed25519.der
$ cat ed25519.der | openssl pkey -inform der -noout -text
Could not read key from <stdin>

如何正确地从十六进制私钥重新生成ED25519公钥?

openssl hex ed25519
1个回答
0
投票

如何正确地从十六进制私钥重新生成ED25519公钥?

正如 Topaco 的评论中所解释的,

hex
是编码的 raw 私钥,即只有 ED25519 密钥的 32 字节。 请参阅此答案了解更多详细信息。

但是 

openssl
需要 OpenSSL DER 或 PEM 格式的输入。

所以会有两个步骤:

  1. 从 32 字节十六进制密钥重新创建 OpenSSL 私钥。
  2. 从 OpenSSL 私钥创建 OpenSSL 公钥。

从 32 字节十六进制密钥重新创建 OpenSSL 私钥。

为此,您只需在 32 字节 

header
键之前添加以下额外的 
hex
字节:

##### Creating a private DER key from the private hex key:
header=30:2e:02:01:00:30:05:06:03:2b:65:70:04:22:04:20
hex=4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:59:2d
echo "${header}${hex}" | xxd -r -ps > ed25519.der

您现在可以检查创建的 DER 文件的内容,如下所示:

##### Check contents of DER file:
cat ed25519.der | openssl pkey -inform der -noout -text

输出:

ED25519 Private-Key:
priv:
    4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
    fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
    59:2d
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30

您还可以选择创建 PEM 格式的私钥,如下所示:

##### Creating a private PEM key from the private DER key:
openssl pkey -in ed25519.der -outform pem -out ed25519.pem

ed25519.pem 的内容:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEp53xeY8qoDU5mi2h7O//pJnI5CXWHWI9SVhgjKq1kt
-----END PRIVATE KEY-----

从 OpenSSL 私钥创建 OpenSSL 公钥。

要创建 DER 格式的公钥:

##### Creating a public DER key from the private DER key:
openssl pkey -in ed25519.der -outform der -pubout -out ed25519.pub.der

要创建 PEM 格式的公钥:

##### Creating a public PEM key from the private DER key:
openssl pkey -in ed25519.der -outform pem -pubout -out ed25519.pub.pem

ed25519.pub.pem 的内容:

-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAyK+Un/miEJUtVDR1vpQt55rvnE58bYCu/SXjpNWw4zA=
-----END PUBLIC KEY-----

可选:打印生成的 DER 或 PEM 文件的 32 字节十六进制密钥以进行检查

##### Check contents of keys, but this time without cat:
echo "=== Private DER key ==="
openssl pkey -inform der -in ed25519.der -noout -text
echo "=== Private PEM key ==="
openssl pkey -inform pem -in ed25519.pem -noout -text
echo "=== Public DER key ==="
openssl pkey -pubin -inform der -in ed25519.pub.der -noout -text
echo "=== Public PEM key ==="
openssl pkey -pubin -inform pem -in ed25519.pub.pem -noout -text

输出:

=== Private DER key ===
ED25519 Private-Key:
priv:
    4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
    fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
    59:2d
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30
=== Private PEM key ===
ED25519 Private-Key:
priv:
    4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
    fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
    59:2d
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30
=== Public DER key ===
ED25519 Public-Key:
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30
=== Public PEM key ===
ED25519 Public-Key:
pub:
    c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
    e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
    e3:30
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.