我生成一个 ED25519 密钥对:
$ openssl genpkey -algorithm ed25519 | openssl pkey -text
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEp53xeY8qoDU5mi2h7O//pJnI5CXWHWI9SVhgjKq1kt
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
59:2d
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30
然后我将 priv 密钥存储为十六进制以供以后使用。
$ hex=4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:59:2d
根据另一个答案,以下应该为我提供原始数据,但我收到错误:
$ echo $hex | xxd -r -ps > ed25519.der
$ cat ed25519.der | openssl pkey -inform der -noout -text
Could not read key from <stdin>
如何正确地从十六进制私钥重新生成ED25519公钥?
如何正确地从十六进制私钥重新生成ED25519公钥?
正如 Topaco 的评论中所解释的,
hex
是编码的 raw 私钥,即只有 ED25519 密钥的 32 字节。
请参阅此答案了解更多详细信息。
但是
openssl
需要 OpenSSL DER 或 PEM 格式的输入。
所以会有两个步骤:
为此,您只需在 32 字节
header
键之前添加以下额外的 hex
字节:
##### Creating a private DER key from the private hex key:
header=30:2e:02:01:00:30:05:06:03:2b:65:70:04:22:04:20
hex=4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:59:2d
echo "${header}${hex}" | xxd -r -ps > ed25519.der
您现在可以检查创建的 DER 文件的内容,如下所示:
##### Check contents of DER file:
cat ed25519.der | openssl pkey -inform der -noout -text
输出:
ED25519 Private-Key:
priv:
4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
59:2d
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30
您还可以选择创建 PEM 格式的私钥,如下所示:
##### Creating a private PEM key from the private DER key:
openssl pkey -in ed25519.der -outform pem -out ed25519.pem
ed25519.pem 的内容:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEp53xeY8qoDU5mi2h7O//pJnI5CXWHWI9SVhgjKq1kt
-----END PRIVATE KEY-----
要创建 DER 格式的公钥:
##### Creating a public DER key from the private DER key:
openssl pkey -in ed25519.der -outform der -pubout -out ed25519.pub.der
要创建 PEM 格式的公钥:
##### Creating a public PEM key from the private DER key:
openssl pkey -in ed25519.der -outform pem -pubout -out ed25519.pub.pem
ed25519.pub.pem 的内容:
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAyK+Un/miEJUtVDR1vpQt55rvnE58bYCu/SXjpNWw4zA=
-----END PUBLIC KEY-----
##### Check contents of keys, but this time without cat:
echo "=== Private DER key ==="
openssl pkey -inform der -in ed25519.der -noout -text
echo "=== Private PEM key ==="
openssl pkey -inform pem -in ed25519.pem -noout -text
echo "=== Public DER key ==="
openssl pkey -pubin -inform der -in ed25519.pub.der -noout -text
echo "=== Public PEM key ==="
openssl pkey -pubin -inform pem -in ed25519.pub.pem -noout -text
输出:
=== Private DER key ===
ED25519 Private-Key:
priv:
4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
59:2d
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30
=== Private PEM key ===
ED25519 Private-Key:
priv:
4a:79:df:17:98:f2:aa:03:53:99:a2:da:1e:ce:ff:
fa:49:9c:8e:42:5d:61:d6:23:d4:95:86:08:ca:ab:
59:2d
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30
=== Public DER key ===
ED25519 Public-Key:
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30
=== Public PEM key ===
ED25519 Public-Key:
pub:
c8:af:94:9f:f9:a2:10:95:2d:54:34:75:be:94:2d:
e7:9a:ef:9c:4e:7c:6d:80:ae:fd:25:e3:a4:d5:b0:
e3:30