我產生3個密鑰/證書使用這個腳本:解密OpenSSL的證書
#!/bin/sh
AUTH='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/[email protected]'
if [ "$1" == "" ]; then
echo "Create a test certificate key."
echo "Usage: $0 NAME"
echo "Will generate NAME.pk8 and NAME.x509.pem"
echo " $AUTH"
exit
fi
openssl genrsa -3 -out $1.pem 2048
openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \
-subj "$AUTH"
echo "Please enter the password for this key:"
openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -passout stdin
輸出是:
releasekey.pem
releasekey.pk8
releasekey.x509.pem
然後我嘗試使用此命令解密:
openssl pkcs8 -in ~/.android-certs/releasekey.pk8 -inform DER
所以,輸出是
alex-garmas-osx:android alex-garmash$ openssl pkcs8 -in ~/.android-
certs/releasekey.pk8 -inform DER
Enter Password:
-----BEGIN PRIVATE KEY-----
CONTENT OF PRIVATE KEY HERE
-----END PRIVATE KEY-----
它的工作正常。 releasekey.pk8
沒有一個密碼
當我做的命令是一樣的:
openssl pkcs8 -in ~/.android-certs/releasekey.pk8 -inform DER -nocrypt
我有一個錯誤:
140735885419528:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1200:
140735885419528:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:768:
140735885419528:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:700:Field=version, Type=PKCS8_PRIV_KEY_INFO
在documentation我看到,我可以使用選項-nocrypt
,但它爲什麼失敗?
UPDATE
非常感謝@bartonjs的解釋。爲了解決這個問題,你需要-nocrypt標誌添加到腳本的最後一個命令,那麼你可以使用
#!/bin/sh
AUTH='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/[email protected]'
if [ "$1" == "" ]; then
echo "Create a test certificate key."
echo "Usage: $0 NAME"
echo "Will generate NAME.pk8 and NAME.x509.pem"
echo " $AUTH"
exit
fi
openssl genrsa -3 -out $1.pem 2048
openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \
-subj "$AUTH"
echo "Please enter the password for this key:"
openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -passout stdin -nocrypt
從文檔'-nocrypt' _使用此選項預期或輸出未加密的PrivateKeyInfo結構._但releasekey.pk8'用密碼加密。不是嗎? – pedrofb
@pedrofb無。我在上面寫道:「releasekey.pk8沒有密碼」passphrase =密碼。這是空的 – Alexander