微软makecert导出私钥¶
微软生成需要的文件¶
使用makecert生成证书 [1]:
// 1.生成一个自签名的根证书(issuer,签发者)
$> makecert -n "CN=Root" -r -sv makecert.pvk makecert.cer
// 2.使用这个证书签发一个子证书(使用者,subject)
// 注: 这儿未使用子证书
$> makecert -n "CN=Child" -iv makecert.pvk -ic makecert.cer -sv ChildSubject.pvk ChildSubject.cer
// 3.公钥证书格式转换成SPC。 cert2spc.exe
$> cert2spc makecert.cer makecert.spc
// 4.将公钥证书和私钥合并成一个PFX格式的证书文件。pvk2pfx.exe
$> pvk2pfx -pvk makecert.pvk -spc makecert.spc -pfx makecert.pfx
最后得到文件:
makecert.pfx // 证书文件,内含私钥
makecert.cer // 证书文件,内含公钥
导出公私钥具体步骤¶
1.提取私钥:
$> openssl pkcs12 -nodes -nocerts -in makecert.pfx -out makecert_private.pem -passin pass:""
Bag Attributes
localKeyID: 01 00 00 00
Microsoft CSP Name: Microsoft Strong Cryptographic Provider
friendlyName: PvkTmp:4e0ee9f1-300d-4314-80de-fa493a4737db
Key Attributes
X509v3 Key Usage: 80
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1/TE/kSSWfcOe
fG9aQbJdexWH7KSnJQB9riyKuRU2ddJBAycxIXrVtmwsWfJTFwajKaGddG22R/AH
jmUULLg4fc9b3NdoyPd3sYGhNk1mfGcju7K348fBdmmxhOF/PIKv4N5W/CDX0uX4
l/9Ns9fw4ICsrRib+X1nuuNNDGPPHsmH2qNnfp36nMmQBXIGgueDMomxVnN6AE/u
/syxLc7+Qj5KUa9P9dgglQdsqegm2uuJm5xmlIhOufZ/BuUi+8EsTm0GPO66uKsq
ApI0Lqixe2/6CQ2ZvbGc7PfALRTKRpKMLyoG/UrBU6CTA93wDl/EhzBcekuQRiFz
K2vNWEk5AgMBAAECggEBAJpn+8TnLJfSlIp/ISr+2oqdx6LPkNOPfV8ky/3XErxm
MsGeHz58HW/9msH2frcoriT5SXoCMqOZXXnLws7fMl4bwDc8pDbva6dOH6HcJMdz
fT7AHd4PkIgAI6TODVSaznbS31IGEQeMlDnbHG2czPY+RG49XsfXYiMEWZ4hiP1M
ulV/WsxNDPf/8Eqq33XUlbLrDGSCDoVyXBjgGhdEaoLxRiit0w2Dt/c6nfE3DBoz
FScJ7eV5eT2ufhn7BSDT1EVyAjr4vlDVH9rmyoCPt1d3xA5W5zyw+33UBXWXKGe/
0OD4LHrM+j14DhAEwOFveuYicas3icnFc+kOpEfHuAECgYEA/1TR/pF884Fb4p2I
LbFnIq9Ymy5mEWnDImoWDXeFi2fftEYcxCCaNaF5Ei9f9lPzsQmLfYAwDuHB1ymO
2+sMYgD3Bo1hPEbA9wE4Cd/H4uJCCNNklaC8EA5Y59g7iUoTXHAycJqG2enqeiGr
M6KlHq2gVnhIRXIW2HU446cvH/kCgYEAtnczqYPj+TvZwMu6ROZtr2TIBCJDL4OS
7wmTohzObpwrI48/RQoW+Sqycpj1dvJqqoPAGWDAOnvec5pgTU2NC0Kp9d9dtSva
dMDNdEcYTYUyPcdv1CC/OOxMoUYoGifbld5c1JeH5PFUbzQsjg+ILE8Qb2vSwOxW
FGvcQsPbQ0ECgYEAhUMi2ufaPElOyMcJlTebKao058FeukXl96dA3UR9adYMFs3l
I6QUeFtPkmMxhaIpdUQTDqyB6LKBdigVjMhvzRLN2xidIFWZTxHOyrCGZe9LIcob
HFEo9oRWeKMN58jGtB9G5Chyq3d/zsCV1zxTS+C454idx8kVDWKZD5BpcxkCgYEA
oJLiSgmhdFIxXTNsZvoKCNI+GzUzvvqhMe9RltaW7ExOwmprmYw5j2j9xU/KpLTN
HeX4Bd1ZDZ64sy9mFGFtAD3YaGH7i1ZeV2Tc6bkvL/lJr4h1Z06yOZvqC/s7i1kM
KyWWuBfqJZYjYgGePB57DdM+eW9/9vuE/U+2dKL7sIECgYEAtIjrheH4mRl7s/IA
sQBX/S99sptDKpv2x0iCOHoDRruYx3t1wHbtUr60IyQcOenlyK9MQKMLlxxkP9yb
I2dAJ4b4qJacEzu6XZai97WIRUJGJp5Mr1Feu6gQ8gwcC6DT1uaBORTG808N2fm6
lm3kPkYbtv4Nc1aZGsKcHRcZqxI=
-----END PRIVATE KEY-----
2.把der格式的证书转化为pem格式:
$> openssl x509 -in makecert.cer -inform der -outform pem -out makecert_sign.pem
-----BEGIN CERTIFICATE-----
MIIDGTCCAgGgAwIBAgIQ7uSueMJL9KVIi2t3xhHt3jANBgkqhkiG9w0BAQsFADAl
MSMwIQYDVQQDExpUcnVzdCAtIExlbm92byBDZXJ0aWZpY2F0ZTAeFw0xMjA2MjAw
MzM4MTFaFw0zOTEyMzEyMzU5NTlaMBAxDjAMBgNVBAMTBU1vY2NhMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf0xP5Ekln3DnnxvWkGyXXsVh+ykpyUA
fa4sirkVNnXSQQMnMSF61bZsLFnyUxcGoymhnXRttkfwB45lFCy4OH3PW9zXaMj3
d7GBoTZNZnxnI7uyt+PHwXZpsYThfzyCr+DeVvwg19Ll+Jf/TbPX8OCArK0Ym/l9
Z7rjTQxjzx7Jh9qjZ36d+pzJkAVyBoLngzKJsVZzegBP7v7MsS3O/kI+SlGvT/XY
IJUHbKnoJtrriZucZpSITrn2fwblIvvBLE5tBjzuurirKgKSNC6osXtv+gkNmb2x
nOz3wC0UykaSjC8qBv1KwVOgkwPd8A5fxIcwXHpLkEYhcytrzVhJOQIDAQABo1ow
WDBWBgNVHQEETzBNgBBi7mB+hoAYkIgwqqvULbkioScwJTEjMCEGA1UEAxMaVHJ1
c3QgLSBMZW5vdm8gQ2VydGlmaWNhdGWCEF7S5f9r+P2eQAlgRgqiwAcwDQYJKoZI
hvcNAQELBQADggEBAGS+lixkAvR4JmaDYGeP6MoFZMH0Ws+hTuETu1bxtA8fA+SO
rQVEzDyskS5VTneNVmNGxkco+O9Qnv4wtm2kQW0+LGXEQ8MNBd8Lzxt79vfketz3
ux8ZnGTA4eaTYOLqzhix00SfDMeMSdmvFNxFo06AFy1XqJEisqfVjmRqhRVcOPNl
K8AsvyIazHP85fwKC+VYQv+DJXm3dAtlg4ZwS1YrS87kkYAR7C4o7uKDuU4mS3oP
qpdf4F3nB72qJmd9Cd9m18vyGL6LjPqq5Cc9Ik7kmJE1SP7CTjho2oYx9ZyJMfD2
PVFFzfTOwgLOI+WFlFfdwn2+I1pfdV/RovsAPrQ=
-----END CERTIFICATE-----
3.提取公钥:
$> openssl x509 -pubkey -noout -in makecert_sign.pem > makecert.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf0xP5Ekln3DnnxvWkGy
XXsVh+ykpyUAfa4sirkVNnXSQQMnMSF61bZsLFnyUxcGoymhnXRttkfwB45lFCy4
OH3PW9zXaMj3d7GBoTZNZnxnI7uyt+PHwXZpsYThfzyCr+DeVvwg19Ll+Jf/TbPX
8OCArK0Ym/l9Z7rjTQxjzx7Jh9qjZ36d+pzJkAVyBoLngzKJsVZzegBP7v7MsS3O
/kI+SlGvT/XYIJUHbKnoJtrriZucZpSITrn2fwblIvvBLE5tBjzuurirKgKSNC6o
sXtv+gkNmb2xnOz3wC0UykaSjC8qBv1KwVOgkwPd8A5fxIcwXHpLkEYhcytrzVhJ
OQIDAQAB
-----END PUBLIC KEY-----
通过公私钥具体操作¶
执行命令加解密:
// 公钥签名
openssl dgst -sha256 -sign makecert_private.pem -out signature.bin testfile
// 私钥验证
openssl dgst -sha256 -verify makecert.pem -signature signature.bin testfile