OpenSSL命令如何从生成的证书文件中提取出公钥文件?

wizard 发布于 2013/06/02 10:38
阅读 30K+
收藏 1

已经生成用户证书 server.crt,如何从中提取出公钥文件?

$ openssl x509 -outform PEM -in server/server.crt -pubkey -out server/server.pubkey

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYhJizzt4+zhLMTSjDk0rd6MlK
xBYKIp972+Wc9KSpOs5LGQ+2802mlr6dSDWJJhJShArqOIKgxNE7ZBZYlGeDo4l6
Dm4DyVFpu62fObgk6vmU8T7nvF8Uo7sQdpfqgUjofGFgUDjB3fYgKUTp+kOj6RMh
R3uttrZmOraF/rEUkQIDAQAB
-----END PUBLIC KEY-----


可以显示公钥信息,手动将其中内容复制到一个文件中做公钥测试成功,但是此命令输出的文件内容不是公钥信息,内容如下:

-----BEGIN CERTIFICATE-----
MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJjbjEQ
MA4GA1UECBMHYmVpamluZzEMMAoGA1UEChMDYW9lMRYwFAYDVQQDEw13d3cuenlu
ZXQubXRuMB4XDTEzMDYwMjAxMjIxNloXDTE0MDYwMjAxMjIxNlowbzELMAkGA1UE
BhMCY24xEDAOBgNVBAgMB2JlaWppbmcxDDAKBgNVBAoMA0FPRTEPMA0GA1UEAwwG
d2l6YXJkMQwwCgYDVQQLDANjb3AxITAfBgkqhkiG9w0BCQEWEnd6aGgxOTg4QGdt
YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2ISYs87ePs4SzE0o
w5NK3ejJSsQWCiKfe9vlnPSkqTrOSxkPtvNNppa+nUg1iSYSUoQK6jiCoMTRO2QW
WJRng6OJeg5uA8lRabutnzm4JOr5lPE+57xfFKO7EHaX6oFI6HxhYFA4wd32IClE
6fpDo+kTIUd7rba2Zjq2hf6xFJECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
FOhSP6PH+gt+PZjgIjhLGMMakFfMMB8GA1UdIwQYMBaAFMy18STW93imC2lMDsqI
i6P0N+1hMA0GCSqGSIb3DQEBBQUAA4GBAH5nNEEP9HeBI7osag8SKRwu4VICQl5W
AkHv08/kbVxd8B6ieI9si+DpHMQMl5Uk44Vz164aEAlkJFL3UEt8XJPpnYmrEM5X
jdF4+VmQqPcxsSlxRmk60VMpR+cTZURPweKtbTD8WkszaShG263k+4GWuiERxVJu
uL1TUTvMbg6B
-----END CERTIFICATE-----

求提取证书中密钥文件的命令,网上查了许多无果。


加载中
0
stephansun
stephansun

直接输入

openssl x509 -in ca.crt -pubkey
的确会看到两个公钥输出,

如果将它转换成der格式文件的公钥文件,则没有任何多余输出

openssl x509 -in ca.crt -inform PEM -out ca.der -outform DER

1
S
StormNight

try to use "-noout", it means no certificate output

0
suweite
suweite

试一下这样:

openssl x509 -outform PEM -in server/server.crt -pubkey > server/server.pubkey

0
wizard
wizard

引用来自“suweite”的答案

试一下这样:

openssl x509 -outform PEM -in server/server.crt -pubkey > server/server.pubkey

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYhJizzt4+zhLMTSjDk0rd6MlK
xBYKIp972+Wc9KSpOs5LGQ+2802mlr6dSDWJJhJShArqOIKgxNE7ZBZYlGeDo4l6
Dm4DyVFpu62fObgk6vmU8T7nvF8Uo7sQdpfqgUjofGFgUDjB3fYgKUTp+kOj6RMh
R3uttrZmOraF/rEUkQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJjbjEQ
MA4GA1UECBMHYmVpamluZzEMMAoGA1UEChMDYW9lMRYwFAYDVQQDEw13d3cuenlu
ZXQubXRuMB4XDTEzMDYwMjAxMjIxNloXDTE0MDYwMjAxMjIxNlowbzELMAkGA1UE
BhMCY24xEDAOBgNVBAgMB2JlaWppbmcxDDAKBgNVBAoMA0FPRTEPMA0GA1UEAwwG
d2l6YXJkMQwwCgYDVQQLDANjb3AxITAfBgkqhkiG9w0BCQEWEnd6aGgxOTg4QGdt
YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2ISYs87ePs4SzE0o
w5NK3ejJSsQWCiKfe9vlnPSkqTrOSxkPtvNNppa+nUg1iSYSUoQK6jiCoMTRO2QW
WJRng6OJeg5uA8lRabutnzm4JOr5lPE+57xfFKO7EHaX6oFI6HxhYFA4wd32IClE
6fpDo+kTIUd7rba2Zjq2hf6xFJECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
FOhSP6PH+gt+PZjgIjhLGMMakFfMMB8GA1UdIwQYMBaAFMy18STW93imC2lMDsqI
i6P0N+1hMA0GCSqGSIb3DQEBBQUAA4GBAH5nNEEP9HeBI7osag8SKRwu4VICQl5W
AkHv08/kbVxd8B6ieI9si+DpHMQMl5Uk44Vz164aEAlkJFL3UEt8XJPpnYmrEM5X
jdF4+VmQqPcxsSlxRmk60VMpR+cTZURPweKtbTD8WkszaShG263k+4GWuiERxVJu
uL1TUTvMbg6B
-----END CERTIFICATE-----

得到的结果是这样,不是单独的公钥文件。 用此文件用rsautl命令加密后用原来的私钥文件解密出错。

RSA operation error
3077802136:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:rsa_pk1.c:190:
3077802136:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:594:


0
张俊杰C开发

楼主解决了吗?

0
M
MemoryReload

bingo!

openssl x509 -outform PEM -in server/server.crt -pubkey -noout > public_key.pem
返回顶部
顶部