Prince's Blog: [小筆記]從pfx檔extract出 Private Key

[練習]P賽道 | 主頁 | [音樂]丁噹 - 花火

November 4, 2009

[小筆記]從pfx檔extract出 Private Key

wangprince 在天空部落發表於12:08:17 | 電腦與網際網路

鼓勵此網誌：0　

之前在寫一些加解密程式，其中用到數位信封的東西，
　

數位信封

優點：結合對稱式加密與公開金鑰加密
封信(Sealing)：
- 發文者先將欲傳送的訊息用「私密金鑰碼系統」（Private-Key Cryptosystem，如 AES）予以加密。
- 訊息加密時所到的「加密金鑰」（Encryption Key）則根據收文者於「公開金鑰密碼系統」（ Public-Key Cryptosystem，如 RSA）上對外公開的加密金鑰予以加密後與加密的訊息傳送出去。
開信(Opening)：
- 收文者先以「公開金鑰密碼系統」上的私密金鑰，解出訊息內的對稱式「解密金鑰」，再用此對稱式「解密金鑰」將訊息恢復成明文。

為了要能在程式內使用pfx檔的 publick key 和 private key，所以就要先將它們extract出來....
還好openssl幫上一點忙了

這裡定義了PFX跟PEM檔案的意義

PFX : PFX defines a file format commonly used to store private with accompanying public key certificates, protected with a password-based symmetric key (standard-PKCS12).
PEM : Openssl usages PEM (Privacy Enhanced Mail Certificate) to store the private key.
If you have the openssl then go to command prompt and run the following commands (If not, download it from openssl, you can either download binary or source and then compile).

If you want to extract private key from a pfx file and write it to PEM file

openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

If you want to extract the certificate file (the signed public key) from the pfx file

openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem

To remove the password from the private key file.

openssl.exe rsa -in privateKey.pem -out private.pem

This is required as, at the time of exporting privateKey, you have added a password to the private key to secure it. If you left the password with it, it will keep asking the password as any application tries to access it.

Prince's Blog

想到什麼就寫些什麼，重要的是，為自己留下一點回憶...