openssl pem.h 中提供了关于pem格式密钥对的操作接口
通常使用.pem的格式文件来保存openssl 生成的密钥对;
在终端下 cat xxx.pem 可以看到
-----BEGIN RSA PRIVATE KEY-----
XXXX
-----END RSA PRIVATE KEY-----
密钥数据进行了BASE64编码
1. 示例:将生成的密钥对保存成pem文件
void testWriteRSA2PEM()
{
//生成密钥对
RSA *r = RSA_new();
int bits = ;
BIGNUM *e = BN_new();
BN_set_word(e, );
RSA_generate_key_ex(r, bits, e, NULL); RSA_print_fp(stdout, r, ); BIO *out;
out = BIO_new_file("/Users/cocoajin/Desktop/opriv.pem","w");
//这里生成的私钥没有加密,可选加密
int ret = PEM_write_bio_RSAPrivateKey(out, r, NULL, NULL, , NULL, NULL);
printf("writepri:%d\n",ret);
BIO_flush(out);
BIO_free(out); out = BIO_new_file("/Users/cocoajin/Desktop/opub.pem","w");
ret = PEM_write_bio_RSAPublicKey(out, r);
printf("writepub:%d\n",ret);
BIO_flush(out);
BIO_free(out); BN_free(e);
RSA_free(r); }
在目标路径保存了生成的公钥opub.pem和私钥oprov.pem
输出日志
Private-Key: ( bit)
modulus:
:e6::f5:6f:4d:5e:c2:ad:0d:f5:::::
ca:6f::4f:3a:::e2:ee:a2:cc::::e2:
3d:0d:e3:0d:c0:6a:::b6:c7:de:e2:d6:::
9e::::dd:2d::c5:a8:f2:c1::8b::f9:
:0a:7a::
publicExponent: (0x10001)
privateExponent:
:ca:1b::6f:c5:de:c2:bf:2f:b6::f7:ad:d8:
::fc::fd:0a:e0::6b::::ea::8c:
b0:7a:d3:d8::b7:fb::f1:4e::9d:bf::3a:
e0:f3:fa::d3::fd:b0:f5:cd:5c::d1::8c:
:e3:fb:c7:
prime1:
:f6:d7::c4:1a:2f:eb:0b:c4:::3b:fe:f6:
0d:c1:::ca:6c::fc:de:d7::ac::9d::
:fe:9b
prime2:
:ef:::::4d:ac::aa:ed:e9:a7:1d:5d:
b1:7d:1c:1a:ef::8f:2d:bc:8a:e7::f5:f8::
::
exponent1:
:f4:d2:c0:6f:b8:ed::fa:::2f::::
b3::9f:c0:6c:b8:::b1:df:b4::fd:2a::
:ec:2b
exponent2:
:b5::c1::bc:3d::f8:::db:f9:5c:c4:
:d8::fe:::7e:a6:b4:6a:::db::d0:
::
coefficient:
0a:::2f:e9:ca:b6::::3b:5a::ea:5e:
8d:::b9:7a:::c4::cb::0e::6b:1b:
e5:c4
writepri:
writepub:
Program ended with exit code:
2. 示例:从pem文件中获取公钥私钥方式一(利用了BIO)
void testReadRSAFromPEM()
{
RSA *pubkey = RSA_new();
RSA *prikey = RSA_new(); BIO *pubio;
BIO *priio; priio = BIO_new_file("/Users/cocoajin/Desktop/opriv.pem", "rb");
prikey = PEM_read_bio_RSAPrivateKey(priio, &prikey, NULL, NULL); pubio = BIO_new_file("/Users/cocoajin/Desktop/opub.pem", "rb");
pubkey = PEM_read_bio_RSAPublicKey(pubio, &pubkey, NULL, NULL); RSA_print_fp(stdout, pubkey, );
RSA_print_fp(stdout, prikey, ); RSA_free(pubkey);
BIO_free(pubio);
RSA_free(prikey);
BIO_free(priio); }
从目标路径读取公钥opub.pem和私钥opriv.pem
输出日志
Public-Key: ( bit)
Modulus:
:e6::f5:6f:4d:5e:c2:ad:0d:f5:::::
ca:6f::4f:3a:::e2:ee:a2:cc::::e2:
3d:0d:e3:0d:c0:6a:::b6:c7:de:e2:d6:::
9e::::dd:2d::c5:a8:f2:c1::8b::f9:
:0a:7a::
Exponent: (0x10001)
Private-Key: ( bit)
modulus:
:e6::f5:6f:4d:5e:c2:ad:0d:f5:::::
ca:6f::4f:3a:::e2:ee:a2:cc::::e2:
3d:0d:e3:0d:c0:6a:::b6:c7:de:e2:d6:::
9e::::dd:2d::c5:a8:f2:c1::8b::f9:
:0a:7a::
publicExponent: (0x10001)
privateExponent:
:ca:1b::6f:c5:de:c2:bf:2f:b6::f7:ad:d8:
::fc::fd:0a:e0::6b::::ea::8c:
b0:7a:d3:d8::b7:fb::f1:4e::9d:bf::3a:
e0:f3:fa::d3::fd:b0:f5:cd:5c::d1::8c:
:e3:fb:c7:
prime1:
:f6:d7::c4:1a:2f:eb:0b:c4:::3b:fe:f6:
0d:c1:::ca:6c::fc:de:d7::ac::9d::
:fe:9b
prime2:
:ef:::::4d:ac::aa:ed:e9:a7:1d:5d:
b1:7d:1c:1a:ef::8f:2d:bc:8a:e7::f5:f8::
::
exponent1:
:f4:d2:c0:6f:b8:ed::fa:::2f::::
b3::9f:c0:6c:b8:::b1:df:b4::fd:2a::
:ec:2b
exponent2:
:b5::c1::bc:3d::f8:::db:f9:5c:c4:
:d8::fe:::7e:a6:b4:6a:::db::d0:
::
coefficient:
0a:::2f:e9:ca:b6::::3b:5a::ea:5e:
8d:::b9:7a:::c4::cb::0e::6b:1b:
e5:c4
Program ended with exit code:
3. 示例:从pem文件中读取公钥私钥方式二(利用FILE)
void testPEMReadRSA()
{
RSA *pubkey = RSA_new();
RSA *prikey = RSA_new(); FILE *pubf = fopen("/Users/cocoajin/Desktop/opub.pem", "rb");
pubkey = PEM_read_RSAPublicKey(pubf, &pubkey, NULL, NULL); FILE *prif = fopen("/Users/cocoajin/Desktop/opriv.pem", "rb");
prikey = PEM_read_RSAPrivateKey(prif, &prikey, NULL, NULL); RSA_print_fp(stdout, pubkey, );
RSA_print_fp(stdout, prikey, ); fclose(pubf);
fclose(prif);
RSA_free(pubkey);
RSA_free(prikey); }
输出日志
Public-Key: ( bit)
Modulus:
:e6::f5:6f:4d:5e:c2:ad:0d:f5:::::
ca:6f::4f:3a:::e2:ee:a2:cc::::e2:
3d:0d:e3:0d:c0:6a:::b6:c7:de:e2:d6:::
9e::::dd:2d::c5:a8:f2:c1::8b::f9:
:0a:7a::
Exponent: (0x10001)
Private-Key: ( bit)
modulus:
:e6::f5:6f:4d:5e:c2:ad:0d:f5:::::
ca:6f::4f:3a:::e2:ee:a2:cc::::e2:
3d:0d:e3:0d:c0:6a:::b6:c7:de:e2:d6:::
9e::::dd:2d::c5:a8:f2:c1::8b::f9:
:0a:7a::
publicExponent: (0x10001)
privateExponent:
:ca:1b::6f:c5:de:c2:bf:2f:b6::f7:ad:d8:
::fc::fd:0a:e0::6b::::ea::8c:
b0:7a:d3:d8::b7:fb::f1:4e::9d:bf::3a:
e0:f3:fa::d3::fd:b0:f5:cd:5c::d1::8c:
:e3:fb:c7:
prime1:
:f6:d7::c4:1a:2f:eb:0b:c4:::3b:fe:f6:
0d:c1:::ca:6c::fc:de:d7::ac::9d::
:fe:9b
prime2:
:ef:::::4d:ac::aa:ed:e9:a7:1d:5d:
b1:7d:1c:1a:ef::8f:2d:bc:8a:e7::f5:f8::
::
exponent1:
:f4:d2:c0:6f:b8:ed::fa:::2f::::
b3::9f:c0:6c:b8:::b1:df:b4::fd:2a::
:ec:2b
exponent2:
:b5::c1::bc:3d::f8:::db:f9:5c:c4:
:d8::fe:::7e:a6:b4:6a:::db::d0:
::
coefficient:
0a:::2f:e9:ca:b6::::3b:5a::ea:5e:
8d:::b9:7a:::c4::cb::0e::6b:1b:
e5:c4
Program ended with exit code:
4. 在终端下使用openssl命令生成公钥私钥
//生成1024位的RSA私钥
openssl genrsa -out private.pem //再由私钥生成公钥
openssl rsa -in private.pem -pubout -out public.pem //私钥文件private.pem
//公钥文件public.pem
//上面私钥是没加密的,可选加密,指定一个加密算法生成时输入密码
以上测试使用openssl 1.1.0c
参考:https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_bio_RSAPublicKey.html