我想使用 .NET 为私钥和证书创建 PKCS#12(又名 PFX)容器openssl
。
我的密钥和证书包含在一个(未加密的)文件中:
$ cat d.pem
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIUTSuL1tniz4LhTFSX5wRZ1e848tYwDQYJKoZIhvcNAQEL
[...]
t+LT
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA0zDKJeOmZdsG
[...]
1PSc82v662N0NUTw0bELNGg=
-----END PRIVATE KEY-----
如果这些数据存储在文件中,我可以将其与 openssl 一起使用,但如果将其通过管道传输到 openssl 中则不能。
$ openssl pkcs12 -export -in d.pem -out test.p12
Enter Export Password:
Verifying - Enter Export Password:
$ cat d.pem |openssl pkcs12 -export -out test.p12
Could not read any certificates from -in file from <stdin>
根据联机帮助页,这应该有效:
-in filename|uri
This specifies the input filename or URI. Standard input is used by default. With the -export option this is a file with
certificates and a key, or a URI that refers to a key accessed via an engine. The order of credentials in a file doesn't matter
but one private key and its corresponding certificate should be present. If additional certificates are present they will also
be included in the PKCS#12 output file.
如何根据来自 stdin 的输入创建 PKCS#12 容器?
(我使用的是openssl v3.0.9)
答案1
看来你的同名在 github 上讨论过这个大约三年前。
关于解析组合证书和密钥文件的顺序的注释导致我交换它们,以便私钥位于文件中的第一个。
然后该命令将起作用:
$ cat combined.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy0sdzTQXcEfTB
41oXmyV0D71qH7peZ1y0HAJpzshlDIAlSHUvmWgQZTzlaEBeugCt1asOwFuG5mOl
X7hgyCWGBu8ZakxlfVD6QV3fmSjDEkHPb5Af2elkoHfu8Nh3kL2Rs4wWMVWu5NYR
lSvI6jJMfmSS7VuAP9xJVjLl3sgyRbXpuow8KrjCWTyMFhc9dfvD+lc5R/XX3AqO
AI8aatu4jcTLXF2BAVq8djFRHoF3gq1BZ9olYsE2jLFVD6yrd5z6oLpRLiclSWkR
yF0iM5GgQbiAcp7XZ9in1b6yodcVres73qwTWde3vp7kB6qWE/KcIwtCH52n7JiA
FoQA52J/AgMBAAECggEAUCWSSQYjczAFEAVS8rORhMQtM+xGfls7PGo1VrDcNhX1
NUCVbSEHeBm3wmYIO6yH82GJilICc6K81HjjTVVHJBvle/GdjfstmQxFA5tEnrGH
F268HNpw9a3KMyh1DJmtrSjYx3WTHpDntPezqRf2NTyM3SFO2ltE4wWkSEyiU40U
gVMCR80UBU7xBoArC8Kqu84BKeoSaA7OZWZN4Rs8S2CkY1I7ZOXWLPY0GsgBiEyf
dbo0penqBMECQLUall26zQJuUl8MqJiXEciXTejYEJr/svuQN0vHkryW0WqbdCU3
2zNpZkBBr1zBq9wp9TViJe2LHHA+CUmpiq5TVigW4QKBgQDn9SwyeXDazCoV5GxR
R+rYwUWXSjT9Aq/kP61f/JF36hNg/79SUbLdxK68O4VQOuegDOYsPUudyvRIFIQG
Ytdhw5DGiDPl/xKzZvjQ7Zl9R/C6WrcoxvlcUzXdjGtjKa7O5KCiNiaY66WH0lPz
fMiRqxAKHQENrRq7yaHzFjsgUQKBgQDFW7m7Ji8eN7LmbTlh3wH8TQ0rK4FXlhr3
qudIrPBlL92Qvc+6Ct+0eEkib39owHGIeVF4fz80PECp3wiVXx4o8ORUERhQXp5A
plwuFSM+eMN6DAK1ZGNOCcHQER4V4AzqgIIBYMxeRa8VVo5IpyUNtvz656Vek2VN
tL1So+zxzwKBgBBt+z1wAKBeybRXQ5zWPToxJl668Nni8NZ39C3SU/Nsbwb11nVc
OBEhN0c56A1wvqtFfqAvj0WT9I2OdnOFWMAh/AUz7Ikj8g0nBAS4b6DCEbkBZ+vJ
fCwf8LbKlWimsS0SYJZcw4sdVdIzAaNDeWln9nDg8Qwo8LXQaFoxfuqhAoGBAIs4
XHnHwt9HHV1tWVhQL59iX1K/utslWVqy5bqfvGk07dCIBXxQ5WPyomy3SKKFdtF1
+2HMKbLYeika23w7gBQTco5XDNbNGEe00zvyz0zndcWnqVV6Po8zVNRI7vcxeQsH
oi4EscYi1BJyX6aiugHFvwnj1QU1ZvX89LzSRHiDAoGAESfTselxhjz+mxks7j1x
bTdBKkz+AhN7WFt7pPpy1gczbsymx7DfND2jnNrShV2GNwVsTIcmQMK19is5kebM
1XqRUI7gfmj71FKC2MfYS2rSW45d5XOf3aaQnug3FIrmZ3q2W9nfXz7EKa+PhQvK
/jijehWfg0wNbIGHIqYvYYo=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID7zCCAtegAwIBAgIUXTKYiRPMvbjmSSqvbsWyUPjDDe4wDQYJKoZIhvcNAQEL
BQAwgYYxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcM
CENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFu
eVNlY3Rpb25OYW1lMR0wGwYDVQQDDBRDb21tb25OYW1lT3JIb3N0bmFtZTAeFw0y
MzA3MTAxMjE2MzRaFw0zMzA3MDcxMjE2MzRaMIGGMQswCQYDVQQGEwJYWDESMBAG
A1UECAwJU3RhdGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29t
cGFueU5hbWUxGzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFtZTEdMBsGA1UEAwwU
Q29tbW9uTmFtZU9ySG9zdG5hbWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCy0sdzTQXcEfTB41oXmyV0D71qH7peZ1y0HAJpzshlDIAlSHUvmWgQZTzl
aEBeugCt1asOwFuG5mOlX7hgyCWGBu8ZakxlfVD6QV3fmSjDEkHPb5Af2elkoHfu
8Nh3kL2Rs4wWMVWu5NYRlSvI6jJMfmSS7VuAP9xJVjLl3sgyRbXpuow8KrjCWTyM
Fhc9dfvD+lc5R/XX3AqOAI8aatu4jcTLXF2BAVq8djFRHoF3gq1BZ9olYsE2jLFV
D6yrd5z6oLpRLiclSWkRyF0iM5GgQbiAcp7XZ9in1b6yodcVres73qwTWde3vp7k
B6qWE/KcIwtCH52n7JiAFoQA52J/AgMBAAGjUzBRMB0GA1UdDgQWBBTQYP2RwN9N
qQ7+btR0jkO7Ggu/lTAfBgNVHSMEGDAWgBTQYP2RwN9NqQ7+btR0jkO7Ggu/lTAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCWuciptdgAb/o13oY+
45tkEE3WpuB9iD61OOe1PsnMvivQnJDFxD6zHm2LFoXYcu/wHVzOPrzYO/8dOGuu
EFeIAevdrPYPMOumotLVcHyIPbS8Vyp+AbQ+owk3bl8FfdqUyr5FnVxwNfJ/YM69
++opiqPHo92WSv+d04MGLsx7swoLGyFV8JMmldC4vPfrqODHqoki6DD9FH8iPZ5p
suB+xIPHoVTmLM9oh2zQVeXygwJGLG7smsfSoQNQWTaUoSNnb1eLMcm1vhtkwuh7
GYkxmJPzofpPxGX5unoq0pr53vgt38xauhxP3kWx04VMcs1dRwixhBEP8YNof5k0
R/3a
-----END CERTIFICATE-----
$ cat combined.pem | openssl pkcs12 -export -out combined.p12
Enter Export Password:
Verifying - Enter Export Password:
$ ls -lh combined.p12
-rw------- 1 gareth gareth 2.6K Jul 10 13:44 combined.p12