我通过命令生成了一个受密码保护的密钥openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 --out ca.key -text -aes-256-cbc
。密码是“rrrr”(此示例是一次性的),输出为:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAi+VEL8/UzdpQICCAAw
DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEHpyCWa1fjYAkJj3lrmvSHQEgZDK
VPcbj7CDX0tqL+ZmorVz9xpUzdQvYZOSD+G292+QCDBytOy30ZRGjyDWFlwESSVq
R1S8kmyAQn1PIfqF9ZcubnNxCv3i9Qd7Md7GXet+1NkuoZ9EbtLnXBYW6Wb7v4Uv
q6UR+SxrydElw2zwG4QZrgOe3pWLRBaR5bvihc+aGMALPxq44hHJKuxWxqRMSuM=
-----END ENCRYPTED PRIVATE KEY-----
Private-Key: (256 bit)
priv:
3a:e6:80:81:fb:41:c6:33:4c:b3:e5:2d:51:2b:d3:
e7:7f:ab:31:c6:f1:aa:de:b3:c1:9c:e2:08:1d:a5:
59:70
pub:
04:a9:e0:86:90:b7:e3:f2:d5:34:f2:4d:37:fe:bb:
5f:fb:85:a9:f0:da:88:b5:5c:12:05:26:f1:29:16:
1b:09:01:1f:a2:aa:54:82:02:1e:3e:f8:f8:df:30:
3f:5a:2c:50:9b:93:35:fc:e0:63:c4:71:b8:ad:d6:
5f:11:9a:ce:0d
ASN1 OID: prime256v1
NIST CURVE: P-256
这里的“priv”是什么意思?它是明文形式的私钥吗?那会令人震惊。它是某种哈希吗?
答案1
是的,就是私钥。
-text
这是因为您已将openssl genpkey
(1)命令。
-text
打印私钥、公钥和参数的(未加密)文本表示以及 PEM 或 DER 结构。
请删除它:
$ openssl genpkey -algorithm ec \
-pkeyopt ec_paramgen_curve:P-256 \
--out ca.key -aes-256-cbc
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
现在,ca.key
最后没有文本输出:
$ cat ca.key
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAi+VEL8/UzdpQICCAAw
DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEHpyCWa1fjYAkJj3lrmvSHQEgZDK
VPcbj7CDX0tqL+ZmorVz9xpUzdQvYZOSD+G292+QCDBytOy30ZRGjyDWFlwESSVq
R1S8kmyAQn1PIfqF9ZcubnNxCv3i9Qd7Md7GXet+1NkuoZ9EbtLnXBYW6Wb7v4Uv
q6UR+SxrydElw2zwG4QZrgOe3pWLRBaR5bvihc+aGMALPxq44hHJKuxWxqRMSuM=
-----END ENCRYPTED PRIVATE KEY-----
不过,您仍然可以通过密码获取它:
$ openssl pkey --in ca.key --text
Enter pass phrase for ca.key:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOuaAgftBxjNMs+Ut
USvT53+rMcbxqt6zwZziCB2lWXChRANCAASp4IaQt+Py1TTyTTf+u1/7hanw2oi1
XBIFJvEpFhsJAR+iqlSCAh4++PjfMD9aLFCbkzX84GPEcbit1l8Rms4N
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
3a:e6:80:81:fb:41:c6:33:4c:b3:e5:2d:51:2b:d3:
e7:7f:ab:31:c6:f1:aa:de:b3:c1:9c:e2:08:1d:a5:
59:70
pub:
04:a9:e0:86:90:b7:e3:f2:d5:34:f2:4d:37:fe:bb:
5f:fb:85:a9:f0:da:88:b5:5c:12:05:26:f1:29:16:
1b:09:01:1f:a2:aa:54:82:02:1e:3e:f8:f8:df:30:
3f:5a:2c:50:9b:93:35:fc:e0:63:c4:71:b8:ad:d6:
5f:11:9a:ce:0d
ASN1 OID: prime256v1
NIST CURVE: P-256