Skip to content

Latest commit

 

History

History
119 lines (102 loc) · 3.62 KB

201604271353.txt.md

File metadata and controls

119 lines (102 loc) · 3.62 KB

标题: 用指定数据(p、q、e)生成PEM文件

http://scz.617.cn/misc/201604271353.txt

openssl的genrsa不能任意指定e,只有3和65537两种选择。numbits必须不小于32。

帮助里所谓的F4是指第4个(从0计)费马素数:

F0=2^(2^0)+1=3 F1=2^(2^1)+1=5 F2=2^(2^2)+1=17 F3=2^(2^3)+1=257 F4=2^(2^4)+1=65537

openssl的genpkey可以任意指定e。numbits必须不小于256。

有时你想用指定数据生成PEM文件,而不是让openssl替你生成p、q。比如你想用这组 数据:


p=17 q=19 n=pq=323 φ(n)=(p-1)(q-1)=288 e=11 d=e^(-1)(mod φ(n))=131 d mod (p-1)=3 d mod (q-1)=5 (inverse of q) mod p=9

如果写C程序,没什么好说的。下面介绍一种奇技淫巧,只靠openssl命令达成目标。

$ vi privatekey.conf


asn1=SEQUENCE:any

[any] version=INTEGER:0 n=INTEGER:323 e=INTEGER:11 d=INTEGER:131 p=INTEGER:17 q=INTEGER:19 d_mod_p_1=INTEGER:3 d_mod_q_1=INTEGER:5 inverse_q_p=INTEGER:9

$ openssl asn1parse -genconf privatekey.conf -out privatekey.der 0:d=0 hl=2 l= 29 cons: SEQUENCE 2:d=1 hl=2 l= 1 prim: INTEGER :00 5:d=1 hl=2 l= 2 prim: INTEGER :0143 9:d=1 hl=2 l= 1 prim: INTEGER :0B 12:d=1 hl=2 l= 2 prim: INTEGER :83 16:d=1 hl=2 l= 1 prim: INTEGER :11 19:d=1 hl=2 l= 1 prim: INTEGER :13 22:d=1 hl=2 l= 1 prim: INTEGER :03 25:d=1 hl=2 l= 1 prim: INTEGER :05 28:d=1 hl=2 l= 1 prim: INTEGER :09 $ openssl rsa -in privatekey.der -inform DER -text -noout -check Private-Key: (9 bit) modulus: 323 (0x143) publicExponent: 11 (0xb) privateExponent: 131 (0x83) prime1: 17 (0x11) prime2: 19 (0x13) exponent1: 3 (0x3) exponent2: 5 (0x5) coefficient: 9 (0x9) RSA key ok $ openssl rsa -in privatekey.der -inform DER -out privatekey.pem -outform PEM

$ openssl asn1parse -i -dump -in privatekey.pem 0:d=0 hl=2 l= 29 cons: SEQUENCE 2:d=1 hl=2 l= 1 prim: INTEGER :00 5:d=1 hl=2 l= 2 prim: INTEGER :0143 9:d=1 hl=2 l= 1 prim: INTEGER :0B 12:d=1 hl=2 l= 2 prim: INTEGER :83 16:d=1 hl=2 l= 1 prim: INTEGER :11 19:d=1 hl=2 l= 1 prim: INTEGER :13 22:d=1 hl=2 l= 1 prim: INTEGER :03 25:d=1 hl=2 l= 1 prim: INTEGER :05 28:d=1 hl=2 l= 1 prim: INTEGER :09 $ openssl rsa -in privatekey.pem -inform PEM -text -noout -check Private-Key: (9 bit) modulus: 323 (0x143) publicExponent: 11 (0xb) privateExponent: 131 (0x83) prime1: 17 (0x11) prime2: 19 (0x13) exponent1: 3 (0x3) exponent2: 5 (0x5) coefficient: 9 (0x9) RSA key ok

$ cat privatekey.pem -----BEGIN RSA PRIVATE KEY----- MB0CAQACAgFDAgELAgIAgwIBEQIBEwIBAwIBBQIBCQ== -----END RSA PRIVATE KEY-----

$ openssl rsa -pubout -in privatekey.pem -out publickey.pem $ openssl asn1parse -i -dump -in publickey.pem $ openssl asn1parse -i -dump -strparse 17 -in publickey.pem 0:d=0 hl=2 l= 7 cons: SEQUENCE 2:d=1 hl=2 l= 2 prim: INTEGER :0143 6:d=1 hl=2 l= 1 prim: INTEGER :0B $ openssl rsa -pubin -in publickey.pem -inform PEM -text -noout Public-Key: (9 bit) Modulus: 323 (0x143) Exponent: 11 (0xb)

$ cat publickey.pem -----BEGIN PUBLIC KEY----- MBswDQYJKoZIhvcNAQEBBQADCgAwBwICAUMCAQs= -----END PUBLIC KEY-----

别问我为什么有这个需求,你又不是上帝。