RSA的私钥和公钥,以及用openssl制作的方法

作者: 李佶澳   转载请保留:原文地址   发布时间:2018/01/23 16:57:21

RSA原理

RSA加密算法,在RSA算法原理中介绍的很明白。

简而言之,一共有个六个数字:

p       :质数,随机选取
q       :质数,随机选取
n       :大数,=p*q,n的位数就是加密的强度
φ(n)    :大数的欧拉函数价,=(p-1)*(q-1)
e       :在区间( 1, φ(n) )中随机选择的一个与φ(n)质的数
d       :通过φ(n)和e计算出的,e*d ≡ 1 (mod φ(n))

公钥是(n,e),私钥是(n,d)。

用公钥加密的过程:

m^e ≡ c (mod n)      //m是明文,c是密文,通过m、e、n计算出c,m必须小于n

用私钥解密的过程:

c^d ≡ m (mod n)     //m是明文,c是密文,通过c、d、n计算出m,m是小于n的数

RSA算法的加密强度取决于φ(n)的计算难度,私钥中的d就是通过e和φ(n)计算出来的。

根据欧拉公式,将n分解为两个质数后,就可以求的φ(n):

φ(n)=(p-1)*(q-1)

而大数的质因数分解是非常困难的,除了暴力破解,至今没有别的有效方法。

用opensssl制作

生成私钥,加密强度为1024:

openssl genrsa -out rsa_private_key.pem 1024

生成公钥:

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

私钥和公钥不可以颠倒使用!

用公钥的加密的内容,可以用私钥解密,用私钥加密的内容,也可以用公钥解密。

但是私钥文件和公钥文件不可以颠倒使用,因为私钥文件中包含的信息超出了解密的需要。

如下面命令输出所示:

$ openssl rsa -in rsa_private_key.pem -text -noout

Private-Key: (1024 bit)
modulus:                                             <<-- 大数n
    00:be:6e:a6:ae:00:d8:db:cf:9f:fb:d7:05:45:5a:
    b4:b7:b9:8e:a8:33:cb:d4:b8:0a:9f:3b:2f:cb:d6:
    06:be:e0:19:fc:f2:be:32:ed:b3:93:7d:95:47:51:
    79:06:d4:65:e2:e4:6c:f3:22:a9:32:9f:2f:6a:b0:
    33:bc:37:d4:18:c0:f0:bf:0e:74:f0:bf:4d:6c:53:
    0a:a9:bd:fb:2f:29:40:c8:6d:a8:c9:21:94:cc:d3:
    e7:c8:9b:32:29:28:4a:36:15:08:dd:c5:f5:41:98:
    7b:ce:f4:17:e1:e8:ea:ae:81:8f:43:91:e8:75:60:
    6b:d1:c6:9d:5a:8e:10:5e:9b
publicExponent: 65537 (0x10001)                      <<-- e
privateExponent:                                     <<-- d
    0d:11:28:ac:cd:f0:13:7d:36:bc:20:30:03:67:4a:
    f9:44:69:4e:8f:67:50:2c:64:c6:32:58:80:43:2a:
    69:54:95:53:ef:10:30:0c:71:83:10:5d:fa:eb:d3:
    43:2d:b5:e4:10:ca:8d:10:76:cd:bb:70:94:80:8c:
    bc:40:94:74:14:0b:26:06:78:2c:cb:06:a4:01:54:
    e7:4a:49:07:9f:03:fd:66:31:5b:9d:81:4f:23:a5:
    78:b8:2a:2e:b6:72:74:23:f1:a0:a0:88:bf:34:8d:
    d4:be:c0:09:4b:39:a4:66:2d:52:0d:e1:68:99:22:
    b9:b0:96:10:3b:34:5a:d9
prime1:                                              <<-- 质数p
    00:e7:9d:16:98:a9:77:64:b6:41:22:5b:75:dd:40:
    82:ca:e7:6d:41:4b:77:76:ef:33:f7:37:49:c7:94:
    f8:ae:98:ef:21:ce:e3:26:17:67:fe:65:1b:ff:e6:
    52:2a:bb:cd:fd:71:ca:c6:47:a7:38:6a:2b:af:cf:
    dd:f3:47:9a:cf
prime2:                                              <<-- 质数q
    00:d2:7b:8f:51:f9:f7:e4:0b:4c:35:95:d5:b5:c9:
    c3:a6:27:eb:87:84:aa:98:17:d0:06:d6:63:4b:73:
    5a:e8:2d:92:69:97:31:52:6c:c0:4f:2b:be:b4:64:
    1c:2a:a1:e3:ff:b8:21:00:b6:ec:2e:c3:27:2e:70:
    fd:b3:0f:02:75
exponent1:                                           <<-- d mod (p-1)
    00:ce:01:6f:de:bb:24:a1:a4:65:8c:9c:92:da:07:
    0e:0e:51:07:61:43:31:6f:cc:d4:88:b7:59:5d:36:
    48:76:6b:3a:8e:f4:88:1f:12:44:82:06:06:80:76:
    a8:70:af:f8:48:cb:d4:92:c5:9a:9b:57:fb:a1:75:
    9e:b1:4a:e8:0b
exponent2:                                           <<-- d mode (q-1)
    00:8e:4f:08:29:ae:ce:51:9a:e9:dd:d8:fe:73:38:
    85:55:93:ec:04:e6:47:c9:29:60:77:1f:00:67:85:
    08:d3:ad:ec:2e:04:11:4e:df:44:6e:c2:ee:df:5c:
    48:46:f2:ca:0a:9d:5d:82:f4:2a:5f:bb:86:84:39:
    d4:ed:f9:99:f9
coefficient:                                         <<-- q - 1 mod p
    32:9c:86:32:ed:9e:74:ad:c3:38:8a:46:7b:6f:ac:
    97:94:ec:2c:55:80:4f:20:76:26:07:1a:f3:ea:20:
    5e:51:99:37:4f:e4:1c:e4:a0:d3:93:6d:b1:00:18:
    a4:29:92:e6:c1:b1:a8:b9:4e:2e:3d:44:f7:b0:9f:
    df:8b:7b:7f

私钥文件中包含了所有信息,而不是只有n和d,虽然解密的时候只需要n和d!

因此,公钥和私钥不可颠倒使用!

公钥文件中只包含了加密时需要的n和e。

$ openssl rsa -in rsa_public_key.pem -pubin -text -noout
Public-Key: (1024 bit)
Modulus:
    00:be:6e:a6:ae:00:d8:db:cf:9f:fb:d7:05:45:5a:
    b4:b7:b9:8e:a8:33:cb:d4:b8:0a:9f:3b:2f:cb:d6:
    06:be:e0:19:fc:f2:be:32:ed:b3:93:7d:95:47:51:
    79:06:d4:65:e2:e4:6c:f3:22:a9:32:9f:2f:6a:b0:
    33:bc:37:d4:18:c0:f0:bf:0e:74:f0:bf:4d:6c:53:
    0a:a9:bd:fb:2f:29:40:c8:6d:a8:c9:21:94:cc:d3:
    e7:c8:9b:32:29:28:4a:36:15:08:dd:c5:f5:41:98:
    7b:ce:f4:17:e1:e8:ea:ae:81:8f:43:91:e8:75:60:
    6b:d1:c6:9d:5a:8e:10:5e:9b
Exponent: 65537 (0x10001)

并且,e一般都默认使用65537,即使私钥文件中只有(n, d),也不能互换。

参考

  1. RSA算法原理
  2. 如何使用openssl生成RSA公钥和私钥对
  3. OPENSSL中RSA私钥文件(PEM格式)

欢迎加微信,最好备注姓名和方向

QQ交流群

区块链实践互助QQ群:576555864

Kubernetes实践互助QQ群:947371129

Prometheus实践互助QQ群:952461804

API网关Kong实践互助QQ群:952503851

Ansible实践互助QQ群:955105412

Copyright @2011-2018 All rights reserved. 转载请添加原文连接,合作请加微信lijiaocn或者发送邮件: lijiaocn@foxmail.com,备注网站合作 友情链接: lijiaocn github.com