如何将私钥转换为 RSA 私钥?

让我先解释一下我的问题。我从 CA 购买了一个证书,并使用以下格式生成了 csr 和私钥:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

当我打开 server.KEY 文件时,我看到它以“——-BEGIN PRIVATE KEY ——”开头

我在服务器上使用 SSL 证书,一切看起来都很正常。

现在,我想上传相同的证书到 AWS IAM,以便我可以使用它的 bean 跟踪负载平衡器。我使用这个 aws 文档 http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth中的以下命令

iam-servercertupload -b public_key_certificate_file  -k privatekey.pem -s certificate_object_name

我根据需要更改了 cert 文件名,但是仍然得到这个错误: “400 Malformed證书无效私钥”

有趣的是,在 aws 文档页面上,他们显示的示例私钥以“————-Begin RSA Private Key ——”开头

有没有办法使用 openssl 将我的私钥转换成 RSA 私钥?

207281 次浏览
小开
最佳答案

Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:

openssl rsa -in server.key -out server_new.key

Alternately, if you have a PKCS1 key and want PKCS8:

openssl pkcs8 -topk8 -nocrypt -in privkey.pem
小开

This may be of some help (do not literally write out the backslashes '\' in the commands, they are meant to indicate that "everything has to be on one line"):

Which Command to Apply When

It seems that all the commands (in grey) take any type of key file (in green) as "in" argument. Which is nice.

Here are the commands again for easier copy-pasting:

openssl rsa                                                -in $FF -out $TF
openssl rsa -aes256                                        -in $FF -out $TF
openssl pkcs8 -topk8 -nocrypt                              -in $FF -out $TF
openssl pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -in $FF -out $TF

and 

openssl rsa -check -in $FF
openssl rsa -text  -in $FF
小开

To Convert BEGIN OPENSSH PRIVATE KEY to BEGIN RSA PRIVATE KEY:

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

提交答案