1. summary

In public key cryptography （ Also known as Asymmetric cryptography ） in , The encryption mechanism relies on two related keys , A public key and a private key . The public key is used to encrypt messages , Only the owner of the private key can decrypt the message .

In this tutorial , We'll learn how to learn from PEM Read the public key and private key from the file .

First , We will study some important concepts about public key cryptography . then , We will learn how to parse PEM file .

2. Concept

Before we start , Let's start with some key concepts .

X.509 Is the standard for defining the format of public key certificates . therefore , This format describes the public key in other information .

DER Is the most popular encoding format , Used to store... In a file X.509 certificate 、PKCS8 Private key and other data . This is a binary code , The generated content cannot be viewed using a text editor .

PKCS8 Is the standard syntax for storing private key information . You can choose to use a symmetric algorithm to encrypt the private key .

This standard can not only deal with RSA Private key , You can also handle other algorithms .PKCS8 The private key is usually passed through PEM Code format for exchange .

PEM yes DER Certificate base-64 Coding mechanism .PEM Other types of data can also be encoded , For example, public key / Private key and certificate request .

PEM The file also contains headers and footers that describe the encoded data types , Examples are as follows ：

-----BEGIN RSA PRIVATE KEY-----

...Base64 encoding of the DER encoded certificate...

-----END RSA PRIVATE KEY-----

3： analysis PEM certificate

1： Example certificate ：

-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQDnsN1F66mF6h6y/XpyN+ZU/w5AyeWBjZNIqi33/ATn4qQpw+kD

HrKyF7sQ/RNw6tibM90iM6VOA14305umPbPROJJs3JoB6Lao74SUm58aO9T+Ct7r

O52E+3r5jyDQicdRl6lIhLigNADXPD/KoNwfrRrCyw4wTHMZhSHc8eUHeQIDAQAB

AoGABVTIgqddiztL4Yp7ms02e5Yy2cLLiSOc0/s2e5JM+pj4dg2P+wZlzjtFjqqE

HAELYubam8LcduMU8+vmlPiufoK9fo47fLsX1PFCY9TDKL1dFlZgBAmJU7hR27h/

gCo4r3PMub/snq7n+skrbarZbX1J6Q1o5UYKFIrrIjNObEECQQD0DIzIdMObPUUu

W+JXg10kz/ayYn3irxZmp5ngc+b9WZfSOPehZBsLWsIb1eC7y9DZMhZfBQ/sPaO8

0tvqJMUFAkEA8wlj3B3zK20pK+Hj+vFiAlaQmqILTSfv/9jMm8tbVfXt+bHrmZdN

jruGVQDb7V2pW9HeG5PgDB3vKXeOiVfC5QJAYikKFzaf1rj2ModSqtBzjnL3Txi+

eYbjA7c19UmpBw4aOrwfHhMdrZt7p6aHFgIMps+2n9Fxbhv8194YBj1z4QJAPONW

XFg4iuGvVeoi9sSwvEs5sTP1xt/BlgSXxlRdTpztgQgdMX6hlKfQkM1FTCOSAYoD

rj8O+5ooR+hHEoulLQJBAOtaMvMWIOG7mARngpwqfJ07L41/T0ITHteiiYJfCurz

kLVCx1XA3MlN+u5gn7osUHMbah0Ze3uakSZ6za3mL5Y=

-----END RSA PRIVATE KEY-----

analysis ：

1） Delete header 、 Footer and new line .

2） take Base64 The encoded string is decoded into its corresponding binary format .

After analysis 16 Hexadecimal data ：

3082025C02010002818100E7B0DD45EBA985EA1EB2FD7A7237E654FF0E40C9E5818D9348AA2DF7FC04E7E2A429C3E9031EB2B217BB10FD1370EAD89B33DD2233A54E035E37D39BA63DB3D138926CDC9A01E8B6A8EF84949B9F1A3BD4FE0ADEEB3B9D84FB7AF98F20D089C75197A94884B8A03400D73C3FCAA0DC1FAD1AC2CB0E304C73198521DCF1E5077902030100010281800554C882A75D8B3B4BE18A7B9ACD367B9632D9C2CB89239CD3FB367B924CFA98F8760D8FFB0665CE3B458EAA841C010B62E6DA9BC2DC76E314F3EBE694F8AE7E82BD7E8E3B7CBB17D4F14263D4C328BD5D16566004098953B851DBB87F802A38AF73CCB9BFEC9EAEE7FAC92B6DAAD96D7D49E90D68E5460A148AEB22334E6C41024100F40C8CC874C39B3D452E5BE257835D24CFF6B2627DE2AF1666A799E073E6FD5997D238F7A1641B0B5AC21BD5E0BBCBD0D932165F050FEC3DA3BCD2DBEA24C505024100F30963DC1DF32B6D292BE1E3FAF1620256909AA20B4D27EFFFD8CC9BCB5B55F5EDF9B1EB99974D8EBB865500DBED5DA95BD1DE1B93E00C1DEF29778E8957C2E5024062290A17369FD6B8F6328752AAD0738E72F74F18BE7986E303B735F549A9070E1A3ABC1F1E131DAD9B7BA7A68716020CA6CFB69FD1716E1BFCD7DE18063D73E102403CE3565C58388AE1AF55EA22F6C4B0BC4B39B133F5C6DFC1960497C6545D4E9CED81081D317EA194A7D090CD454C2392018A03AE3F0EFB9A2847E847128BA52D024100EB5A32F31620E1BB980467829C2A7C9D3B2F8D7F4F42131ED7A289825F0AEAF390B542C755C0DCC94DFAEE609FBA2C50731B6A1D197B7B9A91267ACDADE62F96

Parsing data ：

3082025C# Label header , The type is SEQUENCE (sequence Sequence ), This tag header has a total of 4 byte . notes （ Not sure ）：3082 It should mean Private key

# Here is a total of 604 byte (0x025c)

020100 # integer length by 0 (0x00), Content ：version

028181 # integer length by 129 byte (0x81), Content ： modulus n (modulus)

00e7b0dd45eba985ea1eb2fd7a7237e654ff0e40c9e5818d9348aa2df7fc04e7e2a429c3e9031eb2b217bb10fd1370ead89b33dd2233a54e035e37d39ba63db3d138926cdc9a01e8b6a8ef84949b9f1a3bd4fe0adeeb3b9d84fb7af98f20d089c75197a94884b8a03400d73c3fcaa0dc1fad1ac2cb0e304c73198521dcf1e50779

0203 # integer length by 3 byte (0x03), Content ：e ( Public key index )

010001

028180 # integer length by 128 byte (0x80), Content ：d ( Private key index )

0554c882a75d8b3b4be18a7b9acd367b9632d9c2cb89239cd3fb367b924cfa98f8760d8ffb0665ce3b458eaa841c010b62e6da9bc2dc76e314f3ebe694f8ae7e82bd7e8e3b7cbb17d4f14263d4c328bd5d16566004098953b851dbb87f802a38af73ccb9bfec9eaee7fac92b6daad96d7d49e90d68e5460a148aeb22334e6c41

0241 # integer length by 65 byte (0x41), Content ：p ( prime number )

00f40c8cc874c39b3d452e5be257835d24cff6b2627de2af1666a799e073e6fd5997d238f7a1641b0b5ac21bd5e0bbcbd0d932165f050fec3da3bcd2dbea24c505

0241 # integer length by 65 byte (0x41), Content ：q ( prime number )

00f30963dc1df32b6d292be1e3faf1620256909aa20b4d27efffd8cc9bcb5b55f5edf9b1eb99974d8ebb865500dbed5da95bd1de1b93e00c1def29778e8957c2e5

0240 # integer length by 64 byte (0x40), Content ：d mod(p-1)

62290a17369fd6b8f6328752aad0738e72f74f18be7986e303b735f549a9070e1a3abc1f1e131dad9b7ba7a68716020ca6cfb69fd1716e1bfcd7de18063d73e1

0240 # integer length by 64 byte (0x40), Content ：d mod(q-1)

3ce3565c58388ae1af55ea22f6c4b0bc4b39b133f5c6dfc1960497c6545d4e9ced81081d317ea194a7d090cd454c2392018a03ae3f0efb9a2847e847128ba52d

0241 # integer length by 65 byte (0x41), Content ：(1/q)mod p < namely (q**-1)mod p>

00eb5a32f31620e1bb980467829c2a7c9d3b2f8d7f4f42131ed7a289825f0aeaf390b542c755c0dcc94dfaee609fba2c50731b6a1d197b7b9a91267acdade62f96

Through the above analysis, you can obtain the RSA secret key .