...

cryptography证书私钥公钥PEM格式解析

PEM格式

PEM,即Privacy Enhanced Mail,直译为保密邮件,是一种数字证书、私钥、公钥等的文本表示格式。
想对应的,DER,即Distinguished Encoding Rules,可分辨编码规则,是一种是一种数字证书、私钥、公钥等二进制表示格式。

PEM包含DER格式内容,也可以说是证书/私钥/公钥DER格式的按Bas64编码后,并添加标识的文本内容。

DER = 证书/私钥/公钥 按ASN.1编码 --> 转二进制
PEM = 标识头(---BEGIN XXX---)  + DER格式 按Base64编码转文本(按长度64换行) + 标识尾(---END XXX---)

PEM格式于DER格式的关系如下图。

image

注意:编码格式(PEM/DER)和文件扩展名(.cer/.crt/.key/.pem/.der)请勿混淆。
一般无法通过文件扩展名来准确的判断是PEM格式还是DER格式,内容证书、私钥、公钥还是其他;
一般.cer.crt的二进制文件推测为DER格式的证书,.der推测为DER格式,内容可能是证书、私钥或是其他;
一般.pem.cer,.crt,.key的文本文件可根据响应PEM标识推测其内容、格式及加密/未加密。

除了明显PEM格式文件的扩展名通常是.pem.cer,.crt,.key等多种;
DER格式文件扩展名通常为.der,也可以是.cer.crt等,主要通过文件内容格式判断(是否文本格式,是否有PEM标识)是PEM还是DER格式。

常见PEM格式标识

  • 数字证书
    • X.509证书: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
    • X.509证书签名请求(CSR): -----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----
    • X.509证书吊销列表(CRL):-----BEGIN X509 CRL----- ... -----END X509 CRL-----
  • 私钥(支持加密)
    • 传统OPENSSL格式: (PKCS#1格式及PKCS#13格式)
      • PKCS#1格式RSA私钥:-----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
      • PKCS#1格式RSA加密私钥:-----BEGIN RSA PRIVATE KEY----- Proc-Type: ... DEK-Info: ... ... -----END RSA PRIVATE KEY-----
      • PKCS#13格式EC(椭圆曲线)私钥:-----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY-----
    • PKCS#8格式(通用私钥格式)
      • PKCS#8格式私钥:-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----
      • PKCS#8格式加密私钥:-----BEGIN ENCRYPTED PRIVATE KEY----- ... -----END ENCRYPTED PRIVATE KEY-----
    • OpenSSH格式
      • OpenSSH格式私钥:-----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY-----
  • 公钥
    • PKCS#1格式(仅RSA公钥):-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
    • X.509证书扩展标准公钥格式:-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----
  • 其他:
    • PKCS#7格式:-----BEGIN PKCS7----- ... -----BEGIN PKCS7-----
    • PKCS#12格式:-----BEGIN PKCS12----- ... -----BEGIN PKCS12-----

常见PEM格式示例

PEM格式X.509证书

PEM格式X.509证书:

-----BEGIN CERTIFICATE-----
MIICeDCCAh6gAwIBAgIDCQiGMAoGCCqGSM49BAMCMIGKMQswCQYDVQQGEwJDTjEQ
MA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEfMB0GA1UEChMWd3gt
b3JnMS5jaGFpbm1ha2VyLm9yZzESMBAGA1UECxMJcm9vdC1jZXJ0MSIwIAYDVQQD
ExljYS53eC1vcmcxLmNoYWlubWFrZXIub3JnMB4XDTIyMDYxMDA3MTczNloXDTI3
MDYwOTA3MTczNlowgZExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw
DgYDVQQHEwdCZWlqaW5nMR8wHQYDVQQKExZ3eC1vcmcxLmNoYWlubWFrZXIub3Jn
MQ8wDQYDVQQLEwZjbGllbnQxLDAqBgNVBAMTI2NsaWVudDEuc2lnbi53eC1vcmcx
LmNoYWlubWFrZXIub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKQK43j7b
gR5l7w6lksM39GPKouVG1APdU2dRSElnGleAwSE6462wcCec/z/X9oLltEH+N7J+
PU6QqNlfdBhdHaNqMGgwDgYDVR0PAQH/BAQDAgbAMCkGA1UdDgQiBCAQI/im5dGN
IruXfy+9prPBpczEAv2pS33Sgf+XZdr8azArBgNVHSMEJDAigCBRi9kSGe5qMbTj
pim5j+50x7ezC5oDQVzXHSLlNIF6czAKBggqhkjOPQQDAgNIADBFAiEApxk8gCH0
uvnkjjO+uI80fWUBmHIkJ2GRIUD1tvyf0FACIDhPPc0j2DjsAg61hlD5682/jwqV
ne776zZIIkR4uZ2r
-----END CERTIFICATE-----

PEM格式证书吊销列表

-----BEGIN X509 CRL-----
MIIBfDBmAgEBMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMMEmNyeXB0b2dyYXBo
eS5pbyBDQRcNMjEwOTExMDg0OTI3WhcNMjEwOTEyMDg0OTI3WjAVMBMCAgFNFw0y
MTA5MTEwODQ5MjdaMA0GCSqGSIb3DQEBCwUAA4IBAQCmO+pCzndqgeZBgfMNUsk4
SSVQg+lJ5WPm/cpFiR2UtKkwjKb60Gy4/zTDULojQVCzSdHfEUd+84JNMRzXrAqO
OEIr9S1xcyR3zrDVyciJOqxNxx+bMo0mpj4B7LMo3X4Xt02WZZEFuEwf7aICKl2r
uuas6HQ/jEtwRiEGFLeBN5+TcB5qW+ri/hNLJbfFRBoGSB6mvIysxgDi+7/6EIQn
H5o8H8AD5BoQ28jtB9H9u2JX5/oJivWorpiVFd2oOaNx2frc7Emchz0a7G9LpL3H
qS3QyRJyXqgRPXloFiKhOBRoO7lORGs+92pSBAwYaaWm38mmetzkBKIhMY8dWN4M
-----END X509 CRL-----

PEM格式私钥

RSA私钥

PEM格式RSA私钥-PKCS#1格式-无加密

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA57b1SHQKXl47qa/35WaX3UNI/UTBIPxcJjJIW84hYBOMDWGw
BQHE1n+l+b9FctQXRIpB/DBPasRvg8YfUSN05Rexv3/s+Z/nIXXlVaatwBV+tCb9
7iqKurYJpMuxJmOhe68ENgFGZkUfAMvByHfPVfzKg2y8gZmsxyfPnZ0dPZpm/xSz
dceNI49iWLFvCARkKEjuO0rjL8tqk3cxY5uTDSov68UEbyhQOYTodLlByY9uwzQO
F74TUWV7ZiEfDoFwaiJi7Q+60wQm9oPS/XeoE97IfA9tEKe7kKmBQZxoI8vyStPU
Q1WEFn+wtcB67pS9dEpTRWBgmQYtLtkq4lcHRQIDAQABAoIBAQCcJrKzaefW4oAo
gTp4sKOk64QTkbLozMg4wWf73jSlr2aRWgSpyyBgQNOUM67UjFNF0DpZfiD23Xwc
/HX8Uv2iqU4StF35dyXmabHr/5BVwuaI90Hmr2qgGq7zDIXMThXz6OTYlBFiODCF
c8qakwr5cory+GMsn2hNKeoC2G9tJAirf+5Bj5xDx5JTwtggUr5NUR37fyeAa2Wh
atqY5cb2k3MEqr6p1zZZ5GLNADvgzXWK+XeDNA/x8AqwHM6ETpljwBd8Rx5EHwjd
6tj7K1oBW43s5lMBe4K0cOgLAGpK48Ck0DZ++8CovqQSQUe7OsIY1MX5ZSrwpKuh
vyjiDMehAoGBAP7rtxozJkhXP899UZsB9q5QuRMLTZruFNFEgjRRsEc+Qr6O25qf
cEzE3yO2EpAmSMS570eK596SvjO6Jd1GM/e/AUnGlOJ3fEOt58ICNWV9V3RdhFwi
Nmmqj3yXhiSsQU695+1NwFViajaXTDjXP/LskJP2hLpolIrkwOanKryZAoGBAOiy
F4zP/RdbhM1CjkyJXHaG8Uru/jimOuKSHhpHnANeNQrMylM4IYH33/GFIIS7hsJg
9ohH5XMnslp1CjbEvjDXuurJx5TFBMFCPy3LppQDKZBLnWyNGBsSDu6/oq+/ozIA
KVTEGlQvqZDQCaxXwvxHFB1w+xlHXAdsY0TVL7+NAoGAVXwEHeQTLWUcv969c+aX
q2LkfU9oCdFW58o6g4L1Qx7M0Qwk9lgLF6NZVKdk2DQOaPIVHH+nO8snvz7oHajC
Go1RyESwfrUk1alGs5d8AnmizyHhFehfKNYKYfSKBlhBWj9yu/A71CY5ie74n4MH
LdZIsWWUotIZJe6KBY7/VNkCgYEAscHaW6dHH+C5wlNlgPItwB21lhib+4qA0TPt
6wVpGOmOe4GVzZzDfBVu7YFVJhBbEYIg0lqZ3S4mARQHiW8iGw2xrEoYPH2E9F03
BjTcO5Vu2tvollPyZjuVTKz4CmnKsReOe0KTGlyOnCFQQmeIfE+P/i2go97vXnxe
GOcCYsECgYEAhB0srmyo49HErxPBzVKN1bVz1GczVtUUVx0tJLhvdM43vTZeXMnl
EstwZWXf3UB5FRsmHSZoBhRmkNzFQ54pM/hlGaGrirgYowMfe5j0Zd0jZBQqpApW
YET1/PeQXaF1V9k8wmmZHuLdgo8tw90x0GVCcmxs3UHlGsEJ0ggnCOk=
-----END RSA PRIVATE KEY-----

PEM格式RSA私钥-PKCS#1格式-加密(密码b'123456')

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,D83C87E7C883DBC9A86058511585F8D1

E0mNN1sAM/uN4jG1TSaxn4gUqaazMXEGB7z0wNNAOKa2VcLJF3HOYg/psZv7xsr3
0b4Au1t1hfxU9Zlzx/Pd1kKdVX7Ex6PohU7Jmldn3p6R9SPqAZOz1S3YPTqPfjqQ
VcbCUW1SHdc9OhmanKxhpQUM3kZ7Q0sC37aIoY+mESiKA/oUKbZ3n72gYeZ96+13
oWQK7ewG+nYHD+xz7InWcf7qA02H9rHbREsvhJ75mWA8w7Lg7lDflFI0nS4eaOkU
uf8rym1+x9F4Yno7acfvkhQanWcHjLl4QoEhADMflfNb9KxkRahaiIzDMrROYeN1
1m9XiDfxYkcmeeR2IKKsTVYZwODoDvVFrB1gmWIpHbuDZms/6lj/SDHAxVRlp0iJ
GA4yiT8HYXjpRoIwp7pAq9nFMMWpK09NKUKijUWF/pgs6YEjrAqRPKZhsih6aw9v
5Jci0kj/02QxYCocM15pzuF6eE+gHthCfNDMU0H5MPZNT5iZUBAxyj0ZPJW6RmVi
R1vde1RRHCy4QRHM62KUMeoNQ4FRhyUK7MuuQLP7FmWHsVIAw/tRsmXT5ss2eNUS
qmWQODdgkvnGrEpxjSqPrwYhRDewB1nmiTJMt+Upe5wBCPzX8YKgJqkMB3/cEeEE
u6lJ+tFNcfXbhRfCqTLG/VgQtxSNwQ6+hYzEaspk984G1stRwsuR6O056N4SyEOJ
fddE/ouue6vlcJtRTZqB8vvbJ7VFIciOpvyUF7JwImj4MZJQ2v0/CEQAAaRC9CNr
tLQbLd/3IN/PqOV9+H6y86hLcKUMl4grEQ1RrOfaRrVWV8siMkAGS5W8zvSIhwgn
28+MWwPI2/vU0NZLcgQyDD/pa1ElwyFRRZ8Mr89jB3B2eMuhsZ3X7UEkH11MHT+7
OIhOJc+B/3nMv0rablYPhO3HBkNBG4IjyanSufCTZusWhg48Vz7V4E35YPCQKJnr
l8rcwklNTfD18F2SOIHU3/qalRoVUWX8m6pvE4xjMHlrNOEOVzI3M3XWyjsCT6i2
vd/kanLcApkAvluy7sfjJzUIsr/GsHP2K01U+b1a0Oj2FxnQT1T7orCt/pl7lNS1
NecJ1/Ipob+7q3DGZymVJRd+TbabKfs5NHJmzYTwI4jYy5bgq+tjLXgwKzPPfzuH
bQKX6aRVYxx50RHeo50Tb3ngigShpzwD1W8gcPmsqJjLYxe/JsgE46tErTXueB8T
MeyqYzcGmwimBazVl218OgbfkP+OV0P8LFCUL334UEiiGx9epznuEbOvDp9Qi4DL
bloMZ5WtS8qm57OYWhamQG8XEyUp51P2n4f5o3m/42TQSiF9rPazP7oayHijuFR1
xEaVe2yoRezsigugTlApZzJ4VF9iTpSrbsvH/77qduX200YDGRnYBMw1fVNvECtN
MrT4vaXwKX/B9c7DN0sI/e2ODTsbYaHN8Oiu/d4Im2lf6CGgQUpW4UbgYtBxHRVt
FiehmIcq8qOfrL/gpTE+xwdp0Jc8kUnZm6BsAAjGs9reL34x6OKsLD550cXAyf6e
he4xqohX0kSXnV4pF5F18WVVfCmKoCzxr8decM8GYVK3uSNAWDrzlx2UXhUo0yga
-----END RSA PRIVATE KEY-----

EC(椭圆曲线)私钥

PEM格式EC(椭圆曲线)私钥-PKCS#13格式-无加密

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILb9XVRPCaPgtmBLTfusYmTDBzACWEIMP7G47ttUSgcZoAoGCCqGSM49
AwEHoUQDQgAEIL5WxHjk/yCczEPlMxcLSSYqsOs4uhGzlq0FQnIx4uJrvDaIq6ht
+tdT2VAnfDTNbyhkJWWfCCpe9meVIQj6hQ==
-----END EC PRIVATE KEY-----

PEM格式EC(椭圆曲线)私钥-PKCS#13格式-加密(密码b'123456')

-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,4E0066D4A2184696A17C26228EC877BC

IqonndTo2J7Av5vqR7N9JaM/P+WLN+eKWFRC9MFfv924c+AVvA1ZuPpGE3VVQn9t
KEZQt/kMW3DFaSaqZDR6rNXsjDp0INohCrEzTqRp0Zt8B5zDv0zQ8pRPHJI9E2vz
LwpTV3ANTiFvKPL+R8cscE2VknDoBgxBocJ7m0vJ2ng=
-----END EC PRIVATE KEY-----

PEM格式EC(椭圆曲线)私钥-PKCS#8格式-无加密

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtv1dVE8Jo+C2YEtN
+6xiZMMHMAJYQgw/sbju21RKBxmhRANCAAQgvlbEeOT/IJzMQ+UzFwtJJiqw6zi6
EbOWrQVCcjHi4mu8NoirqG3611PZUCd8NM1vKGQlZZ8IKl72Z5UhCPqF
-----END PRIVATE KEY-----

PEM格式EC(椭圆曲线)私钥-PKCS#8格式-加密(密码b'123456')

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIH0MF8GCSqGSIb3DQEFDTBSMDEGCSqGSIb3DQEFDDAkBBBRZfYgbzli9lpBCQb1
kCHnAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQHEyPD6t4f90hzYVJ
e5gKZASBkMw3IUycIsSHk2NBBM5+cg/B8/u6u66CUtJW9joWCXOo3d3B4TPsT3Bv
O59DWGiIV68UAZYPwx32a2p0vkVOR+ASRaCKBLEgc+Ok16AMsYqV0L1pvzK/torO
WCclp+7i3CQdDCZhoidcJRgAnndveQCub1C1OishpY9XcmsjQSsrkzXM70iOyB2F
wPKBWH5DUw==
-----END ENCRYPTED PRIVATE KEY-----

国密SM2私钥

PEM格式国密SM2私钥-PKCS#8格式-未加密

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgBpQ7OBFIJJsYCYDc
bI93W5V0MCJrcTKqyBPioqLt5vagCgYIKoEcz1UBgi2hRANCAARjC0S7dmZPlmqi
HUBdWMNbTxIuXwZ5xso3C7CSqsxD6CMUj3Hnmv0vLdc+c8529937yBKVfK/xKMnF
kkUXDjud
-----END PRIVATE KEY-----

PEM格式公钥

PKCS#1格式RSA公钥

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA57b1SHQKXl47qa/35WaX3UNI/UTBIPxcJjJIW84hYBOMDWGwBQHE
1n+l+b9FctQXRIpB/DBPasRvg8YfUSN05Rexv3/s+Z/nIXXlVaatwBV+tCb97iqK
urYJpMuxJmOhe68ENgFGZkUfAMvByHfPVfzKg2y8gZmsxyfPnZ0dPZpm/xSzdceN
I49iWLFvCARkKEjuO0rjL8tqk3cxY5uTDSov68UEbyhQOYTodLlByY9uwzQOF74T
UWV7ZiEfDoFwaiJi7Q+60wQm9oPS/XeoE97IfA9tEKe7kKmBQZxoI8vyStPUQ1WE
Fn+wtcB67pS9dEpTRWBgmQYtLtkq4lcHRQIDAQAB
-----END RSA PUBLIC KEY-----

X.509证书扩展标准公钥

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP9eQZFl3j5zZX8bmYYEznA0z3/X+
TooIQ11rxFcPZsTvJPLCUY7NHasUenXJngmvRXSnP4odegaoe4usLDv/3A==
-----END PUBLIC KEY-----

PEM证书/私钥/公钥解析及序列化

证书加载及序列化

from cryptography import x509
from cryptography.hazmat.primitives import serialization

cert_pem = b'''-----BEGIN CERTIFICATE-----
MIICeDCCAh6gAwIBAgIDCQiGMAoGCCqGSM49BAMCMIGKMQswCQYDVQQGEwJDTjEQ
MA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEfMB0GA1UEChMWd3gt
b3JnMS5jaGFpbm1ha2VyLm9yZzESMBAGA1UECxMJcm9vdC1jZXJ0MSIwIAYDVQQD
ExljYS53eC1vcmcxLmNoYWlubWFrZXIub3JnMB4XDTIyMDYxMDA3MTczNloXDTI3
MDYwOTA3MTczNlowgZExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw
DgYDVQQHEwdCZWlqaW5nMR8wHQYDVQQKExZ3eC1vcmcxLmNoYWlubWFrZXIub3Jn
MQ8wDQYDVQQLEwZjbGllbnQxLDAqBgNVBAMTI2NsaWVudDEuc2lnbi53eC1vcmcx
LmNoYWlubWFrZXIub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKQK43j7b
gR5l7w6lksM39GPKouVG1APdU2dRSElnGleAwSE6462wcCec/z/X9oLltEH+N7J+
PU6QqNlfdBhdHaNqMGgwDgYDVR0PAQH/BAQDAgbAMCkGA1UdDgQiBCAQI/im5dGN
IruXfy+9prPBpczEAv2pS33Sgf+XZdr8azArBgNVHSMEJDAigCBRi9kSGe5qMbTj
pim5j+50x7ezC5oDQVzXHSLlNIF6czAKBggqhkjOPQQDAgNIADBFAiEApxk8gCH0
uvnkjjO+uI80fWUBmHIkJ2GRIUD1tvyf0FACIDhPPc0j2DjsAg61hlD5682/jwqV
ne776zZIIkR4uZ2r
-----END CERTIFICATE-----'''

# 加载PEM证书-创建证书对象
cert = x509.load_pem_x509_certificate(cert_pem)
# 证书对象-序列化为PEM格式
pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
print(pem.decode())

证书吊销列表加载及序列化

证书吊销列表用于吊销一批证书

from cryptography import x509
from cryptography.hazmat.primitives import serialization

crl_pem = b'''-----BEGIN X509 CRL-----
MIIBfDBmAgEBMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMMEmNyeXB0b2dyYXBo
eS5pbyBDQRcNMjEwOTExMDg0OTI3WhcNMjEwOTEyMDg0OTI3WjAVMBMCAgFNFw0y
MTA5MTEwODQ5MjdaMA0GCSqGSIb3DQEBCwUAA4IBAQCmO+pCzndqgeZBgfMNUsk4
SSVQg+lJ5WPm/cpFiR2UtKkwjKb60Gy4/zTDULojQVCzSdHfEUd+84JNMRzXrAqO
OEIr9S1xcyR3zrDVyciJOqxNxx+bMo0mpj4B7LMo3X4Xt02WZZEFuEwf7aICKl2r
uuas6HQ/jEtwRiEGFLeBN5+TcB5qW+ri/hNLJbfFRBoGSB6mvIysxgDi+7/6EIQn
H5o8H8AD5BoQ28jtB9H9u2JX5/oJivWorpiVFd2oOaNx2frc7Emchz0a7G9LpL3H
qS3QyRJyXqgRPXloFiKhOBRoO7lORGs+92pSBAwYaaWm38mmetzkBKIhMY8dWN4M
-----END X509 CRL-----'''

# 加载PEM格式证书吊销列表-创建crl对象
crl = x509.load_pem_x509_crl(crl_pem)
# 证书吊销列表crl对象-序列化为PEM格式
pem = crl.public_bytes(encoding=serialization.Encoding.PEM)
print(pem.decode())

私钥加载及序列化

cryptograpy私钥相关操作:

  • 私钥加载:
    • 加载PEM私钥:serialization.load_pem_private_key()
    • 加载DER私钥:serialization.load_der_private_key()
  • 私钥序列化:
    • key.private_bytes(<编码格式>,<私钥格式>,<加密方法>)
    • 编码格式
      • serialization.Encoding.PEM:PEM格式
      • serialization.Encoding.DER: DER格式
    • 私钥格式
      • serialization.PrivateFormat.TraditionalOpenSSL:PKCS#1格式
      • serialization.PrivateFormat.PKCS8:PKCS#8格式
      • serialization.PrivateFormat.OPENSSH:OPENSSH格式
      • serialization.PrivateFormat.RAW:原始格式
    • 加密方法
      • serialization.NoEncryption():不加密
      • serialization.BestAvailableEncryption(b'123456'):加密

from cryptography.hazmat.primitives import serialization

private_key_pem = b"""-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILb9XVRPCaPgtmBLTfusYmTDBzACWEIMP7G47ttUSgcZoAoGCCqGSM49
AwEHoUQDQgAEIL5WxHjk/yCczEPlMxcLSSYqsOs4uhGzlq0FQnIx4uJrvDaIq6ht
+tdT2VAnfDTNbyhkJWWfCCpe9meVIQj6hQ==
-----END EC PRIVATE KEY-----"""

private_key_with_pwd_pem = b"""-----BEGIN ENCRYPTED PRIVATE KEY-----
MIH0MF8GCSqGSIb3DQEFDTBSMDEGCSqGSIb3DQEFDDAkBBBRZfYgbzli9lpBCQb1
kCHnAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQHEyPD6t4f90hzYVJ
e5gKZASBkMw3IUycIsSHk2NBBM5+cg/B8/u6u66CUtJW9joWCXOo3d3B4TPsT3Bv
O59DWGiIV68UAZYPwx32a2p0vkVOR+ASRaCKBLEgc+Ok16AMsYqV0L1pvzK/torO
WCclp+7i3CQdDCZhoidcJRgAnndveQCub1C1OishpY9XcmsjQSsrkzXM70iOyB2F
wPKBWH5DUw==
-----END ENCRYPTED PRIVATE KEY-----"""


# 加载PEM格式私钥-无密码
key1 = serialization.load_pem_private_key(private_key_pem, password=None)

# 加载PEM格式私钥-带密码
key2 = serialization.load_pem_private_key(private_key_with_pwd_pem, password=b"123456")

# 私钥对象-序列化为PEM格式-PKCS#1模式-无密码
pem1 = key1.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,  # TraditionalOpenSSL及PKCS#1格式
    encryption_algorithm=serialization.NoEncryption(),
)
print(pem1.decode())

# 私钥对象-序列化为PEM格式-PKCS#8模式-带密码
pem2 = key1.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.BestAvailableEncryption(b'123456'),
)
print(pem2.decode())

公钥加载及序列化

cryptograph公钥相关操作

  • 加载PEM公钥:serialization.load_pem_public_key()
  • 公钥序列化: key.public_bytes(<编码格式>, <公钥格式>)
  • 编码格式:
    • serialization.Encoding.PEM:PEM格式
    • serialization.Encoding.DER:DER格式
  • 公钥格式:
    • serialization.PublicFormat.PKCS1:PKCS#1格式(仅RSA公钥)
    • erialization.PublicFormat.SubjectPublicKeyInfo:X.509证书扩展标准公钥格式
from cryptography.hazmat.primitives import serialization

public_key_pem = b"""-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA57b1SHQKXl47qa/35WaX3UNI/UTBIPxcJjJIW84hYBOMDWGwBQHE
1n+l+b9FctQXRIpB/DBPasRvg8YfUSN05Rexv3/s+Z/nIXXlVaatwBV+tCb97iqK
urYJpMuxJmOhe68ENgFGZkUfAMvByHfPVfzKg2y8gZmsxyfPnZ0dPZpm/xSzdceN
I49iWLFvCARkKEjuO0rjL8tqk3cxY5uTDSov68UEbyhQOYTodLlByY9uwzQOF74T
UWV7ZiEfDoFwaiJi7Q+60wQm9oPS/XeoE97IfA9tEKe7kKmBQZxoI8vyStPUQ1WE
Fn+wtcB67pS9dEpTRWBgmQYtLtkq4lcHRQIDAQAB
-----END RSA PUBLIC KEY-----"""


# 加载PEM格式公钥
key = serialization.load_pem_public_key(public_key_pem)


# 公钥对象-序列化为PEM格式-PKCS#1模式(仅RSA公钥)
pem1 = key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.PKCS1,
)
print(pem1.decode())

# 公钥对象-序列化为PEM格式-X.509证书扩展标准公钥格式
pem2 = key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
print(pem2.decode())

参考

posted @ 2024-07-17 12:37  韩志超  阅读(258)  评论(0编辑  收藏  举报