일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | |||
5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | 28 | 29 | 30 | 31 |
- WebAuthn
- appres
- apple
- OTP
- 앱리소스
- 애플
- MFA
- SSL
- MSYS2
- git
- css
- fido
- MYSQL
- 앨범북
- OSX
- SWIFT
- 2FA
- SSH
- otpkey
- 앱스토어
- 인증
- 안드로이드
- openssl
- kmip
- SwiftUI
- Xcode
- albumbook
- Nodejs
- FIDO2
- Android
- Today
- Total
인디노트
Forge PKCS#8 - 개인키의 포맷변환 및 암호화 저장 본문
http://cris.joongbu.ac.kr/course/2015-2/wp2/htdocs/forge/forge-pkcs8.html
출처:
Forge PKCS#8 - 개인키의 포맷변환 및 암호화 저장
https://github.com/digitalbazaar/forge 참조
forge.min.0.6.12.js 링크하여 활용
Forge는 TLS 프로토콜을 자바스크립트로 구현한 것으로서 클라이언트측 암호프로그래밍과 node.js 기반의 서버측 암호프로그래밍에 활용할 수 있습니다.
키생성
var rsa = forge.pki.rsa;
var keypair = rsa.generateKeyPair(1024);
var publicKey = keypair.publicKey;
var privateKey = keypair.privateKey;
포맷변환 (privateKey - PEM)
var pem = pki.privateKeyToPem(privateKey);
var privateKey = pki.privateKeyFromPem(pem);
포맷변환 (privateKey - ASN.1)
var rsaPrivateKey = pki.privateKeyToAsn1(privateKey);
var privateKey = pki.privateKeyFromAsn1(rsaPrivateKey);
포맷변환 (RSAPrivateKey ASN.1 object - PKCS#8 ASN.1 PrivateKeyInfo)
var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);
포맷변환 (PKCS#8 ASN.1 PrivateKeyInfo - PEM)
var pem1 = pki.privateKeyInfoToPem(privateKeyInfo);
개인키정보의 암호화 저장 (PrivateKeyInfo를 aes256으로 암호화)
var encryptedPrivateKeyInfo = pki.encryptPrivateKeyInfo(
privateKeyInfo, 'password', {
algorithm: 'aes256', // 'aes128', 'aes192', 'aes256', '3des'
});
개인키정보를 복호화
var privateKeyInfo1 = pki.decryptPrivateKeyInfo(
encryptedPrivateKeyInfo, 'password');
암호화된 개인키정보를 PEM으로 변환/복구
var pem2 = pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);
var encryptedPrivateKeyInfo1 = pki.encryptedPrivateKeyFromPem(pem2);
개인키를 암호화하여 PEM 포맷으로 출력/복구
var pem3 = pki.encryptRsaPrivateKey(privateKey, 'password');
var privateKey = pki.decryptRsaPrivateKey(pem3, 'password');
개인키로부터 공개키 추출
var publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e);
RSA 키생성
Public Key:
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJC454EXvQH8kfTC09Dp0mwXSN SniBluUgjoEx8x0tDzVCJWnq6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDC CsocUHETYyqIEsqSic48MO6H9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9q ZLSruTQ/vPBnLg09kwIDAQAB -----END PUBLIC KEY-----
Private Key:
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----
PKCS#8 테스트
1. Private Key (pem): pki.privateKeyToPem(privateKey);
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----
2. ASN.1 RSAPrivateKey: pki.privateKeyToAsn1(privateKey);
[object Object]
3. Recovered from ASN.1 Private Key (pem):
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----
4. PKCS#8 ASN.1 PrivateKeyInfo: var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);
[object Object]
5. PKCS#8 ASN.1 PrivateKeyInfo to PEM: var pem1 = pki.privateKeyInfoToPem(privateKeyInfo);
-----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAIkLjngRe9AfyR9M LT0OnSbBdI1KeIGW5SCOgTHzHS0PNUIlaerpDXKmiLQr8abLZSUcqyM4TqVvc/ZZ AIMlDFL+MMIKyhxQcRNjKogSypKJzjww7of0IV1ETZAIWw0kUJiLHgyaSG0Eg1Do xd1Y7ix8H2pktKu5ND+88GcuDT2TAgMBAAECgYAFbsXZEKhd2cS5TuXEM94a+TRL nZYlXPv8TGnmtwKDFMVBuAX44AA+eUeWDN/pgsqhq/9EyCil+kMYkvKoQEG6wQik 6WEbdIJ7KqHvQb8q6h8vKf3VArR8rTPzlODRq9i1OyEX+8ovtImnfZNZ4XX6aceG EjvHRyVgKbvOS1nycQJBAPqpX4KX3frbKqspdB1XavNX0wSyRV07t9pQ+tquD3Lf rZ9qIFiq3N7CtlxNZZiXxN6vDda+ezKqGVMli6EpFd8CQQCL9rzKNuQcoyUcZ17g 6YgG+4Gw9y9rlxMEoN2ewdOmkIpewy9fKPHTPb5LjNHud4aUYTOWQO3Svj7wM03v zIbNAkEA1scoIoM0Xk1LG0wyxS1xY789/cku7DtORs+akqQQcrK8V1sdCjylcm5O yXo78msg8ln2tqmScJAVkQwbv2Sv6wJBAIo0PF0McJjae8WdSPGbh6clZ/2fRyLd DXlvgwbFa8G4TfmekENNweQNvr8JMS5gtfIEPRUrzepf0vQKJPYZpi0CQQC85/vY +ffiVocgiM8HPCoq+VrJJj1t3w/5BGji51kc/goTq0hdMJXQxfJYNdtnjpWNQJhB E/OjJfAgGr2wOkCU -----END PRIVATE KEY-----
6. decrypts an ASN.1 EncryptedPrivateKeyInfo:
[object Object]
7. encryptedPrivateKeyInfo (pem): pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIoo2A2TcEqRgCAggA MB0GCWCGSAFlAwQBKgQQZDa2fP7xpaAgzL695AwfYASCAoC99ortKRed1SCJCLMw m7mtKJfuJHC2XOCSsZuHAy5qy0YoRePlRy2JzNTMa7nK+ut4hvs80BxPAAoHHeKu 5ajVSFYY2eX8hO0+RgeW0AshYHTUce/ZD3Zts/cLdTF3BcevNVVKIR2NBx5pL94z Z8ZtMjpMgLFyJgxTwd9qipCI0kfCm0DBGR1nqRl/bviHvfcWkv4Ih8/gitPkYx8I 19BfvB4hswbK0Z6d6nJW6bTQwMqHhwuYu1yut8RZczk9mIMxlK587HqxH2DUW/ND MbqmVL3k7wGMG5R60bfLXXYcQOSa7icx788POusTMsVCgHNFX0Zl5+n13ZlLa5Oy MWWPTcmBlYtPltjP2pg7g4Vmq+dv21/n3b14zt2YmwFC1z0g3aDPGfz9IymHLGCl f0pucqrTxJKIafd8EHW1vqgTURa7cqfebegKv8JvsroPNd9ZiqOqUmdvBONwrCeN lPkfhDczsFBniXpdRKBWlbReUNsRc+I/YZzBkXJurHqkIoynfAs8vvoCOBp10PZi DxhXTkkJbJS3blR3TogVJhbaJzQNNIyNQpRKcd+0z+cQByYcDyMRHnIjwWiz87GK XWWPfA55uu6xIA3zJ1WOs4JNqUbQ4rmF7H8h6Fee5UtowTPTBagqeSGmi+F1Dfhi 6KiOp7z4fEtc/YVJscWjA7+CMyUxawZLmKJPLIbADgCAjadnMfFdHP5Vavx3E3L2 eTznK4mcChBnpbjzViUw2HMHB2HnjVctk9mdDl79g5ro6bQY2kkIqskdYVhWBP41 r1GbCnPSo/8Jzbgej3ebaIzRsa77IjXNtlV01/6wH8hHVRQR3lMcN6KL3lDy4Pv9 vdvu -----END ENCRYPTED PRIVATE KEY-----
8. EncryptedPrivateKeyInfo to ASN.1:
[object Object]
9. encryptedPrivateKey (pem): pki.encryptRsaPrivateKey(privateKey, 'password');
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI8RTL3YooFAsCAggA MB0GCWCGSAFlAwQBAgQQ12d6t/Rzf+xN6NG3bKxNjgSCAoDvQ0rj1WuFF2L1c/Xf NshwsHYVCg6iRWwnusAy2b7C0md/MchlwM8Iqepi4t8dPOJPBOVOhswNQyqdGFG5 yy0NUn3qP+juVltLGZ8mT4CatkF091inrM4gXekTgZ+u/lJM23769rnRVHjocM+K 0lZUMy+EhDk0y/HWYq+T4vZGiNGu8I0CzMvCZwZqzImKj+dniQv28niuZzI/5uzJ 15+TteARMhCiC5O4opGpuLYfIP+Mhv11OLmeN89QxMQ1LSNGa0/jJdODSjiQLDht OY9dJvLWtF3i3vhyjH4TvPRO3Xw8zEGvzvEpBw6QbW42KxSzSC1j68DNpUvlKRM0 Dtw1X6eYAUjWQftWPJ/hZDMVtpZHFyQTMXpK6O6c+Zr7/HF9iartRsp6cuISPtUP E/ucZORSWPVX6sQGkY+wefhQ8JvKtdZizbVwlQ9rQjRiGKXjZ2ZY8z3cO77nmANp gh5Q3kR9qGCUQbWntjtJOBI/2ob0+Yyx+kC+wT60HxrCI5K4t3pBurdZ+7UieOvE BiPeC6HSGDAgDE52R28mQIFU3TeXh3dxNe939sC+vrA/OyzZNqa0YNTiozpRjKow NjbE6gjGIM6iwrtUO7jcQo4c/kfiG6kSXo+sM8Q8+yHH9FN27b4hCxoStoCeLcSl GmJnGNYA4/z3h/AnOCZhso/pEjBFJfvo4FPeNqVd1AcEElAWHXgbevpzA1aZN7FQ hE9bFiPgA4Yde/NWgzwFR/APMkCiwAMQd4RTiipXaY/jdfL0ZJeHpjsm0gWDBM90 y8/ziRSlUKBozx7lI9l4xaAeU8kfBhVyIN1htH1p/eRs+BBFtQVzGw5k7ajgfxwK n7Og -----END ENCRYPTED PRIVATE KEY-----
10. Private Key (pem): pki.privateKeyToPem(privateKey);
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----
11. Public Key (set from privateKey):
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJC454EXvQH8kfTC09Dp0mwXSN SniBluUgjoEx8x0tDzVCJWnq6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDC CsocUHETYyqIEsqSic48MO6H9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9q ZLSruTQ/vPBnLg09kwIDAQAB -----END PUBLIC KEY-----
'인증기술 > PKI 기술' 카테고리의 다른 글
Java BouncyCastleProvider 가 설정되어 있는지 확인 후 설정 (0) | 2022.07.17 |
---|---|
OPENSSL PKI pem_password_cb 구현등 (0) | 2022.07.17 |
PEM_write_bio_RSAPublicKey vs PEM_write_bio_RSA_PUBKEY (0) | 2022.07.17 |
안드로이드 개인 인증서 추가 관련 정보 (0) | 2018.12.27 |
Simple Certificate Enrollment Protocol (SCEP) (0) | 2018.10.10 |