Forge PKCS#8 - 개인키의 포맷변환 및 암호화 저장

http://cris.joongbu.ac.kr/course/2015-2/wp2/htdocs/forge/forge-pkcs8.html

출처:

Forge test

Forge PKCS#8 - 개인키의 포맷변환 및 암호화 저장

https://github.com/digitalbazaar/forge 참조
forge.min.0.6.12.js 링크하여 활용
Forge는 TLS 프로토콜을 자바스크립트로 구현한 것으로서 클라이언트측 암호프로그래밍과 node.js 기반의 서버측 암호프로그래밍에 활용할 수 있습니다.

---

키생성 
var rsa = forge.pki.rsa;
var keypair = rsa.generateKeyPair(1024);
var publicKey = keypair.publicKey;
var privateKey = keypair.privateKey;

포맷변환 (privateKey - PEM)
var pem = pki.privateKeyToPem(privateKey);
var privateKey = pki.privateKeyFromPem(pem);

포맷변환 (privateKey - ASN.1)
var rsaPrivateKey = pki.privateKeyToAsn1(privateKey);
var privateKey = pki.privateKeyFromAsn1(rsaPrivateKey);

포맷변환 (RSAPrivateKey ASN.1 object - PKCS#8 ASN.1 PrivateKeyInfo)
var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);

포맷변환 (PKCS#8 ASN.1 PrivateKeyInfo - PEM)
var pem1 = pki.privateKeyInfoToPem(privateKeyInfo);

개인키정보의 암호화 저장 (PrivateKeyInfo를 aes256으로 암호화)
var encryptedPrivateKeyInfo = pki.encryptPrivateKeyInfo(
  privateKeyInfo, 'password', {
    algorithm: 'aes256', // 'aes128', 'aes192', 'aes256', '3des'
  });

개인키정보를 복호화 
var privateKeyInfo1 = pki.decryptPrivateKeyInfo(
  encryptedPrivateKeyInfo, 'password');

암호화된 개인키정보를 PEM으로 변환/복구  
var pem2 = pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);
var encryptedPrivateKeyInfo1 = pki.encryptedPrivateKeyFromPem(pem2);

개인키를 암호화하여 PEM 포맷으로 출력/복구 
var pem3 = pki.encryptRsaPrivateKey(privateKey, 'password');
var privateKey = pki.decryptRsaPrivateKey(pem3, 'password');

개인키로부터 공개키 추출 
var publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e);

---

RSA 키생성

Public Key:
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJC454EXvQH8kfTC09Dp0mwXSN SniBluUgjoEx8x0tDzVCJWnq6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDC CsocUHETYyqIEsqSic48MO6H9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9q ZLSruTQ/vPBnLg09kwIDAQAB -----END PUBLIC KEY-----
Private Key:
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----

---

PKCS#8 테스트

1. Private Key (pem): pki.privateKeyToPem(privateKey);
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----

2. ASN.1 RSAPrivateKey: pki.privateKeyToAsn1(privateKey);
[object Object]

3. Recovered from ASN.1 Private Key (pem):
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----

4. PKCS#8 ASN.1 PrivateKeyInfo: var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);
[object Object]

5. PKCS#8 ASN.1 PrivateKeyInfo to PEM: var pem1 = pki.privateKeyInfoToPem(privateKeyInfo);
-----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAIkLjngRe9AfyR9M LT0OnSbBdI1KeIGW5SCOgTHzHS0PNUIlaerpDXKmiLQr8abLZSUcqyM4TqVvc/ZZ AIMlDFL+MMIKyhxQcRNjKogSypKJzjww7of0IV1ETZAIWw0kUJiLHgyaSG0Eg1Do xd1Y7ix8H2pktKu5ND+88GcuDT2TAgMBAAECgYAFbsXZEKhd2cS5TuXEM94a+TRL nZYlXPv8TGnmtwKDFMVBuAX44AA+eUeWDN/pgsqhq/9EyCil+kMYkvKoQEG6wQik 6WEbdIJ7KqHvQb8q6h8vKf3VArR8rTPzlODRq9i1OyEX+8ovtImnfZNZ4XX6aceG EjvHRyVgKbvOS1nycQJBAPqpX4KX3frbKqspdB1XavNX0wSyRV07t9pQ+tquD3Lf rZ9qIFiq3N7CtlxNZZiXxN6vDda+ezKqGVMli6EpFd8CQQCL9rzKNuQcoyUcZ17g 6YgG+4Gw9y9rlxMEoN2ewdOmkIpewy9fKPHTPb5LjNHud4aUYTOWQO3Svj7wM03v zIbNAkEA1scoIoM0Xk1LG0wyxS1xY789/cku7DtORs+akqQQcrK8V1sdCjylcm5O yXo78msg8ln2tqmScJAVkQwbv2Sv6wJBAIo0PF0McJjae8WdSPGbh6clZ/2fRyLd DXlvgwbFa8G4TfmekENNweQNvr8JMS5gtfIEPRUrzepf0vQKJPYZpi0CQQC85/vY +ffiVocgiM8HPCoq+VrJJj1t3w/5BGji51kc/goTq0hdMJXQxfJYNdtnjpWNQJhB E/OjJfAgGr2wOkCU -----END PRIVATE KEY-----

6. decrypts an ASN.1 EncryptedPrivateKeyInfo:
[object Object]

7. encryptedPrivateKeyInfo (pem): pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIoo2A2TcEqRgCAggA MB0GCWCGSAFlAwQBKgQQZDa2fP7xpaAgzL695AwfYASCAoC99ortKRed1SCJCLMw m7mtKJfuJHC2XOCSsZuHAy5qy0YoRePlRy2JzNTMa7nK+ut4hvs80BxPAAoHHeKu 5ajVSFYY2eX8hO0+RgeW0AshYHTUce/ZD3Zts/cLdTF3BcevNVVKIR2NBx5pL94z Z8ZtMjpMgLFyJgxTwd9qipCI0kfCm0DBGR1nqRl/bviHvfcWkv4Ih8/gitPkYx8I 19BfvB4hswbK0Z6d6nJW6bTQwMqHhwuYu1yut8RZczk9mIMxlK587HqxH2DUW/ND MbqmVL3k7wGMG5R60bfLXXYcQOSa7icx788POusTMsVCgHNFX0Zl5+n13ZlLa5Oy MWWPTcmBlYtPltjP2pg7g4Vmq+dv21/n3b14zt2YmwFC1z0g3aDPGfz9IymHLGCl f0pucqrTxJKIafd8EHW1vqgTURa7cqfebegKv8JvsroPNd9ZiqOqUmdvBONwrCeN lPkfhDczsFBniXpdRKBWlbReUNsRc+I/YZzBkXJurHqkIoynfAs8vvoCOBp10PZi DxhXTkkJbJS3blR3TogVJhbaJzQNNIyNQpRKcd+0z+cQByYcDyMRHnIjwWiz87GK XWWPfA55uu6xIA3zJ1WOs4JNqUbQ4rmF7H8h6Fee5UtowTPTBagqeSGmi+F1Dfhi 6KiOp7z4fEtc/YVJscWjA7+CMyUxawZLmKJPLIbADgCAjadnMfFdHP5Vavx3E3L2 eTznK4mcChBnpbjzViUw2HMHB2HnjVctk9mdDl79g5ro6bQY2kkIqskdYVhWBP41 r1GbCnPSo/8Jzbgej3ebaIzRsa77IjXNtlV01/6wH8hHVRQR3lMcN6KL3lDy4Pv9 vdvu -----END ENCRYPTED PRIVATE KEY-----

8. EncryptedPrivateKeyInfo to ASN.1:
[object Object]

9. encryptedPrivateKey (pem): pki.encryptRsaPrivateKey(privateKey, 'password');
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI8RTL3YooFAsCAggA MB0GCWCGSAFlAwQBAgQQ12d6t/Rzf+xN6NG3bKxNjgSCAoDvQ0rj1WuFF2L1c/Xf NshwsHYVCg6iRWwnusAy2b7C0md/MchlwM8Iqepi4t8dPOJPBOVOhswNQyqdGFG5 yy0NUn3qP+juVltLGZ8mT4CatkF091inrM4gXekTgZ+u/lJM23769rnRVHjocM+K 0lZUMy+EhDk0y/HWYq+T4vZGiNGu8I0CzMvCZwZqzImKj+dniQv28niuZzI/5uzJ 15+TteARMhCiC5O4opGpuLYfIP+Mhv11OLmeN89QxMQ1LSNGa0/jJdODSjiQLDht OY9dJvLWtF3i3vhyjH4TvPRO3Xw8zEGvzvEpBw6QbW42KxSzSC1j68DNpUvlKRM0 Dtw1X6eYAUjWQftWPJ/hZDMVtpZHFyQTMXpK6O6c+Zr7/HF9iartRsp6cuISPtUP E/ucZORSWPVX6sQGkY+wefhQ8JvKtdZizbVwlQ9rQjRiGKXjZ2ZY8z3cO77nmANp gh5Q3kR9qGCUQbWntjtJOBI/2ob0+Yyx+kC+wT60HxrCI5K4t3pBurdZ+7UieOvE BiPeC6HSGDAgDE52R28mQIFU3TeXh3dxNe939sC+vrA/OyzZNqa0YNTiozpRjKow NjbE6gjGIM6iwrtUO7jcQo4c/kfiG6kSXo+sM8Q8+yHH9FN27b4hCxoStoCeLcSl GmJnGNYA4/z3h/AnOCZhso/pEjBFJfvo4FPeNqVd1AcEElAWHXgbevpzA1aZN7FQ hE9bFiPgA4Yde/NWgzwFR/APMkCiwAMQd4RTiipXaY/jdfL0ZJeHpjsm0gWDBM90 y8/ziRSlUKBozx7lI9l4xaAeU8kfBhVyIN1htH1p/eRs+BBFtQVzGw5k7ajgfxwK n7Og -----END ENCRYPTED PRIVATE KEY-----

10. Private Key (pem): pki.privateKeyToPem(privateKey);
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCJC454EXvQH8kfTC09Dp0mwXSNSniBluUgjoEx8x0tDzVCJWnq 6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDCCsocUHETYyqIEsqSic48MO6H 9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9qZLSruTQ/vPBnLg09kwIDAQAB AoGABW7F2RCoXdnEuU7lxDPeGvk0S52WJVz7/Exp5rcCgxTFQbgF+OAAPnlHlgzf 6YLKoav/RMgopfpDGJLyqEBBusEIpOlhG3SCeyqh70G/KuofLyn91QK0fK0z85Tg 0avYtTshF/vKL7SJp32TWeF1+mnHhhI7x0clYCm7zktZ8nECQQD6qV+Cl9362yqr KXQdV2rzV9MEskVdO7faUPrarg9y362faiBYqtzewrZcTWWYl8Terw3WvnsyqhlT JYuhKRXfAkEAi/a8yjbkHKMlHGde4OmIBvuBsPcva5cTBKDdnsHTppCKXsMvXyjx 0z2+S4zR7neGlGEzlkDt0r4+8DNN78yGzQJBANbHKCKDNF5NSxtMMsUtcWO/Pf3J Luw7TkbPmpKkEHKyvFdbHQo8pXJuTsl6O/JrIPJZ9rapknCQFZEMG79kr+sCQQCK NDxdDHCY2nvFnUjxm4enJWf9n0ci3Q15b4MGxWvBuE35npBDTcHkDb6/CTEuYLXy BD0VK83qX9L0CiT2GaYtAkEAvOf72Pn34laHIIjPBzwqKvlaySY9bd8P+QRo4udZ HP4KE6tIXTCV0MXyWDXbZ46VjUCYQRPzoyXwIBq9sDpAlA== -----END RSA PRIVATE KEY-----

11. Public Key (set from privateKey):
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJC454EXvQH8kfTC09Dp0mwXSN SniBluUgjoEx8x0tDzVCJWnq6Q1ypoi0K/Gmy2UlHKsjOE6lb3P2WQCDJQxS/jDC CsocUHETYyqIEsqSic48MO6H9CFdRE2QCFsNJFCYix4MmkhtBINQ6MXdWO4sfB9q ZLSruTQ/vPBnLg09kwIDAQAB -----END PUBLIC KEY-----