我发现openssl使用不同版本生成的PEM文件输出有所不同。
我使用以下命令生成PEM文件
因此,对于相同的p12文件,我们得到以下输出:
从版本0.9.8
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D 65 20 31 34 34 30 31 35 39 36 39 39 34 30 38
Key Attributes: <No Attributes>
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
TDv+z0kqAoGAfq00gXUAZKs/5070DyJJ2OPmgTsMkRXeAclk3mlvejzaiswmM50i
NuV4EYP0SeSzxxzMNR+0U8xg8M/R7a4qMAsDiHixM8i/HGrqC5m+/Zabg3FVNVEQ
C1sFNiqeP3P6n986HrRK5WbEFcJKMZFAbFTwXeo0D6Uevi2ZzYrm0cgCFE6W9Uw2
ZHF1HYhy0L49DUQN79LL
-----END DSA PRIVATE KEY-----
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D 65 20 31 34 34 30 31 35 39 36 39 39 34 30 38
subject=/CN=HCP
issuer=/CN=HCP
-----BEGIN CERTIFICATE-----
MIICeDCCAjagAwIBAgIEHpWeZDALBgcqhkjOOAQDBQAwDjEMMAoGA1UEAxMDSENQ
MB4XDTE1MDgyMTEyMjEwOFoXDTE1MTExOTEyMjEwOFowDjEMMAoGA1UEAxMDSENQ
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9E
AMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f
6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv
8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtc
NrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/h
WuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAfq00gXUAZKs/5070DyJJ2OPmgTsM
kRXeAclk3mlvejzaiswmM50iNuV4EYP0SeSzxxzMNR+0U8xg8M/R7a4qMAsDiHix
M8i/HGrqC5m+/Zabg3FVNVEQC1sFNiqeP3P6n986HrRK5WbEFcJKMZFAbFTwXeo0
D6Uevi2ZzYrm0cijITAfMB0GA1UdDgQWBBTo5c7HXDNXFjVl5cPJLHTKGqXXFTAL
BgcqhkjOOAQDBQADLwAwLAIUCI0RfR7sVsNpzMKFlCvx8G5nSZACFCkcmf5mPKoz
ytbeIPWod7vQNmEz
-----END CERTIFICATE-----
从版本1.0.1g开始输出:
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D 65 20 31 34 34 30 31 35 39 36 39 39 34 30 38
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUTpb1TDZkcXUdiHLQvj0NRA3v0ss=
-----END PRIVATE KEY-----
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D 65 20 31 34 34 30 31 35 39 36 39 39 34 30 38
subject=/CN=HCP
issuer=/CN=HCP
-----BEGIN CERTIFICATE-----
MIICeDCCAjagAwIBAgIEHpWeZDALBgcqhkjOOAQDBQAwDjEMMAoGA1UEAxMDSENQ
MB4XDTE1MDgyMTEyMjEwOFoXDTE1MTExOTEyMjEwOFowDjEMMAoGA1UEAxMDSENQ
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9E
AMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f
6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv
8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtc
NrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/h
WuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAfq00gXUAZKs/5070DyJJ2OPmgTsM
kRXeAclk3mlvejzaiswmM50iNuV4EYP0SeSzxxzMNR+0U8xg8M/R7a4qMAsDiHix
M8i/HGrqC5m+/Zabg3FVNVEQC1sFNiqeP3P6n986HrRK5WbEFcJKMZFAbFTwXeo0
D6Uevi2ZzYrm0cijITAfMB0GA1UdDgQWBBTo5c7HXDNXFjVl5cPJLHTKGqXXFTAL
BgcqhkjOOAQDBQADLwAwLAIUCI0RfR7sVsNpzMKFlCvx8G5nSZACFCkcmf5mPKoz
ytbeIPWod7vQNmEz
-----END CERTIFICATE-----
因此私钥存在差异。
问题是稍后我们尝试使用以下代码解析Java中的私钥:
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
KeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(key));
keyFactory.generatePrivate(privateKeySpec);
然后不会解析版本0.9.8的输出并且使用InvalidKeySpec失败。
OpenSSL中有什么变化,我们怎么能避免这种情况?