使用CFML(Lucee),我试图使用AWS Java SDK(v1.11)创建签名的Cloudfront URL,而我却试图创建签名。问题是我似乎无法将.pem私钥转换为.der格式。在以下代码段的最后一行中,我不断收到各种无效的键错误:
var derContent = FileReadBinary("C:/path/to/cert.der");
var keySpec = createObject("java", "java.security.spec.PKCS8EncodedKeySpec");
var keyFactory = createObject("java", "java.security.KeyFactory").getInstance("RSA");
var privateKey = keyFactory.generatePrivate(keySpec.init(derContent));
我尝试了几次使用openssl转换文件的尝试,但是遇到了各种问题。
此命令将不会创建.pem证书:
openssl x509 -inform PEM -outform DER -text -in pk-XXXX.pem -out pk-XXXX.der
unable to load certificate
30276:error:0909006C:PEM routines:get_name:no start line:../openssl-
1.1.1a/crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
这是创建证书的过程,但是我在调用invalid key format时遇到了generatePrivate()错误
openssl rsa -inform PEM -outform DER -text -in pk-XXXX.pem -out pk-XXXX.der
有人可以建议其他方法转换证书吗?谢谢!
答案 0 :(得分:0)
本文摘自:https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CFPrivateDistJavaDevelopment.html
此openssl命令会将您的Cloudfront私钥文件转换为.der格式:
arr = [5, 22, 29, 39, 19, 51, 78, 96, 84]
i = 0
while (i < arr.size - 1 and arr[i] < arr[i + 1])
i = i + 1
end
puts i
arr[i] = arr[i + 1]
arr[i + 1] = arr[i]