公钥在 CSR 中的什么位置?

信息安全 tls 证书 openssl 电子签名
2021-08-18 18:13:18

我正在阅读 http://www.akadia.com/services/ssh_test_certificate.html

在步骤 2

openssl req -new -key server.key -out server.csr

server.key 是之前使用生成的 

openssl genrsa -des3 -out server.key 1024

这是私钥。

我没有看到任何公钥被“附加”到 CSR 中。

我错过了什么吗?

==================

(新增)

我已经使用 vi 以及 openssl reg 打开了 csr,这就是我所看到的

bash-3.2# openssl req -in server.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwgaYxCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlTaW5nYXBvcmUx
ETAPBgNVBAcMCENsZW1lbnRpMR0wGwYDVQQKDBRPcmFjbGVTemVqaWUgUHRlIEx0
ZDELMAkGA1UECwwCSVQxHTAbBgNVBAMMFHd3dy5vcmFjbGVzemVqaWUuY29tMSUw
IwYJKoZIhvcNAQkBFhZhZG1pbkBvcmFjbGVzemVqaWUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3B0IpI7mO1ZNn19V8R0voG3pQuuenzPvomfl
ipjidlvA4oF2486n0Apf8eLudtEBin70CVQ6xx/BYISv/SQqklIrRnhNnTyWsuxy
ofJRyrZyuWVyHo9LX9ARvUuBDXHLNHTepKX3ntsg/4H1o+wl0ZV3/ixj43wj7oNe
bxPEGHldmeaFwRonWXCTp9tXoZOa6agKY8ItSAWytYu2FBY33CXaTNSI2J/bLIVT
sJqJoL1nra35xq9fzyrclcDXVF3gqmOv2zRAUShxp+wtjGmA6e6iA3uM6NxHNrDN
0v3sDEpoDlkeMmTTxY/51QHfmy4HR3oRfdR6ERyx9pYdapPUiQIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBADyDRmogcQsYp6D4I3Mecicw16Miula4b4HfALaF6hwc
Ml9wUCRSBkjrgHIqva7RTx6LLNwcpDBA0V3S6o0HfN4uS8z+IKQ6VMVyk7pVcKcv
PFrZM1oW3oRd/eTU1B7+c98fQMazFfitT5fnTD5Zt+laL+9qutQtVRT/tnKrEX2p
irgBnZuXuOszzcmkI2XPh/eCudGC2es13pcdyHII+6Q5PzwM58ssNziDiLXZU7pD
0mDdIWmF1RBed7GCK9gYvYmnw+20VzRHvWpVEe2sdBlgAQH34xxWX2130vzk6crJ
6K0cP8kc8S2H8iOZ4hQWewrCebntZQNO9ythvOuik4c=
-----END CERTIFICATE REQUEST-----

似乎 CSR 是用某种格式编码的,或者这是一个哈希,如果是,CA 如何验证里面的内容?

我希望它没有用任何密钥加密,因为删除了“server.key”,我仍然在文本输出中看到 CSR

bash-3.2# openssl req -in server.csr -text

请赐教。

1个回答

我没有看到任何公钥被“附加”到 CSR 中。

在那里。这里是:

当您像这样生成密钥时:

$ openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
....................................++++++
......++++++
e is 65537 (0x10001)

你像这样生成你的 CSR: 

$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:dummy.example.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

然后公钥将在两者内部:

  1. 私钥文件:

    $ openssl rsa -in server.key -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4IPFCBOLLyJWtx37bibBKhKvE
9MbfD0MV8bXU544dVXvWZwLQwluyrsYebpl+4K1aLNmh01qUwBsm4GxESZo4mF3L
13Yki7Xlw95KJVgDBN0i1j96LgaxV/4K8z4RQ1MryGw+EHYFK/5pwtLxGN7Rn7kB
L9HOPEkwfwWbenUikQIDAQAB
-----END PUBLIC KEY-----

  2. 企业社会责任文件:

    $ openssl req -in server.csr -noout -pubkey
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4IPFCBOLLyJWtx37bibBKhKvE
9MbfD0MV8bXU544dVXvWZwLQwluyrsYebpl+4K1aLNmh01qUwBsm4GxESZo4mF3L
13Yki7Xlw95KJVgDBN0i1j96LgaxV/4K8z4RQ1MryGw+EHYFK/5pwtLxGN7Rn7kB
L9HOPEkwfwWbenUikQIDAQAB
-----END PUBLIC KEY-----
其它你可能感兴趣的问题
上一篇Windows 10 怎么能没有内存中的密码? 下一篇我应该接受大学的自签名证书吗?