PEM--DER/CER(BASE64--DER編碼的轉(zhuǎn)換)

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM--P7B(PEM--PKCS#7)

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

PEM--PFX(PEM--PKCS#12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

PEM--p12(PEM--PKCS#12)

openssl pkcs12 -export -out Cert.p12 -in Cert.pem -inkey key.pem

CER/DER--PEM(編碼DER--BASE64)

openssl x509 -inform der -in certificate.cer -out certificate.pem

P7B--PEM(PKCS#7--PEM)

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

P7B--PFX(PKCS#7--PKCS#12)

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

PFX/p12--PEM(PKCS#12--PEM)

openssl pkcs12 -in certificate.pfx -out certificate.cer

如無(wú)需加密pem中私鑰，可以添加選項(xiàng)-nodes；

如無(wú)需導(dǎo)出私鑰，可以添加選項(xiàng)-nokeys;

PEM BASE64--X.509文本格式

openssl x509 -in Key.pem -text -out Cert.pem

PFX文件中提取私鑰(.key)

openssl pkcs12 -in mycert.pfx -nocerts -nodes -out mycert.key

提取密鑰對(duì)（如果pfx證書(shū)已加密，會(huì)提示輸入密碼。）

openssl pkcs12 -in 1.pfx -nocerts -nodes -out 1.key

從密鑰對(duì)提取私鑰

openssl rsa -in? 1.key -out 1_pri.key

從密鑰對(duì)提取公鑰

openssl rsa -in 1.key -pubout -out 1_pub.key

因?yàn)镽SA算法使用的是pkcs8模式補(bǔ)足，需要對(duì)提取的私鑰進(jìn)一步處理

openssl pkcs8 -in 1_pri.key -out 1_pri.p8 -outform der -nocrypt -topk8

提取私鑰詳細(xì)信息：

openssl rsa -in private_rsa.pem -text -out private.txt

RSA用私鑰簽名過(guò)程示例：

1.簽名源數(shù)據(jù):

accessType=0&backUrl=null&bizType=000000&certId=70869141586&channelType=07¤cyCode=156&encoding=GBK&merId=898310173990680&orderId=123456780727024&signMethod=01&txnAmt=1&txnSubType=07&txnTime=20170727175202&txnType=01&version=5.1.0

2.對(duì)簽名源數(shù)據(jù)做SHA256：

5488ac963dbfecd79a9919a3dbb3984dd08e8c133ecb934582e0584add905928

3.將SHA256的十六進(jìn)制結(jié)果數(shù)據(jù)轉(zhuǎn)字符編碼(BCD2ASC,并且把大寫(xiě)字符轉(zhuǎn)成小寫(xiě)，例如：'A'->41->61('a'))，如下:

0x35, 0x34, 0x38, 0x38, 0x61, 0x63, 0x39, 0x36, 0x33, 0x64, 0x62, 0x66, 0x65, 0x63, 0x64, 0x37, 0x39, 0x61, 0x39, 0x39, 0x31, 0x39, 0x61, 0x33, 0x64, 0x62, 0x62, 0x33, 0x39, 0x38, 0x34, 0x64, 0x64, 0x30, 0x38, 0x65, 0x38, 0x63, 0x31, 0x33, 0x33, 0x65, 0x63, 0x62, 0x39, 0x33, 0x34, 0x35, 0x38, 0x32, 0x65, 0x30, 0x35, 0x38, 0x34, 0x61, 0x64, 0x64, 0x39, 0x30, 0x35, 0x39, 0x32, 0x38,

4.對(duì)轉(zhuǎn)換后的數(shù)據(jù)再次做SHA256運(yùn)算，結(jié)果如下：

8B 51 4D 03 67 27 98 38 D3 40 B3 6E 37 25 73 E4 83 FE DB 5D DE 42 E0 09 9C 9F 80 9A 1B AF 1C 86

5.對(duì)4的結(jié)果填充后使用私鑰簽名,填充示例：

00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 8B 51 4D 03 67 27 98 38 D3 40 B3 6E 37 25 73 E4 83 FE DB 5D DE 42 E0 09 9C 9F 80 9A 1B AF 1C 86

6.用私鑰簽名后做base64編碼：

ixNWdVd7eiSRNVnj8BD4RW1t3ZvJHyLHyaL3JF7Pi+CcETqtQVKkIAgXv/mLsCv36hJAkLESJBojZOhEen3bg3SDYT+4A1hKbC90LC9Ts4mkrX3Q6igyOvSu6KGnLELDr6wQA8LaXFunJywGKL5lMG49nV/uhqvKoALR0ZXtZdLqYCu8FQoVFDKVRp57tweVi1s2V53cYpB2zwfYmWkNEyJHkPmf30tSjZaOwpH6ruVWi3AU6Ql/w9jFp2uBSRy1rq4KJlhDMXOmU/iji5tdcLE1qa+2Fjth00hMPjH95ZixyoiWgAJ7OzJwXJMF+f9+VdnmfDTyr68bAgxPnBFokw==

7.將6的簽名數(shù)據(jù)做URL編碼:

ixNWdVd7eiSRNVnj8BD4RW1t3ZvJHyLHyaL3JF7Pi%2BCcETqtQVKkIAgXv%2FmLsCv36hJAkLESJBojZOhEen3bg3SDYT%2B4A1hKbC90LC9Ts4mkrX3Q6igyOvSu6KGnLELDr6wQA8LaXFunJywGKL5lMG49nV%2FuhqvKoALR0ZXtZdLqYCu8FQoVFDKVRp57tweVi1s2V53cYpB2zwfYmWkNEyJHkPmf30tSjZaOwpH6ruVWi3AU6Ql%2Fw9jFp2uBSRy1rq4KJlhDMXOmU%2Fiji5tdcLE1qa%2B2Fjth00hMPjH95ZixyoiWgAJ7OzJwXJMF%2Bf9%2BVdnmfDTyr68bAgxPnBFokw%3D%3D