Manual/OpenSSL

[OpenSSL] RSA ๊ฐœ์ธํ‚ค (PrivateKey) ์ƒ์„ฑ ๋ช…๋ น์–ด

JayKim๐Ÿ™‚ 2023. 4. 6. 14:11

RSA ๊ฐœ์ธํ‚ค์— ๋Œ€ํ•œ ์ŠคํŽ™ ๋ฌธ์„œ๋Š” PKCS#1 ์ด๋‹ค. ์ด ๋ฌธ์„œ์— RSA ๊ด€๋ จ ํ‘œ์ค€์ด ์ž์„ธํžˆ ๋‚˜์™€ ์žˆ๋‹ค.
์—ฌ๊ธฐ์„œ๋Š” RSA ๊ฐœ์ธํ‚ค๋ฅผ ๋งŒ๋“ค๊ธฐ ์œ„ํ•œ OpenSSL ๋ช…๋ น์–ด๋ฅผ ์„ค๋ช… ํ•œ๋‹ค.

RSA 2048 ๊ฐœ์ธํ‚ค ์ƒ์„ฑ

openssl genrsa -out rsa_private.pem 2048
  • RSA ๊ฐœ์ธํ‚ค ์—์„œ ๊ณต๊ฐœํ‚ค ์ถ”์ด
  • openssl rsa -in rsa_private.pem -pubout -out rsa_pub.pem

์ด ๋ช…๋ น์–ด๋ฅผ ์ƒ์„ฑ ํ•˜๋ฉด rsa_private.pem ํŒŒ์ผ์— RSA ๊ฐœ์ธํ‚ค ๊ฐ’์ด ์ €์žฅ์ด ๋œ๋‹ค.
์ด ํŒŒ์ผ์€ ์ˆœ์ˆ˜ํ•˜๊ฒŒ ๊ฐœ์ธํ‚ค์˜ ๊ฐ’๋“ค์ด๋ผ ์ด๋Œ€๋กœ ์‚ฌ์šฉํ•˜๊ฒŒ ๋˜๋ฉด ๋ณด์•ˆ์ƒ ๋ฌธ์ œ๊ฐ€ ๋œ๋‹ค.

์ฐธ๊ณ ๋กœ ๊ฒฐ๊ณผ ๊ฐ’์€ PEM ํ˜•์‹์˜ ๋ฐ์ดํƒ€์ด๋‹ค.

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApzAC4RqHg/bswYD62mYy0XvmIoUb2kgnXcfvBd9KrfghR6tu
085pT/3BfH5RUK3zGj0w6ai553TNCEkph0TvTFK1Xo+fPRrDPeCkEE2WnTYd/r7d
YrgdW4JH1yfLyPj1vEtbrp0ifQW78PMT6u/itXV07TxVDdYwU6hevCMMYYa7haGA
z44UKT2e+BVdkHM0ivEgxmqzP5Rp4SZx7xOHXkwBLd9RmAnR0RmdvUHaXYq+D12A
SGqgFab0bQVnBo/b5p5SPJGgB2FrzdC+JiAvHUi37aGr8D5kp6/DUfRzrpKfxiMK
8N5QJWhQKycZXHT8A25kBuvlzvu2a63LW9eQGwIDAQABAoIBACzXmc4auYJRtoro
N2BgzPyXCND1dtUDSVvEBn5Ct9sVlIeOmblBwclsvHrRvqmvHmdJRldFpCdKkrvI
M9VOTgjgnjjwuLtA9GEiYZ7l0KH2I/Fx7BtQWr9yoCY7TFNpQy/v3nVlPBzgbtpf
uFXpZZtaF7SR3BZL/sZRgKdhly6I78Bl0/EzLA1QY149Y52MDycS1jKtg9qo+Jbt
XIPncM2O7XQ9vcgPKSQ7aYVw96Tis/RdZkzEES08Kltwjtib2nz6ytMocXFi4WGw
I13UfdRnRM4k8rSbOdWzlqXqfJYSNsaDFoTbuGCiHOFEjAAgBwWLR68bA44blMVn
kGSdD1ECgYEA0mQ7RkKs9hBDHh6QTfNMJ9yDyLqakSipfpXpku3zSgGlQOB/Wd6x
jON0juy+Lj2Bfex4r0+wN0VF3QTrvl5Z6YrZ7i2Q+bx62eqTvlK/FFsbUKF22uCR
xNYkmamipbEpOWPSPEfEw5iwdpGZfG4CoZyeEauXl2mmilqg9DvmB+0CgYEAy24n
66EiwJeATeWYuVqwUP9fQcVUPzbbub/zn8Akvn92YpUoA4YCPSGKpJqXsjcDNX1B
k75aBykF9T78/k2zs9bPuWcBv2cezbT2Q0j35s+8FKSLCnpIAxmc7OBBsJ8V94tF
SXZMW7Kxa4Hwc+GZ5C4ZNaGw1Ye+oR1spJ2MZycCgYACJCkCRw1xl6rHNLJtSKue
wDzLHzMRhSNseWQeLbPLLgcbiO1i4cRW1b3K8pfg6plVycFUr2/wsBDM9g7cKiOq
H9Kl/Oq7z/JEI4ILbtYpA+BcSrhl8+En6rIGqlZQb2QnBGAQYv6aqwQowMSaIph+
QpTNQzzQuq+KOu/mbHGj5QKBgCjJiU+BG0qqFZuIsTpYqIlU6nBxdBbIlP2FMv+Q
ss1PGRli9obeU4yWMQoXxNqClS4gUwmgXMSawQsO+gKy6ZjhNPzjXkJWFqL/6XBM
LQgmFnu9EfOj2NRmSkRkIkebXfgoAFheU6j/BvubLe7OCODrLTrHlID7mokLMUFA
JWp5AoGBAMT0fF52EuOQ8cmbGTV8kGwDKSdNJGMsI9NhhStdEHG87LeG/ZS76/kI
IIBauHB60VbnVzprErMUnyAPBGHHnjrPMoKOK9Zs0DRA6rmothO/CW5FwpjJ9vlI
vPv7L5JzUMPRVFpfZIsjyRuvhDuI3d6JmMsDr+BW87MIXGrvIeR5
-----END RSA PRIVATE KEY-----

์ฐธ๊ณ ๋กœ ----BEGIN PRIVATE KEY----- ์ด๋ ‡๊ฒŒ
openssl ๋ฒ„์ „์— ๋”ฐ๋ผ ์ด๋ ‡๊ฒŒ ๋‚˜์˜ค๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ๋Š”๋ฐ
์ด๊ฒƒ์€ ๋‹ค๋ฅธ ํ˜•์‹์˜ ๊ฐœ์ธํ‚ค ASN.1 ํฌ๋งท์œผ๋กœ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ์ •๋ณด๊ฐ€ ํฌํ•จ๋œ ๊ฒฝ์šฐ์ด๋‹ค.

์ฐธ๊ณ ๋กœ OpenSSL3 ๋ฒ„์ „์—์„œ ์ƒ์„ฑํ•œ BERGIN PRIVATGE KEY ํ˜•์‹์€ ํ™”๋ฉด ์ฒ˜๋Ÿผ ๋‚˜์˜จ๋‹ค.
์ด ํฌ๋งท์€ PKCS#8 ํฌ๋งท์˜ PrivateKeyInfo ํ˜•์‹์ด๊ณ  ๋‚ด์šฉ์ค‘์— OCTET STRING ๋ถ€๋ถ„์ด ๊ฐœ์ธํ‚ค ์ด๋‹ค.
OpenSSL 1๋Œ€ ๋ฒ„์ „์€ OCTET STRING ์˜ ๊ฐ’๋งŒ ๋งŒ๋“ค์–ด ์ง„๋‹ค.

RSA ๊ฐœ์ธํ‚ค์— ๋Œ€ํ•œ ASN.1 ๊ตฌ๋ฌธ์€ ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

         RSAPrivateKey ::= SEQUENCE {
             version           Version,
             modulus           INTEGER,  -- n
             publicExponent    INTEGER,  -- e
             privateExponent   INTEGER,  -- d
             prime1            INTEGER,  -- p
             prime2            INTEGER,  -- q
             exponent1         INTEGER,  -- d mod (p-1)
             exponent2         INTEGER,  -- d mod (q-1)
             coefficient       INTEGER,  -- (inverse of q) mod p
             otherPrimeInfos   OtherPrimeInfos OPTIONAL
         }

์ด๋ ‡๊ฒŒ INTEGER ๊ฐ’๋“ค์˜ ๋‚˜์—ด์ด๋‹ค.
์ด ํŒŒ์ผ์„ ๊ทธ๋ƒฅ BerEditor ๋กœ Decoding ํ•œ ํ™”๋ฉด์€ ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

RSA 2048 ๊ฐœ์ธํ‚ค ์ƒ์„ฑ ๋ฐ AES128๋กœ ์•”ํ˜ธํ™”๋œ P8 ํ˜•์‹ ์ €์žฅ

openssl genrsa -aes128 -passout pass:asdf -out rsa_private_enc.pem 2048

๊ฒฐ๊ณผ ํŒŒ์ผ๋กœ rsa_private_enc.pem ํŒŒ์ผ์„ ์—ด์–ด ๋ณด๋ฉด ๋‹ค์Œ ์ฒ˜๋Ÿผ Base64 ์ธ์ฝ”๋”ฉ ๋œ ํŒŒ์ผ์ด ์ƒ์„ฑ๋œ๋‹ค.

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIctpVWPVO0Y4CAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBBXdJMtZpcRwf5vCafwx6jJBIIE
0IMXSg4LYGOIsW6Zu48u2+SvlOcZbQUJ6pkjjhfTFQl4znx5B3AN+9MSFoiJeWeO
Cv6QyOZo2z8BXcFTwLnX/VykO8eYP3irrssgcrJBPmIdOGMVvgm+/YNGeFiD6/4v
rZz1ZHC2PBguQSAMXOgBGizqUDmkGBSuxiD2X2NssLryfPVkyQDN6fs3Pf4hKJwV
VmwNfXm/uFIrecwtzcdjmU751Shw7CmX9Jc1viOB4TzEFrM1trN+isiky8D1nCxs
hacFawJAy3mOGBKfDh1gEYJXbR/mFxSFMIrMJoNfIs0p56PUQ/p06soUpEeDnx1k
3/TQbWGil9UgJ7eNBMG4yC4zb5o7dU3h/TpvM7xIjIwGjujfiyQr+WI5OrRS69ps
9PQf1bV2NOB/FD+wL5p7zmMsLW7DxQ6mpFSZ0GXRxZmZaeFIuSxFVjvMqaLUboSu
+7GDISdrF99ryOB8J/zgluPMePyujoq4LK4GiwYoFX0JFK/MR+CrYUoVTFkvBu31
FESPXKH1Nn2GWAsFI0GpHjKkjbhzJUuovmZYVj58MbipqL3k/rmnU9bB+Fvxz2Dw
HnpBM4YYl6/8Q9IarbGYO/ihmAcckIEHUlGwjeNbKe1DKiOX9QWgNe/adsKA/BrX
kk8BTw/3gUfz3STBOMw+IYrdvBL/d9HCJ6diJ/EeXuZC0hFvgRPYrtU3Kf790zfP
wuhwzTcgCfJNi4XOdxrT6xIVoIW/bLnylmae5ej+rcRkWr3p/iBdyJH4RRP5GF/Z
TqaXFNeSfrYjHI7F7izJ1K74NRA7poUtZYNwwvvTECFfnlhULZh6mPd5EKK2xadz
BKeiZvqDjE7uyf7nfxhONki1z+ziBXw4vxhtj9x1aV3vY7OD6nCF7MwtOVdubxZo
iA9sAhxIOk7bcChin0l9wRJeqsh7fE3nQGKqRo6BGdnTE+szCIc6h9MqY/BGkezN
wNCi0RsUXwP83/keNiP/PXKZjU9pwo0QhE8CGeTAN5vE+vHOB3rJTOLUWB4Q9gNa
bJ6tmu92j3eJd6Q6zb3+dazj/VPUiCWi9P48eZkpsvygBDGjjNgmqSYujSIn8tiF
P3tzJ2wbJcNRH7whbKhyRK+SF6bJhA6e8QMZ00VnTE3zazBc81moAc24hJ2udCDe
0N1hRpk6+CUQu1BlLUWtWgUx326NMIIYLSrCGinDFkN6AytBw2bhIEULllMKz++k
cT26jw9tI6GjQE7J4EE3ov5CML5Eo3drLXwih0qWXthYhZz2ttXwiZLTkC/wVH6S
Ae3LDbwxKJazOh2gn8Il5g1khXi6pBKPeH8Fk1OdUacS26s7GTCJYJmfHYESHQAx
0vMhCHL/LFFQBlyhox0jzo/H0N6x5y7CBomtwmSp/2xhB9NmE0OfVPjXc9RXpjIp
wl8jDSk5EM2E96ZKXAN7ymNeqXWNlRkCs7ulggnJWdEzDz8H3p/rEhRACT0xY0b1
VOzwkQSmUwyGrFfRqtSnvUwJ1vPvkm3oRbW/tcbprnzOHxD8qB+wUalCyDsJJkdl
kyKlC/FqordfBdu+9wlWoWDfAQweZXNQKjnk5U9yVnz31IKIBTImyY0ec0l6renf
RUhsp//qO25e+rVjrWuzJf0Xcilnha3+nWgtDayS44ii
-----END ENCRYPTED PRIVATE KEY-----

์•”ํ˜ธํ™”๋œ ํŒŒ์ผ์˜ ํฌ๋งท์€ PKCS#8 ์— ์ •์˜ ๋˜์–ด์žˆ๋Š” ๋‹ค์Œ ASN.1 ํ˜•์‹์ด๋‹ค

-- Encrypted private-key information syntax

EncryptedPrivateKeyInfo ::= SEQUENCE {
    encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
    encryptedData EncryptedData
}

EncryptedData ::= OCTET STRING

PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
     ... -- For local profiles
}

KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
     ... -- For local profiles
}

์ฐธ๊ณ ๋กœ BerEditor ์•”ํ˜ธํ™”๋œ P8 ํŒŒ์ผ์„ Decoding ํ•œ ํ™”๋ฉด์ด๋‹ค.

๊ฐœ์ธํ‚ค ๋ณตํ˜ธํ™” ํ›„ RSA PrivateKey ์ถ”์ถœ

openssl rsa -in rsa_private_enc.pem -passin pass:asdf -out rsa_private_plain.pem

๊ฐœ์ธํ‚ค ์—์„œ ๊ณต๊ฐœํ‚ค ์ถ”์ถœ

openssl.exe rsa -in rsa_private_plain.pem -out rsa_public.pem -pubout

์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ๊ณต๊ฐœํ‚ค ๊ฐ€ rsa_public.pem ์œผ๋กœ ์ถ”์ถœ ๋œ๋‹ค.
์ถ”์ถœ๋œ rsa_public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzAC4RqHg/bswYD62mYy
0XvmIoUb2kgnXcfvBd9KrfghR6tu085pT/3BfH5RUK3zGj0w6ai553TNCEkph0Tv
TFK1Xo+fPRrDPeCkEE2WnTYd/r7dYrgdW4JH1yfLyPj1vEtbrp0ifQW78PMT6u/i
tXV07TxVDdYwU6hevCMMYYa7haGAz44UKT2e+BVdkHM0ivEgxmqzP5Rp4SZx7xOH
XkwBLd9RmAnR0RmdvUHaXYq+D12ASGqgFab0bQVnBo/b5p5SPJGgB2FrzdC+JiAv
HUi37aGr8D5kp6/DUfRzrpKfxiMK8N5QJWhQKycZXHT8A25kBuvlzvu2a63LW9eQ
GwIDAQAB
-----END PUBLIC KEY-----

Pass Phrase ์™€ ์•”ํ˜ธํ™” ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๋ณ€๊ฒฝ

  • ์•Œ๊ณ ๋ฆฌ์ฆ˜: AES128 -> AES256

  • Pass Phrase: asdf -> hello

    openssl rsa -aes256 -in rsa_private_enc.pem -passin pass:asdf -passout pass:hello -out rsa_private_enc2.pem

PKCS8 ํฌ๋งท ๊ฐœ์ธํ‚ค ์•”ํ˜ธํ™”

  • -topk8 : ๊ฒฐ๊ณผ PKCS8 ํŒŒ์ผ

  • -v2 aes128 : PKCS#5 Version 2.0์‚ฌ์šฉ ๋ฐ AES128 ์•”ํ˜ธํ™”

    openssl pkcs8 -topk8 -v2 aes128 -in rsa_private_plain.pem -out rsa_pri.p8 -passout pass:asdf

PKCS8 ํŒŒ์ผ์—์„œ ๊ฐœ์ธํ‚ค ์ถ”์ถœ

openssl pkcs8 -in rsa_pri.p8 -out p8_out.pem -passin pass:asdf

์ด๋ ‡๊ฒŒ RSA ๊ฐœ์ธํ‚ค ํฌ๋งท๊ณผ PKCS#8์˜ ์•”ํ˜ธํ™”๋œ ํ˜•์‹์„ ๋งŒ๋“ค์–ด ๋ณด์•˜๋‹ค.

ECDSA ํ˜•์‹์˜ ๊ฐœ์ธํ‚ค์™€ PKCS#8 ์•”ํ˜ธํ™” ํ˜•์‹๊ณผ Information ํ˜•์‹์— ๋Œ€ํ•ด์„œ๋Š”
๋‹ค์Œ์— ๊ธฐํšŒ๊ฐ€ ๋˜๋ฉด ๋‹ค๋ฃจ์–ด๋ณผ ์˜ˆ์ •์ด๋‹ค.

[CertMan] ๋น„๋Œ€์นญ ํ‚ค ์Œ ( RSA, ECDSA, SM2 ) ๋งŒ๋“ค๊ธฐ