These days, many students come to ask about the method of generating .p12 and .der, so I simply write an article to answer, symmetric encryption/asymmetric encryption, here is the difference between the two :
(1) Symmetric encryption uses the same key for encryption and decryption, so the speed is fast, but the security is not high because the key needs to be transmitted over the network .
(2) Asymmetric encryption uses a pair of keys, public key and private key, so the security is high, but the encryption and decryption speed is slow.
(3) The solution is to encrypt the symmetric encryption key with the asymmetric encryption public key, and then send it out. The recipient uses the private key to decrypt to obtain the symmetric encryption key, and then the two parties can use symmetric encryption to communicate.
1. Generate an RSA private key with a strength of 1024
$ openssl genrsa -out private.pem 1024
执行以代码生成一个私钥,Pem文件,其实Pem文件就是一般的文本格式;2. Create a certificate request
$ openssl req -new -key private.pem -out rsacert.csrFollow the prompts to fill in the certificate information here, here is a picture:
At this time, the control bar asks to enter the following personal information, then follow the prompts~
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Erma
Organizational Unit Name (eg, section) []:com
Common Name (e.g. server FQDN or YOUR name) []:Erma
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:At this time, a csr file is generated
3. Generate a certificate and sign it, valid for 10 years
$ openssl x509 -req -days 3650 -in rsacert.csr -signkey private.pem -out rsacert.crt4. Convert format - convert PEM format file to DER format
$ openssl x509 -outform der -in rsacert.crt -out rsacert.der5. Export P12 file
$ openssl pkcs12 -export -out p.p12 -inkey private.pem -in rsacert.crtIf you use Android files, please choose O by yourself; it's over here, no thanks...