🔐 Как определить протокол, используемый для шифрования закрытого ключа

Мануал

Используйте утилиту openssl для определения протокола, использованного для шифрования закрытого ключа.

Проверьте закрытый ключ, поскольку традиционная форма PKCS#8 предоставляет эту информацию из коробки.

$ cat rsa_pkey_enc_pkey.pem  
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,06A16DB50701C4E4FF6D710544F1F81C

ohhKfxJwGx47uCqAqSQbQ2p9mNDfM/6p4shBYDWR1xBwh5KBPVWxVZR7ZG6J5BaM
Pc2/Aaec2GIrcfi7j1Wo5xgBoSlJSE4bhCG1mYLpIWAtx8ZevRhAn6xr9TIHhNWt
NDPWMmnJMLzIJd1apwulLuEcaDxVeqSXRimHubxEjHpwnUzGv7Qq6Dj8A6fVHxRS
AgVFa1ebZhH5EqBtKm3tRzZKuQClzENNbFcyufm+7hCGhGjXK2IBeXUipPc3LIdo
n+LkNm+XNywadbCA4qAkFlhFQSpsW6wrnYMdhVz119rA54Ls/LNh+2A4w0tl4egY
NRwhvC20kSQKvY0UVtG79Udbu1YLFEpTxS023+eqYkpcViLPcrOb9dCwgBITjRhB
DJSCZY+B8vYWk57Llg/SyVBF4JoP3hVgVSFcp+YdVtB6cctIdlsVt925UZHv1Sac
6vu0PbuiZN+gRSHh81gea8k0x0VGF/MTitLTnhiX8rKDEGU516qzveUwRWMVaBaO
8LmbwyHNv0LWCFUhaeEnTOg+BH0gUZvm3QElWmxrkkiG3gdbgOfSwOVcGOT8kQNd
WQHwTvAQH4di9RXXkuX86yVSh5dWIPys9VdNjNE6t4Mhj7iN847/RkYnZcDmmaTt
cCHl8OM99sji0M4v9UnwqkwbSDdUrEiAZjUNqIFK1Y3pTc8ldgdlg4e27u19+Uzl
KUahpp9d/jHo6iyZ6X971gp1rE9rsCp50j84dKrzKvfhOHILHV8YDu0KQ9ppZmyT
TfJqNiUh158qMYx80XCPKpKmN1aFWmUacpW3vHvK27QemSoEN7bgJhF1mLgqFw0u
zkXzjEleonG1vCM360QueMIB1dBkpupPy65YytZHnp8BkY+WVfAKDWIJxNiunlzp
VBJEOgbz5JoGVs/gIW13VVmx3iQDaBzMVoCarRKLVgIrc41437L+3zT4ekvfgaQ1
alxIUeHS90zHVRJR9GlKHd05J6r/bRSLJPxRgYl++2DT+0PI3INOMe+l/WDvLsIu
cvB26CTnHJqQQVehzcldrpO3jkBKhXwAjuEMsa/wGP2hsrQePp7Np+01mt1GtCBI
OCBPoLGhtiAiHUjw8goVT8pQXbudUaK/s3n/cBOFPi2AR1/0Ch2jwVjkcWptjGxo
hPZJq2X66xnHESZTMpBQgpvr44nXVKxTj+MrFvldUnLXTK4jHyIYHzx5umouqIc0
RO7zhZ24G7OresyzZispK4ZUS/j6GOo8B+ccoQ6Ioqdw4jRH44xvUhDP+asdmXOW
O6rOJpwo5nMPAQlefp2UbiQuGNmNPIcOKaOkVN3SgM6aZdvx9GochBWmLGGzOJ2x
Q9KsPHq3hmjSayHLQ7RtYyNXRuOAB1lraQ3F7eh+oyAU8MiWQaNtR6KS9ENhWY+5
20zA0WF6A21cOFG9U4IKJCksgKf+0DRa+cAQvZmsUwM7ssvObq83LaThsQwwiLT9
5xF5LAszQsgZZszn7SiqqiIOLp/hr8soOBEPx5hd8cR+vZmOwrvwrbnSieFpMVkm
CaoxHmEWZHZL4AM/EYBcV5Pd/iPpoAb6Gd2SfNT/uoJoyKslmZoAK+HJ1nfwAtRu
-----END RSA PRIVATE KEY-----

Зашифрованный ключ в форме PKCS#8 не предоставляет такой информации.

$ cat rsa_pkey_enc_genpkey.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIPEEe4tn1gy0CAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDPCcpNhzQnLDgRMSTLqXfBBIIE
0JHtmfGK1kmr0oOVY6DJeuENraUGSvTT2SYpWY4POjKhxf2HSETlsehjtbP1cjBR
UYR3idyv9GzJnzsOOPmhRd5G1x29VoYK8ItpN5Jq+cHsFmeaSO1bowCPkk+VPZMw
r/SjNj0foGxcPKw6EWnf+v/QlTUWt6abRD4AMUxWp/FTLoiB86gs4ZuTZTO4cl23
ojGfTRYuzU7ya173j/VLnOMUDIaDrlmXcA8TWjp0FZKeMLtXM1xAb6iSCv+VdmtE
qH5hpdnM9xd9ty2uB6b4iARu6UT8qLh9O+RcjWkPShDlMCnnTqVKHWSaVYiVBZ0M
xt29BSWM6qxwMcyJYGqf4zOoREfJKWbl63E099nsC2HYj63n8eSeGQOZdtPbpLYZ
BvGaerJdrcLPhJsjRLglLif9tMcty0nIg14lNmHUOwObNGUqm3O+5EE7C7j4JGup
4Xt/Ex30aUa/hyLabyXSET4YHYyRMP1r2rXofXJBQW8KjFp/Fr7QxH2RF3eZXCxr
h+5s7U2vtIY6icAwSl58GYbV1pDjla6v4dbtufdWz2S18+2RkjCNQd6yBj/VAYNR
/HLpmKy9Gmd8wNQ4PIOvh+6ltvjKB+hRu+9ZtisqFK6QzLtapc8NdS3UNh49hYvG
Vuek6Ih9uC4gJlydk0LDS7k1rY8MkjggOAN55KINJECk5wuB1vHCeVLDDo93f7HU
H986NIqul/DbxBkePbsnGJvzEPbpSgDr+iMTiFRgmTMLbcgSIZCljSnVHK5y/8gi
WlntUgogSzdOVTfPIegR28A5c4Q8sGw5e/f5bgJsx2K8xFyZuNSRaT0tfRdVZfMi
JQiaGFo5KbAmh28q1xcuGFsud9/wH3nG9S3klWb7TrEXxWTGAcZh3ygl5fK8Rak1
BwoCqUblH7nehs5x4eHqJpqRTz5yyJAe5B5jn3d0muOAXlELS22nB20W7RjVX5Qk
EvOY3U4nujuyGPSpoQG7AqHHAa7r7QHY/7xLn2P5UlEZxJ43OWeZQ0QAhmp629r4
qRTir64CpvIHkv9Ft1zj8pP1XVw2KtgkJPZhRqAHP6EzsBlWQX6xdv5ei2IoZ9gi
2bUOUg7FrvzEN2WxvgdF6TDaWdl3Bzb1he5bKh3dtWiQ1o5BAjD5uzzfB53DwS3z
OFnN0GtoinGlEcNWZEU4dm0/Uqh7vz9I7mkQbAHkynleEDum7ZKZaigdbDkEaTSo
2+la9NAcrrkDuyPguQw6KWMkiKzRTDtXT5Y9JuQ0JLXBlIQ7nzCEVUAdA/U10I4T
j1elPNC9VjcxF/fsI8ZsvDJ4OoQEGkD/VAgxijz6H2qh7BfBiRj5f5/w/Hp8IkLl
pop6D7mONmQerPay9Exo3RZsS5m6BFbMGePLa4b978hY1fxcCaNgBQZTpMSp66JR
tAocK5iXXzVUi3BvdLCFNvoVYoyL79D/GSfosXfN5Sol4paq8cotPrtHwMkBTXmV
I8yB602+qq/+Bq2rZWdo+1tlzt8FriplP9DQSpNt1Y03DFiSIlXu3hBGDaTC7yk0
H9jJSKZO/FajRfgkusQNIPRooqyl9WmOBNxHOKH6Pt/CSbzwjHrmfbjrdRBqOi6j
8IzSLZalNPGMqHpvoDQ8K2XwhOKTcXBLSAo+aGDI9Xml
-----END ENCRYPTED PRIVATE KEY-----

Используйте утилиту разбора ASN.1 для извлечения этой информации.

$ openssl asn1parse -in rsa_pkey_enc_genpkey.pem 
    0:d=0  hl=4 l=1325 cons: SEQUENCE          
    4:d=1  hl=2 l=  87 cons: SEQUENCE          
    6:d=2  hl=2 l=   9 prim: OBJECT            :PBES2
   17:d=2  hl=2 l=  74 cons: SEQUENCE          
   19:d=3  hl=2 l=  41 cons: SEQUENCE          
   21:d=4  hl=2 l=   9 prim: OBJECT            :PBKDF2
   32:d=4  hl=2 l=  28 cons: SEQUENCE          
   34:d=5  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:3C411EE2D9F5832D
   44:d=5  hl=2 l=   2 prim: INTEGER           :0800
   48:d=5  hl=2 l=  12 cons: SEQUENCE          
   50:d=6  hl=2 l=   8 prim: OBJECT            :hmacWithSHA256
   60:d=6  hl=2 l=   0 prim: NULL              
   62:d=3  hl=2 l=  29 cons: SEQUENCE          
   64:d=4  hl=2 l=   9 prim: OBJECT            :aes-256-cbc
   75:d=4  hl=2 l=  16 prim: OCTET STRING      [HEX DUMP]:CF09CA4D8734272C38113124CBA977C1
   93:d=1  hl=4 l=1232 prim: OCTET STRING      [HEX DUMP]:91ED99F18AD649ABD2839563A0C97AE10DADA5064AF4D3D92629598E0F3A32A1C5FD874844E5B1E863B5B3F572305151847789DCAFF46CC99F3B0E38F9A145DE46D71DBD56860AF08B6937926AF9C1EC16679A48ED5BA3008F924F953D9330AFF4A3363D1FA06C5C3CAC3A1169DFFAFFD0953516B7A69B443E00314C56A7F1532E8881F3A82CE19B936533B8725DB7A2319F4D162ECD4EF26B5EF78FF54B9CE3140C8683AE5997700F135A3A7415929E30BB57335C406FA8920AFF95766B44A87E61A5D9CCF7177DB72DAE07A6F888046EE944FCA8B87D3BE45C8D690F4A10E53029E74EA54A1D649A558895059D0CC6DDBD05258CEAAC7031CC89606A9FE333A84447C92966E5EB7134F7D9EC0B61D88FADE7F1E49E19039976D3DBA4B61906F19A7AB25DADC2CF849B2344B8252E27FDB4C72DCB49C8835E253661D43B039B34652A9B73BEE4413B0BB8F8246BA9E17B7F131DF46946BF8722DA6F25D2113E181D8C9130FD6BDAB5E87D7241416F0A8C5A7F16BED0C47D911777995C2C6B87EE6CED4DAFB4863A89C0304A5E7C1986D5D690E395AEAFE1D6EDB9F756CF64B5F3ED9192308D41DEB2063FD5018351FC72E998ACBD1A677CC0D4383C83AF87EEA5B6F8CA07E851BBEF59B62B2A14AE90CCBB5AA5CF0D752DD4361E3D858BC656E7A4E8887DB82E20265C9D9342C34BB935AD8F0C923820380379E4A20D2440A4E70B81D6F1C27952C30E8F777FB1D41FDF3A348AAE97F0DBC4191E3DBB27189BF310F6E94A00EBFA231388546099330B6DC8122190A58D29D51CAE72FFC8225A59ED520A204B374E5537CF21E811DBC03973843CB06C397BF7F96E026CC762BCC45C99B8D491693D2D7D175565F32225089A185A3929B026876F2AD7172E185B2E77DFF01F79C6F52DE49566FB4EB117C564C601C661DF2825E5F2BC45A935070A02A946E51FB9DE86CE71E1E1EA269A914F3E72C8901EE41E639F77749AE3805E510B4B6DA7076D16ED18D55F942412F398DD4E27BA3BB218F4A9A101BB02A1C701AEEBED01D8FFBC4B9F63F9525119C49E37396799434400866A7ADBDAF8A914E2AFAE02A6F20792FF45B75CE3F293F55D5C362AD82424F66146A0073FA133B01956417EB176FE5E8B622867D822D9B50E520EC5AEFCC43765B1BE0745E930DA59D9770736F585EE5B2A1DDDB56890D68E410230F9BB3CDF079DC3C12DF33859CDD06B688A71A511C356644538766D3F52A87BBF3F48EE69106C01E4CA795E103BA6ED92996A281D6C39046934A8DBE95AF4D01CAEB903BB23E0B90C3A29632488ACD14C3B574F963D26E43424B5C194843B9F308455401D03F535D08E138F57A53CD0BD56373117F7EC23C66CBC32783A84041A40FF5408318A3CFA1F6AA1EC17C18918F97F9FF0FC7A7C2242E5A68A7A0FB98E36641EACF6B2F44C68DD166C4B99BA0456CC19E3CB6B86FDEFC858D5FC5C09A360050653A4C4A9EBA251B40A1C2B98975F35548B706F74B08536FA15628C8BEFD0FF1927E8B177CDE52A25E296AAF1CA2D3EBB47C0C9014D799523CC81EB4DBEAAAFFE06ADAB656768FB5B65CEDF05AE2A653FD0D04A936DD58D370C58922255EEDE10460DA4C2EF29341FD8C948A64EFC56A345F824BAC40D20F468A2ACA5F5698E04DC4738A1FA3EDFC249BCF08C7AE67DB8EB75106A3A2EA3F08CD22D96A534F18CA87A6FA0343C2B65F084E29371704B480A3E6860C8F579A5

Незашифрованный ключ для сравнения.

$ openssl asn1parse -in rsa_pkey_unenc_genpkey.pem
    0:d=0  hl=4 l=1210 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE          
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim: NULL              
   22:d=1  hl=4 l=1188 prim: OCTET STRING      [HEX DUMP]:308204A00201000282010100C8064281CB917AA4F215FDD1B7ED8419E8D9C22D2B24FFABC40D2F4DC94E60DAF9149FEAE0419D579F7551CD275FDA196D7F82E577EDDD2FF62E749B42C4AC426154763CF62E841085AD8E578B8F288DC11F6AF01785B33840386F87956165902380AEE4A9C4FE342FE32EF1FF3D82A3865C2C279991C74CAB7074743B8A55F59889C25A07245C077DAEAAD0B1C45B076EE2BC5169C0BA50A8DBFD7C3626472810A31E8CD72DB9211FA15C8856DF9CF76BCC8B706F8E88A8CE607515B9434E44A60D63D4B310ABCB0666F5FE0518550A548B5807DCC1C1880D6A6217B89E2BE360E315CE12FF6ED382FC40A99F81282D0C73B29349334096E5C36ECA6F1D64610203010001028201004CA3495C1DB911BA9D1E9BEF7C7F3E7C06E1582AA23B3CD27CFD68406F7EDE5147DA0523A2E4C0FA4F984DCD42E6D0D3A9468FCA87D6D5468916678B0D5BF97C3D7A750B0A6FEC1DC07A2CED920539CE864E1955004E33CABBA063EB18EB0654E1A56E5D2246DDF6F4DA20A48BDCEF6EE40DF0C5036BFD667CD14B6D355ADD6FDB573083750438FACDC02D61A8C73B64951D886BE02A5B7CCF7FE63BE015765F57D9529E704FAE287B567675719773CF446137F9AEEF5D61B2F720C2321589DA87484D6E8BAD7AEF0CE1759F42693A6BFD5E79EDC826182B8066A0583603ED1D196EFCF14249B8D8D7BA821BC1C0B89EDA178AE7E10C3FA8FFACD8C81E6D8AB902818100FFF69839BE31A996356CBD50AFEBCEAB1B8513B652B313D8C7FB09871E719BDE57898B7B466E908911270C7601E72D45311DACE72FE1131E8783EE2FEA2658DCD2F3EB1F2BAB95CCD95BF006508175BEE70D0736893156780DD7118CCA9896B958DD5EB7F56791A588962CE6C2DB45C5AF9CC200625819B9560A26970D3A0B4B02818100C80D9C14B00B68FC7AB16E3EF5E892C3DCC1208C288BBA179B188F5AA20A48825D705493281509A3CE768AEB3E4455C5D7BE96296CEEEDDA34032B5A2AF4234DAC34EE112190C6AB5505F0E5A8E15EAE42F45CB914E2BB04544BB77C14FC7A22F881223C1C4C72FB33508BF58DB65B1E5BB1984F69112DC9137251B68FA5B7830281803719C2934B9A2D43A4A48FEC7AB26C7EF121A8A8AB0CD9CCE4DFE9A128B094393CE6E31BDA819AA3A7099CE91A67C59B0B83B3E0E0B1B707EF6C3B2E1D5DBBEB6D8E0CA35D2746CC1E4E685133AB6AC979BB983DE932B1C68E5429F700F5F01C5E40E94EF8891F155F5DD4B4A865C39356C68C0CC11EEE0AB3B6E3AFC8AD2219027F5CFDF68FA745A687B680C3BE80909BA86FF5562BD0AD22D3D644945E8CF43AC05EAED8A18F00387AEC7E2E152BDC98025F473886091D077366BA126CD78AA4DE762E247BD21E7A3B2A4A98B028D09A3266ED302CD8888C6676C8BB81F23F6A86D6FD2FECC13AC837FCA2746CB07313E808B7851564C19786E0834378994D6F0281801D9A9822C0B25C2B42C23B5BB4B296F3DBC78C1C4F6E2161C39728865F6BC44BC0CD876ED26579397E5766349EBB86BD2D5DCE8113F694EADB8182CF985905AB4EFFB648C7486243A048DD98861068303F4E6F01E95287C7EE3BAFC9A5BB47AD4AB6E309D399E0D3190C8F174E7615B5C3A00C46F3E7467DEA49C69DA7E06525

Вы не можете использовать эту утилиту для разбора традиционной формы.

$ openssl asn1parse -in rsa_pkey_enc_pkey.pem
Error in encoding
140365724464512:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:101:

см. также:

 

Добавить комментарий