X.509: Private / Public Key

问题

We're trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key, which we have to provide.

The security-specification says that the public-certificate has to be X.509 standard. Doesn't X.509 rely on the private / public key method? Because I only get one .pem file, containing a private key, and a certificate, but no public key, using the following command:

openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./cert.pem

Do I have to modify the command in order to create a private and a public key?

回答1:

The basics command line steps to generate a private and public key using OpenSSL are as follow

openssl genrsa -out private.key 1024
openssl req -new -x509 -key private.key -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer

Step 1 – generates a private key

Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).

Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.

Hope that helps! This answer explains the different file extensions.

回答2:

Public key is stored inside of x.509 certificate. Certificate binds identity information (common name, address, whatever else) to this public key.

回答3:

Create a private-public key pair.

openssl req -x509 -newkey rsa:2048 -keyout private.key -out public.cert -days 365

Optionally, combine the pair into a single file.

openssl pkcs12 -export -inkey private.key -in public.cert -out certificate.pfx

This results in the following files.

private.key
certificate.pfx
public.cert