pkey - public or private key processing tool
gmssl pkey [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-traditional] [-cipher] [-text] [-text_pub] [-noout] [-pubin] [-pubout] [-engine id]
The pkey command processes public or private keys. They can be converted between various forms and their components printed out.
pkey指令处理公钥或者私钥。 它们可以在各种形式之间进行转换,并将其组件打印出来。
Print out a usage message.
打印使用信息。
This specifies the input format DER or PEM.
该选项指出了输入格式是DER还是PEM。
This specifies the output format, the options have the same meaning as the -inform option.
该选项指出了输出格式,与-inform意义相同。
This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.
如果该选项没有被指定,则指定从密钥中读取输入文件名或者标准输入。 如果密钥被加密,将提示输入密码。
the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in gmssl(1).
输入文件的密码来源。有关arg格式的更多信息,请参阅gmssl(1)中的PASS PHRASE ARGUMENTS部分。
This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.
如果未指定此选项,则指定将密钥写入或输出的输出文件名。 如果设置了任何加密选项, 则会提示输入密码。 输出文件名不能与输入文件名相同。
the output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in gmssl(1).
输出文件的密码来源。有关arg格式的更多信息请参阅gmssl(1)中的PASS PHARSE ARGUMENTS部分。
normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.
通常使用标准格式写入私钥:这是具有适当加密算法(如果有的话)的PKCS#8表单。 如果指定了-traditional选项,则使用较旧的“traditional”格式。
These options encrypt the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as des3.
这些选项使用提供的密码加密私钥。 EVP_get_cipherbyname()接受的任何算法名称都可以接受,如des3。
prints out the various public or private key components in plain text in addition to the encoded version.
除了编码版本之外,以纯文本形式打印各种公共或私人密钥组件。
print out only public key components even if a private key is being processed.
即使正在处理私钥,也打印公钥组件。
do not output the encoded version of the key.
不打印出密钥的编码版本信息。
by default a private key is read from the input file: with this option a public key is read instead.
默认从输入文件读取一个私钥:使用该选项后则变为读取一个公钥。
by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key.
默认是输出一个私钥:使用该选项后则变为输出一个公钥。如果输入是公钥则该选项会自动设置。
specifying an engine (by its unique id string) will cause pkey to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.
指定要使用的硬件引擎。指定一个引擎(通过其唯一的id字符串)将导致pkey尝试获取对指定引擎的功能引用 ,从而如果需要的话初始化它。 然后,引擎将被设置为所有可用算法的默认值。
To remove the pass phrase on an RSA private key:
gmssl pkey -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
gmssl pkey -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
gmssl pkey -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
gmssl pkey -in key.pem -text -noout
To print out the public components of a private key to standard output:
gmssl pkey -in key.pem -text_pub -noout
To just output the public part of a private key:
gmssl pkey -in key.pem -pubout -out pubkey.pem
genpkey(1), rsa(1), pkcs8(1), dsa(1), genrsa(1), gendsa(1)
Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.