How to handle. pfx suffix files in Node. js, node. js. pfx

Source: Internet
Author: User
Tags begin rsa private key openssl rsa pkcs12 pfx file

How to handle. pfx suffix files in Node. js, node. js. pfx

Preface

In nodejs, various third-party Encryption Files will be obtained during encryption and decryption, and their suffixes will be the same ,. key /. pem /. pfx and so on. Can it be customized? It is a file.

However, today I have read a lot of nodejs libraries and I haven't found any tools like java keytool, because in java, pfx can be read completely, and the user is processing it, if you do not know how to operate in nodejs, use openssl for conversion first.

The first command is:

openssl pkcs12 -in xxxx.pfx -nocerts -nodes -out domain_encrypted.key

The second command is:

openssl rsa -in domain_encrypted.key -out private.key

Which of the following gods knows? Please let me know. Thank you.

=========================================

There is a way to Parse Files in two formats on google

Method 1

extract private key from .pfx file

# openssl pkcs12 -in myfile.pfx -nocerts -out private_key.pem -nodesEnter Import Password:MAC verified OK

Method 2

extract certificate from .pfx file

# openssl pkcs12 -in myfile.pfx -nokeys -out certificate_file.crt Enter Import Password:MAC verified OK

Detailed here: http://tecadmin.net/extract-private-key-and-certificate-files-from-pfx-file/

========================================================== =

========================================================== = Strongly supplemented

After several days of hard work, we finally solved this problem because it has always been a Private Key decryption problem.

openssl pkcs12 -in xxxx_private.pfx -out xxxx_private.pem -nodesopenssl x509 -in xxxx_public.crt -inform der -outform pem -out xxxx_public.pem

Here is a specific description of the specific situation, which can be modified for processing.

The other party provides a pfx and crt file generated by the tool in the window environment.

According to the generation tool described by the other party, the crt file is also a cer-> crt modified by the cer suffix file. It can be seen that if you do not know the file content here, many people will be confused by the suffix.

First, let's look at the command statement of the first line.

After query, the pfx file is a combination file with a private key and certificate. You can use the above command to obtain a file that is private. pem, which contains a certificate and a private key.

For example.

The private key is

-----BEGIN RSA PRIVATE KEY-----

.

The certificate is

-----BEGIN CERTIFICATE-----

. Sorry, it is inconvenient to post all the content at the same time. It is easy to identify.

Then the other party will give you a crt file, which is actually an x509 Certificate and needs to be resolved, but it should not be needed for java, it's just php or node.

If it is a certificate, it must be

-----BEGIN CERTIFICATE-----

.

Well, if you have an interface with someone else and you encounter a problem with the private key and public key, but the other party has given you the pfx and crt files, follow this command, I have already tried it in php and node environments. However, specific algorithms must be implemented based on specific situations.

======================== Supplement ===========================

REM export the ssl cert (normal cases)openssl pkcs12 -in aa.pfx -out aa.pem -nokeys -clcertsREM export the ssl cert (Crescendo load balancers)openssl pkcs12 -in aa.pfx -out aa_tmp_cn.pem -nodesopenssl x509 -in aa_tmp_cn.pem -out aa_cn.pem -text

Summary

The above is all about this article. I hope this article will help you in your study or work. If you have any questions, please leave a message.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.