bash 使用 openssl 从 pkcs12 证书中提取信息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8500475/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Working with openssl to extract information from a pkcs12 certificate
提问by Sonic84
I would like some help with the openssl command. I need to automate the retrieval of the subject= line in a pkcs12 certificate for a script I'm working on.
我想要一些有关 openssl 命令的帮助。我需要为我正在处理的脚本自动检索 pkcs12 证书中的 subject= 行。
I've used openssl to view the contents of the Identity/Certificate:
我使用 openssl 查看身份/证书的内容:
openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx
But I am prompted three times for the password. I used -passin to eliminate one of the password prompts, but I am still being prompted for the PEM pass phrase and verification entry.
I need to figure out a way to pass ${password} to the other two password challenges or have the scrip issue a ctl-c. The piece of info I need is outputted to the stdout before the second password prompt.
但是我被提示输入密码三次。我使用 -passin 来消除密码提示之一,但仍然提示我输入 PEM 密码短语和验证条目。
我需要想办法将 ${password} 传递给其他两个密码挑战,或者让脚本发出 ctl-c。我需要的信息在第二个密码提示之前输出到标准输出。
Any help would be appreciated!
任何帮助,将不胜感激!
Obviously I gutted the certificate output for this post.... but you should get the idea of what I'm seeing:
显然我删除了这篇文章的证书输出......但你应该明白我所看到的:
bash-3.2# openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx -passin pass:${password}
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: ****
friendlyName: ****
subject=****
issuer=****
-----BEGIN CERTIFICATE-----
::HASH REMOVED::
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: ****
Bag Attributes
localKeyID: ****
friendlyName: ****
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
::HASH REMOVED::
-----END RSA PRIVATE KEY-----
bash-3.2#
回答by Alfie Hanssen
Try this:
尝试这个:
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject
Or this for the common name (ruby to strip trailing whitespace):
或者这是通用名称(红宝石去除尾随空格):
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject \
| awk -F'[=/]' '{print }'`.strip`
回答by DreadPirateShawn
Copying answer here in order to remove this question from the "Unanswered" filter:
在此处复制答案以从“未回答”过滤器中删除此问题:
openssl pkcs12 -nokeys -in /Users/[User]/Desktop/ID.pfx -passin pass:${password}
回答by Ajay. A
You could also use -passinand -passoutwhich would not prompt you again for manual input. Here is a sample code:
您也可以使用-passinand -passout,它不会再次提示您手动输入。这是一个示例代码:
openssl pkcs12 -in seldpush_dev.p12 -passin pass:$password -passout pass:$password | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \
openssl x509 -subject -noout
Basically, use -keywordto fetch that value. In your case, -subject.
基本上,用于-keyword获取该值。在你的情况下,-subject.
回答by acornblue
This is a few years late; I'm not familiar with openssl, & etc; but since I see no reference to "-nokeys" I'll give what works for me.
这已经晚了几年;我不熟悉openssl等;但由于我没有看到对“-nokeys”的提及,我会给出对我有用的东西。
echo -e "$password\n$passphrase\n$passphrase\n" \
| openssl pkcs12 -in /Users/[user]/Desktop/ID.pfx -passin stdin -passout stdin
from manpage
从联机帮助页
stdin read the password from standard input.
