Processing method of. pfx suffix file in Node. js

Preface

In nodejs, when doing encryption and decryption, you will get a variety of encrypted files from the third party, and there are only a few suffixes,. key/. pem/. pfx, etc., can you customize it? Anyway, it is a file.

But today, I have seen a lot of nodejs libraries, and I don't seem to find a tool like java keytool, because in java, it is completely possible to read pfx, but it is being processed. If you want to operate in nodejs, you don't know at present, use openssl to do a conversion first.

The first command is:

openssl pkcs12 -in xxxx.pfx -nocerts -nodes -out domain_encrypted.key

The second order is:

openssl rsa -in domain_encrypted.key -out private.key

Which great god knows, you can tell me, thank you.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

There is a way on google to parse files in two formats

The first format of files

extract private key from .pfx file

# openssl pkcs12 -in myfile.pfx -nocerts -out private_key.pem -nodes
Enter Import Password:
MAC verified OK

The second format of files

extract certificate from .pfx file

# openssl pkcs12 -in myfile.pfx -nokeys -out certificate_file.crt 
Enter Import Password:
MAC verified OK

Details can be found here: http://tecadmin.net/extract-private-key-and-certificate-files-from-pfx-file/

==========================================

===================================================================== Strongly Complemented

After many days of fighting, this problem was finally solved, because 1 straight is a private key decryption problem

openssl pkcs12 -in xxxx_private.pfx -out xxxx_private.pem -nodes
openssl x509 -in xxxx_public.crt -inform der -outform pem -out xxxx_public.pem

Here is mainly for the specific description of the specific situation, can be flexible processing

Because what the other party gives is an pfx and crt file generated by tools under window environment.

After the description of the generation tool given by the other party, this crt file is still an cer suffix file modified by itself- > crt. It can be seen that if you don't understand the contents of the file here, many people will be pitted from the suffix.

Let's start with the command statement on line 1.

After querying the document, pfx file is a combination file with private key and certificate. Through the above command, you can get a file that is private. pem, which contains a certificate and private key.

I'll give an example here if I don't know.

The private key is based on the

-----BEGIN RSA PRIVATE KEY-----

At the beginning.

The certificate is based on

-----BEGIN CERTIFICATE-----

At the beginning. I'm sorry it's not convenient to post all the contents at the same time. It's easy to tell.

Then the other party will give you an crt file, which is actually a certificate corresponding to x509, which needs to be solved, but it should not be needed for java, but it is needed for php or node.

Of course, if it is a certificate, it must be based on

-----BEGIN CERTIFICATE-----

At the beginning.

Ok, if you interface with others and encounter the problem of private key and public key, but the other party gives you pfx and crt files, just follow this command. I have already tried it in php and node environment. However, the specific algorithm should be implemented according to the specific situation.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REM export the ssl cert (normal cases)
openssl pkcs12 -in aa.pfx -out aa.pem -nokeys -clcerts

REM export the ssl cert (Crescendo load balancers)

openssl pkcs12 -in aa.pfx -out aa_tmp_cn.pem -nodes
openssl x509 -in aa_tmp_cn.pem -out aa_cn.pem -text

Summarize

The above is the whole content of this article. I hope the content of this article can bring 1 certain help to everyone's study or work. If you have any questions, you can leave a message for communication.