支付宝密钥格式转换

接入支付宝时(公钥方式)需要提供支付宝公钥,应用公、私密钥。 但是支付宝提供的格式不是标准的PEM格式,在Golang中使用需要进行预处理。

处理公钥

支付宝提供的 支付宝公钥、应用公钥 都是标准PEM格式公钥掐头去尾、删除换行之后的。 例如:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+Ok8w4gZ2xj3HpQyq8kGP5lppheFd7+ou7OqYGdHRALmSn49YL1iY4YR3swO8W1YQfAvTqS3WcfhpbGvh7YZ2bcfwEamTLIpt6Kwq52Hayvn+iEnx/hIvLAdjioMCmiCm6gX+JtEOjaq0CEeUUR1QfxxDhABBE1SpUtFL/afPmjnnBBB2GoM/X8CjvUt1IPb50TLUp4JMmW9xofwVAwV+6BQic4U57QdWQEdKIJSVkL3SZPrmhAj/Sc4cOO2dC/AMQjXXIYWrsx+ebGSWVGA+ORByrr2dtSQXNcYh9OSHE8Ptw/Ba6pYBBqDSBZ9b4sM5stII2KXKIa1t20meA2qQIDAQAB

因此处理起来比较简单。

  1. 头部添加-----BEGIN PUBLIC KEY-----
  2. 尾部添加-----END PUBLIC KEY-----
  3. 执行 openssl pkey -inform PEM -pubin -in origin_pub.pem -out standard_pub.pem 进行格式化

此时,standard_pub.pem即为标准的PEM公钥格式 例如

$ cat standard.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+Ok8w4gZ2xj3HpQyq8k
GP5lppheFd7+ou7OqYGdHRALmSn49YL1iY4YR3swO8W1YQfAvTqS3WcfhpbGvh7Y
Z2bcfwEamTLIpt6Kwq52Hayvn+iEnx/hIvLAdjioMCmiCm6gX+JtEOjaq0CEeUUR
1QfxxDhABBE1SpUtFL/afPmjnnBBB2GoM/X8CjvUt1IPb50TLUp4JMmW9xofwVAw
V+6BQic4U57QdWQEdKIJSVkL3SZPrmhAj/Sc4cOO2dC/AMQjXXIYWrsx+ebGSWVG
A+ORByrr2dtSQXNcYh9OSHE8Ptw/Ba6pYBBqDSBZ9b4sM5stII2KXKIa1t20meA2
qQIDAQAB
-----END PUBLIC KEY-----

处理私钥

支付宝生成的私钥默认是使用PKCS#8编码为标准PEM格式,并掐头去尾、删除换行之后的。 例如:

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCX46TzDiBnbGPcelDKryQY/mWmmF4V3v6i7s6pgZ0dEAuZKfj1gvWJjhhHezA7xbVhB8C9OpLdZx+Glsa+HthnZtx/ARqZMsim3orCrnYdrK+f6ISfH+Ei8sB2OKgwKaIKbqBf4m0Q6NqrQIR5RRHVB/HEOEAEETVKlS0Uv9p8+aOecEEHYagz9fwKO9S3Ug9vnRMtSngkyZb3Gh/BUDBX7oFCJzhTntB1ZAR0oglJWQvdJk+uaECP9Jzhw47Z0L8AxCNdchhauzH55sZJZUYD45EHKuvZ21JBc1xiH05IcTw+3D8FrqlgEGoNIFn1viwzmy0gjYpcohrW3bSZ4DapAgMBAAECggEAbacxwSrUp/WvTk+bnge85rJaDmB3pBB+AoCm/+aL15xq0yNjEVN/EdRcoNZFZxF/tVIUikgMGPzG3LJjPoQkNNokmyff3PO1ugp1YMD0ks3FaItDm2E3drSLz41tln+n9SISc8aSeJ+ypemI+cesbQA0QTVeudD2iSaTCiTLhmbPRhEfNSMVv/IJVNXDcuAB8IzTnn6mvtV1FfB61pgDjvkR3OOVIgUFKW+HHPg+3R+ZJquBR0YLnY8B93HzBix9WXQHX3zPegVapOYElJfgCSQKymD46o6FnD02zTH/q2BKz1LeuHUzFyCmP6LSa5uU5Q4eyrkOZJ7ARpQXMzARBQKBgQDkDVH6G5NHbaEf8IIHJtDlVYH6NztSr7Wq6XKeHEqdXQ+F7rHOaDIfzogush2tsktbVQ1DA19Kutj5kP8uAorp8aFnSncD+nh2Zb7zgJdaRquOfkm6ljMXre5M1zBMTRb2CPVNaiPZl5yGFLRAU5yK/Z27gbWL3EtxwhCAC+eiIwKBgQCqgN4ZLVF4jKzoZl5wxYna7E9wv88sZZBkWVTvDNKobag/Sn2W3Rn2tqTFoKux7CFHz17VILDIDzdgS5FbiEMJl7fDu6ZeYrDnQM3tGV5Mb1zbjwAik5q4/U6JPrwZNrQhR1fAtsv3GfIfMfiMHLfGqSys4VDgKjQfwmjkBkXSwwKBgGEaLtqg3TAfxOh1ntfutinAI+znkZHekSrp5cze3QJuOorbnMf3Y8hZR3EilDJ+ZUnJSDFNgUivkG2LSKxNltqP8RqrAUwnXR2Eqy7BhTCCQNAWg8w34h9mBr6fLch/VpSCMfi5hfRDcvlAXZO6RkCERqItU6Dutw0EBcSPzRwjAoGBAJcAZDJWAVZK+AMmTjN/rvQ03rITHW7LUBKfTuobKCHEZAIRfaJzlD/8R3dDMWv0nRDU5b7JIec8GqXspwIybnR7amMtuEzVCKj1qqp2Eh6NbeaBAfSdVqTIqZpA9iM6YFMstNnWylLAJr9b6SxlbpjBUPCW56JvnhQWgACaUZIzAoGBAIhYnnVKU4w6S3IIxiFOHa36Zw5npU0W2qdEOf/OkeQnE4cUhm5R69BSAALWJAiSxlFDV42ItPqSJj8ltGG2Hqt/ULXFryRikNL/2eR8vPXe8/iyKxfcp4UA5GQfzBPAWae73FEKB8Myi82yLHJbUvN/Ekg8Rs7Q3TaU7GNxEN0V
  1. 头部添加-----BEGIN PRIVATE KEY-----
  2. 尾部添加-----END PRIVATE KEY-----
  3. 执行 openssl rsa -inform PEM -in origin_pri.pem -out standard_pri.pem 进行转换和格式化

此时,standard_pri.pem即为标准PEM格式的RSA私钥 (PKCS#1)。 例如:

$ cat standard_pri.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAl+Ok8w4gZ2xj3HpQyq8kGP5lppheFd7+ou7OqYGdHRALmSn4
9YL1iY4YR3swO8W1YQfAvTqS3WcfhpbGvh7YZ2bcfwEamTLIpt6Kwq52Hayvn+iE
nx/hIvLAdjioMCmiCm6gX+JtEOjaq0CEeUUR1QfxxDhABBE1SpUtFL/afPmjnnBB
B2GoM/X8CjvUt1IPb50TLUp4JMmW9xofwVAwV+6BQic4U57QdWQEdKIJSVkL3SZP
rmhAj/Sc4cOO2dC/AMQjXXIYWrsx+ebGSWVGA+ORByrr2dtSQXNcYh9OSHE8Ptw/
Ba6pYBBqDSBZ9b4sM5stII2KXKIa1t20meA2qQIDAQABAoIBAG2nMcEq1Kf1r05P
m54HvOayWg5gd6QQfgKApv/mi9ecatMjYxFTfxHUXKDWRWcRf7VSFIpIDBj8xtyy
Yz6EJDTaJJsn39zztboKdWDA9JLNxWiLQ5thN3a0i8+NbZZ/p/UiEnPGknifsqXp
iPnHrG0ANEE1XrnQ9okmkwoky4Zmz0YRHzUjFb/yCVTVw3LgAfCM055+pr7VdRXw
etaYA475EdzjlSIFBSlvhxz4Pt0fmSargUdGC52PAfdx8wYsfVl0B198z3oFWqTm
BJSX4AkkCspg+OqOhZw9Ns0x/6tgSs9S3rh1Mxcgpj+i0mublOUOHsq5DmSewEaU
FzMwEQUCgYEA5A1R+huTR22hH/CCBybQ5VWB+jc7Uq+1qulynhxKnV0Phe6xzmgy
H86ILrIdrbJLW1UNQwNfSrrY+ZD/LgKK6fGhZ0p3A/p4dmW+84CXWkarjn5JupYz
F63uTNcwTE0W9gj1TWoj2ZechhS0QFOciv2du4G1i9xLccIQgAvnoiMCgYEAqoDe
GS1ReIys6GZecMWJ2uxPcL/PLGWQZFlU7wzSqG2oP0p9lt0Z9rakxaCrsewhR89e
1SCwyA83YEuRW4hDCZe3w7umXmKw50DN7RleTG9c248AIpOauP1OiT68GTa0IUdX
wLbL9xnyHzH4jBy3xqksrOFQ4Co0H8Jo5AZF0sMCgYBhGi7aoN0wH8TodZ7X7rYp
wCPs55GR3pEq6eXM3t0CbjqK25zH92PIWUdxIpQyfmVJyUgxTYFIr5Bti0isTZba
j/EaqwFMJ10dhKsuwYUwgkDQFoPMN+IfZga+ny3If1aUgjH4uYX0Q3L5QF2TukZA
hEaiLVOg7rcNBAXEj80cIwKBgQCXAGQyVgFWSvgDJk4zf670NN6yEx1uy1ASn07q
GyghxGQCEX2ic5Q//Ed3QzFr9J0Q1OW+ySHnPBql7KcCMm50e2pjLbhM1Qio9aqq
dhIejW3mgQH0nVakyKmaQPYjOmBTLLTZ1spSwCa/W+ksZW6YwVDwlueib54UFoAA
mlGSMwKBgQCIWJ51SlOMOktyCMYhTh2t+mcOZ6VNFtqnRDn/zpHkJxOHFIZuUevQ
UgAC1iQIksZRQ1eNiLT6kiY/JbRhth6rf1C1xa8kYpDS/9nkfLz13vP4sisX3KeF
AORkH8wTwFmnu9xRCgfDMovNsixyW1LzfxJIPEbO0N02lOxjcRDdFQ==
-----END RSA PRIVATE KEY-----

杂项

  • 如果需要使用PKCS#8标准格式的PEM,可以使用 openssl pkey -inform PEM -in origin_pri.pem -out standard_pkcs8.pem 进行单纯的格式化
  • 如果需要从私钥中导出公钥,可以使用 openssl pkey -inform PEM -in origin_pri.pem -pubout standard_pub.pem