(译) SSH RSA的公钥和私钥面是什么

RSA是一个非常简单却相当精彩的算法，这篇文章会展示SSH RSA密钥对里包含了什么，并且让你知道这些值可以用来怎么玩，还会教你怎样只用一个计算器来加密数据。

RSA算法是基于质数和大整数质数分解难的原理。这篇文章不是为了介绍RSA的，不过这里有一个快速的的回顾。大部分情况下我会使用和 Wikipedia 上一样的符号:首先你产生两个大的质数， p 和 q。φ = (p-1)(q-1)。选择一个e和φ互质，d ≡ e^-1 mod φ。

``-----BEGIN RSA PRIVATE KEY----- MIIBygIBAAJhANj3rl3FhzmOloVCXXesVPs1Wa++fIBX7BCZ5t4lmMh36KGzkQmn jDJcm+O9nYhoPx6Bf+a9yz0HfzbfA5OpqQAyC/vRTVDgHhGXY6HFP/lyWQ8DRzCh tsuP6eq9RYHnxwIBIwJhAKdf+4oqqiUWOZn//vXrV3/19LrGJYeU ... -----END RSA PRIVATE KEY-----``

`<code><span><a href="/cdn-cgi/l/email-protection" data-cfemail="c9bfa0ada8bb89bfa0ada8bba1a6a5aca7">[email protected]</a>   <script data-cfhash="f9e31" type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */   </script> ~/.ssh \$ openssl rsa -text -noout < id_rsa </span><span>Private-Key: (768 bit) </span><span>modulus: </span><span>00:d8:f7:ae:5d:c5:87:39:8e:96:85:42:5d:77:ac: </span><span>54:fb:35:59:af:be:7c:80:57:ec:10:99:e6:de:25: </span><span>... </span><span>publicExponent: 35 (0x23) </span><span>privateExponent: </span><span>00:a7:5f:fb:8a:2a:aa:25:16:39:99:ff:fe:f5:eb: </span><span>57:7f:f5:f4:ba:c6:25:87:94:48:64:93:fb:3d:a7: </span><span>... </span><span>prime1: </span><span>... </span><span>prime2: </span><span>... </span><span>exponent1: </span><span>... </span><span>exponent2: </span><span>... </span><span>coefficient: </span><span>...</span></code>`

`<code><span># If you don't want to do this yourself, see end for a script </span><span><a href="/cdn-cgi/l/email-protection" data-cfemail="16607f72776456607f7277647e797a7378">[email protected]</a>   <script data-cfhash="f9e31" type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */   </script> ~/.ssh \$ { echo 'ibase=16'; cat | tr -d ':/n ' | tr a-f A-F; echo; } | bc </span><span> </span><span>00:d8:f7:ae:5d:c5:87:39:8e:96:85:42:5d:77:ac: </span><span>54:fb:35:59:af:be:7c:80:57:ec:10:99:e6:de:25: </span><span>98:c8:77:e8:a1:b3:91:09:a7:8c:32:5c:9b:e3:bd: </span><span>.... </span><span>Ctrl-d to end input </span><span>13158045936463264355006370413708684112837853704660293756254884673628/ </span><span>63292...</span></code>`

`<code><span><a href="/cdn-cgi/l/email-protection" data-cfemail="c0b6a9a4a1b280b6a9a4a1b2a8afaca5ae">[email protected]</a>   <script data-cfhash="f9e31" type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */   </script> ~/.ssh \$ bc </span><span>bc 1.06.94 </span><span>Copyright 1991-1994, 1997, 1998, 2000, 2004, 2006 Free Software Foundation, Inc. </span><span>This is free software with ABSOLUTELY NO WARRANTY. </span><span>For details type `warranty'. </span><span> </span><span># Our powermod function: </span><span>define pmod(b,e,m) { if(e == 0 ) return 1; if(e == 1) return b%m; rest=pmod(b^2%m,e/2,m); if((e%2) == 1) return (b*rest)%m else return rest; } </span><span> </span><span> </span><span>#Define some variables (this time unabbreviated) </span><span>n=13158045936463264355006370413708684112837853704660293756254884673628/ </span><span>63292777770859554071108633728590995985653161363101078779505801640963/ </span><span>48597350763180843221886116453606059623113097963206649790257715468881/ </span><span>4303031148479239044926138311 </span><span> </span><span>e=35 </span><span> </span><span>d=10150492579557375359576342890575270601332058572166512326253768176799/ </span><span>23111571423234513140569517447770196903218153051479115016036905320557/ </span><span>80231250287900874055062921398102953416891810163858645414303785372309/ </span><span>5688315939617076008144563059 </span><span> </span><span> </span><span> </span><span># Encrypt the number 12345 </span><span>c=pmod(12345, e, n) </span><span> </span><span># Show the encrypted number </span><span>c </span><span>15928992191730477535088375321366468550579140816267293144554503305092/ </span><span>03492035891240033089011563910196180080894311697511846432462334632873/ </span><span>53515625 </span><span> </span><span> </span><span>#Decrypt the number </span><span>pmod(c, d, n) </span><span> </span><span>12345</span></code>`

`<code><span>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA2PeuXcWHOY6WhUJdd6xU+zVZr758gFfsEJnm3iWYyHfoobORCaeMMlyb472diGg/HoF/5r3LPQd/Nt8Dk6mpADIL+9FNUOAeEZdjocU/+XJZDwNHMKG2y4/p6r1FgefH <a href="/cdn-cgi/l/email-protection" data-cfemail="5f29363b3e2d1f29363b3e2d3730333a31712c2f3e32">[email protected]</a>   <script data-cfhash="f9e31" type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */   </script></span></code>`

``30 82 01 ca   - Sequence, 0x01CA bytes 02 01: Integer, 1 byte 00 02 61:    - Integer, 0x61 bytes (n). 00 d8 f7 ae 5d c5 87 39 8e 96 ... Same as from openssl! 02 01:  - Integer, 1 byte, 0x23=35 (e) 23 02 61  - Integer, 0x61 bytes (d) 00 a7 5f fb 8a 2a aa 25 16 39 ... ...``