<p>正如Maarten Bodewes在评论中所述,OpenSSL可以将PKCS#8格式的加密私钥转换为PKCS#1格式的私钥(均为PEM编码)。但这也可以通过加密库来实现</p>
<p>密码学库支持使用方法<a href="https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/?highlight=load_pem_private_key#cryptography.hazmat.primitives.serialization.load_pem_private_key" rel="nofollow noreferrer">^{<cd1>}</a>(自版本0.6起)导入PKCS#8格式、PEM编码的(加密)私钥,例如:</p>
<pre><code>from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
pkcs8Encrypted = b""" -BEGIN ENCRYPTED PRIVATE KEY -
MIICzzBJB...
-END ENCRYPTED PRIVATE KEY -"""
privateKey = serialization.load_pem_private_key(
pkcs8Encrypted,
b'mypassword',
default_backend()
)
</code></pre>
<p>可以使用<a href="https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/?highlight=private_bytes#cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.private_bytes" rel="nofollow noreferrer">^{<cd2>}</a>导出PKCS#1格式、PEM编码的私钥(自版本0.2起):</p>
<pre><code>pkcs1 = privateKey.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
print(pkcs1.decode('utf-8')) # -BEGIN RSA PRIVATE KEY -...
</code></pre>
<p>目前的加密版本是3.4.7(2021年3月)。2.8从2019年10月开始,s<a href="https://pypi.org/project/cryptography/#history" rel="nofollow noreferrer">Release history</a>。实际上,这两种方法都应该是可用的</p>