<p class="shortdesc">使用获取到的加密公钥对密钥材料进行加密操作。本示例中采用OpenSSL方式加密密钥材料。。</p> <section class="section prereq" id="Encryptionkeymaterial__prereq_kjb_k14_xkb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">在加密密钥材料之前，您需要准备好待加密的密钥材料。密钥材料时256位的对称密钥。您也可以使用如下命令生成一个256位的对称密钥，并将其保存在名为KeyMaterial.bin的文件中。</p> <pre class="pre codeblock"><code>openssl rand -out Plain KeyMaterial.bin 32</code></pre> </section> <section class="section context" id="Encryptionkeymaterial__context_cjv_4yh_flb"><div class="tasklabel"><h2 class="doc-tairway">背景信息</h2></div> <p class="p">由于加密公钥是进行BASE64编码后的字符串，因此在使用公钥进行加密前需要对其进行BASE64解码操作。</p> <p class="p">加密完成后，对加密后的密钥材料进行BASE64编码的字符串保存，然后与导入令牌一起，作为密钥材料参数进行密钥材料导入。</p> </section> <section id="Encryptionkeymaterial__steps_nmq_gn5_jlb"><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps" id="Encryptionkeymaterial__steps_nmq_gn5_jlb"><li class="li step stepexpand"> <span class="ph cmd">将加密公钥进行BASE64解码。</span> <div class="itemgroup info"> <pre class="pre codeblock"><code>openssl enc -d -base64 -A -in PublicKey_base64.txt -out PublicKey.bin </code></pre> </div> </li><li class="li step stepexpand"> <span class="ph cmd">根据不同的加密算法加密密钥材料。</span> <div class="itemgroup info"> <div class="note important note_important"><span class="note__title">重要：</span> <p class="p">加密密钥材料使用的加密算法需要与获取导入密钥材料参数时所指定的加密算法保持一致。</p> </div> <ul class="ul" id="Encryptionkeymaterial__ul_hc3_345_jlb"> <li class="li"><strong class="ph b">RSAES_PKCS1_V1_5</strong>:<pre class="pre codeblock"><code>openssl rsautl -encrypt -in KeyMaterial.bin -pkcs -inkey PublicKey.bin -keyform DER -pubin -out EncryptedKeyMaterial.bin</code></pre></li> <li class="li"><strong class="ph b"> RSAES_OAEP_SHA_1</strong>:<pre class="pre codeblock"><code>openssl rsautl -encrypt -in KeyMaterial.bin -oaep -inkey PublicKey.bin -keyform DER -pubin -out EncryptedKeyMaterial.bin</code></pre></li> <li class="li"><strong class="ph b">RSAES_OAEP_SHA_256</strong>:<pre class="pre codeblock"><code>openssl pkeyutl -in KeyMaterial.bin -encrypt -inkey PublicKey.bin -keyform DER -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -out EncryptedKeyMaterial.bin -pubin</code></pre></li> </ul> </div> </li><li class="li step stepexpand"> <span class="ph cmd">将加密后的密钥材料进行base64编码，保存为文本文件。</span> <div class="itemgroup info"> <pre class="pre codeblock"><code>openssl enc -e -base64 -A -in EncryptedKeyMaterial.bin -out EncryptedKeyMaterial_base64.txt</code></pre> <div class="note note note_note"><span class="note__title">说明：</span> <p class="p">若用户需要使用openssl pkeyutl命令，OpenSSL需要是1.0.2及以上版本。</p> </div> </div> </li></ol></section>