我正在使用openssl 1.0.1e并尝试生成CSR。在这种情况下,我们生成自己的密钥对并将独立签名,因此我不能让openssl生成密钥对然后为我签名。这都在嵌入式设备中,因此调用x509_req。 我有想要在CSR中设置的公钥。私钥不会嵌入CSR中。在这个阶段我没有调用代码来签署这个CSR,我一直在生成CSR,然后转储到一个文件,用openssl req命令解析,以测试我是否正确。
我使用new设置x509_req结构,通过X509_NAME_add_entry_by_txt填充主题,然后使用X509_REQ_set_subject_name。 问题是当我尝试设置公钥时。我知道我需要使用X509_REQ_set_pubkey,它接受req指针和evp键指针,但我遇到的问题是找到要为Evp键设置的项目。
从我发现我需要创建一个ec键,设置组,指向然后最终调用EVP_PKEY_assign_EC_KEY。 下面是我的调用堆栈。使用这个,我在CSR中获得了很多额外的信息,这些信息在调用堆栈下面是不需要的。我认为“额外”数据实际上是不正确的,我不需要它作为CSR的一部分。有没有办法可以切断这些额外的数据? (请记住在代码中没有命令行交互)。我想知道我是否做了过于复杂的事情,密钥对是ECC SHA384,公钥是96字节。
感谢您对此提供任何帮助!
调用堆栈以填充evp键(删除if和其他检查......但它在那里)
* ec_key_ptr_ptr = EC_KEY_new()
ec_group_ptr = EC_GROUP_new_by_curve_name(NID_secp384r1)
ec_point_ptr = EC_POINT_new(ec_group_ptr)
EC_KEY_set_group(* ec_key_ptr_ptr,ec_group_ptr)
EC_POINT_oct2point(ec_group_ptr, ec_point_ptr, public_key_ptr,/ 这是我要设置的公钥 / public_key_len, NULL)
EC_KEY_set_public_key(* ec_key_ptr_ptr,ec_point_ptr)
* evp_key_ptr_ptr = EVP_PKEY_new()
EVP_PKEY_assign_EC_KEY(* evp_key_ptr_ptr,* ec_key_ptr_ptr)
* CSR中我不需要/需要的额外项目 *
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:ff
A:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:fc
B:
00:b3:31:2f:a7:e2:3e:e7:e4:98:8e:05:6b:e3:f8:
2d:19:18:1d:9c:6e:fe:81:41:12:03:14:08:8f:50:
13:87:5a:c6:56:39:8d:8a:2e:d1:9d:2a:85:c8:ed:
d3:ec:2a:ef
Generator (uncompressed):
04:aa:87:ca:22:be:8b:05:37:8e:b1:c7:1e:f3:20:
ad:74:6e:1d:3b:62:8b:a7:9b:98:59:f7:41:e0:82:
54:2a:38:55:02:f2:5d:bf:55:29:6c:3a:54:5e:38:
72:76:0a:b7:36:17:de:4a:96:26:2c:6f:5d:9e:98:
bf:92:92:dc:29:f8:f4:1d:bd:28:9a:14:7c:e9:da:
31:13:b5:f0:b8:c0:0a:60:b1:ce:1d:7e:81:9d:7a:
43:1d:7c:90:ea:0e:5f
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:c7:63:4d:81:f4:
37:2d:df:58:1a:0d:b2:48:b0:a7:7a:ec:ec:19:6a:
cc:c5:29:73
Cofactor: 1 (0x1)
Seed:
a3:35:92:6a:a3:19:a2:7a:1d:00:89:6a:67:73:a4:
82:7a:cd:ac:73