生成openssl密钥对osx openssl

时间:2014-01-27 05:00:33

标签: xcode macos openssl

我有以下工作终端命令,我正在尝试将其转换为xcode / obj c:

openssl genrsa -out privatekey.pem 1024

openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825

我已经针对openssl编译了我的项目,以下代码生成了一些密钥对:

RSA *keypair = RSA_generate_key(1024, 3, NULL, NULL);
BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());

PEM_write_bio_RSAPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(pub, keypair);

size_t pri_len = BIO_pending(pri);
size_t pub_len = BIO_pending(pub);

char *pri_key = malloc(pri_len + 1);
char *pub_key = malloc(pub_len + 1);

BIO_read(pri, pri_key, (int) pri_len);
BIO_read(pub, pub_key, (int) pub_len);

pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';

printf("\n%s\n%s\n", pri_key, pub_key);

问题是它们格式错误。我怀疑它的x509参数。任何帮助将不胜感激。

-------- UPDATE ---------------

我现在已经根据Nathan Osman的精彩帖子开始工作了:https://stackoverflow.com/a/15082282/313272

这是我的完整代码:

EVP_PKEY * pkey;
pkey = EVP_PKEY_new();

RSA * rsa;
rsa = RSA_generate_key(
                       1024,
                       RSA_F4, /* exponent - RSA_F4 is defined as 0x10001L */
                       NULL,   /* callback - can be NULL if we aren't displaying progress */
                       NULL    /* callback argument - not needed in this case */
                       );
EVP_PKEY_assign_RSA(pkey, rsa);

X509 * x509;
x509 = X509_new();

ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);

X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), 157680000L); //31536000L = 360 days, xero recommend 1825 days

X509_set_pubkey(x509, pkey);

X509_NAME * name;
name = X509_get_subject_name(x509);

X509_NAME_add_entry_by_txt(name, "C",  MBSTRING_ASC,
                           (unsigned char *)"AU", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O",  MBSTRING_ASC,
                           (unsigned char *)"MyCompany Inc.", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
                           (unsigned char *)"localhost", -1, -1, 0);

X509_set_issuer_name(x509, name);

X509_sign(x509, pkey, EVP_sha1());

FILE * f;
f = fopen("privatekey.pem", "wb");
PEM_write_PrivateKey(
                     f,                  /* write the key to the file we've opened */
                     pkey,               /* our key from earlier */
                     NULL, /* default cipher for encrypting the key on disk */
                     NULL,       /* passphrase required for decrypting the key on disk */
                     10,                 /* length of the passphrase string */
                     NULL,               /* callback for requesting a password */
                     NULL                /* data to pass to the callback */
                     );
fclose(f);

f = fopen("publickey.cer", "wb");
PEM_write_X509(
               f,   /* write the certificate to the file we've opened */
               x509 /* our certificate */
               );
fclose(f);

1 个答案:

答案 0 :(得分:0)

您需要更改第一个变体:     RSA * keypair = RSA_generate_key(1024,3,NULL,NULL);

到 - > 

RSA * keypair = RSA_generate_key(1024, RSA_F4, NULL, NULL);

这是以这种格式提供您的酒吧密钥:

'-----开始RSA公钥----- MIGJAoGBAOg0U9Do / + 11jhmYFO9jdvPqOYcE0CDOfYDXbY + 2u0 / RTOb3jXL5mF19 E4SPsqHvrDGtRGOh8X8Sind1SWjfaeiFH0ooFa + 67FR4iOa0KQXq / PRpAIRRmi / 3 iODshjwqTlcIqpymNEouddDJ82GUacReglCC1ObPAZLIyvhJ9wFJAgMBAAE = ----- END RSA PUBLIC KEY -----'

相关问题
最新问题