我使用Open SSL进行RSA密钥对生成,并使用SHA1算法签署令牌。密钥对生成使用OpenSSL成功完成,我得到了" PEM"结果证书。
要继续签名过程,我需要DER格式的私钥。如果有人知道,请分享代码,使用openssl将PEM转换为DER证书。我尝试使用终端,它工作正常。但是,我需要采用编程方法。
以下是我生成PEM证书的代码:
-(void)generateCertificate
{
RSA *rsaKeyPair = NULL;
rsaKeyPair = RSA_new();
BIGNUM *e = BN_new();
BN_set_word(e, 65537);
//Generating KeyPair
RSA_generate_key_ex(rsaKeyPair, 1024, e, NULL);
int keylen, keylenPub;
char *pem_key, *pem_pub_key;
/* To get the C-string PEM form: */
BIO *bio = BIO_new(BIO_s_mem());
BIO *bioPubKey = BIO_new(BIO_s_mem());
//Writing RSA Private and Public Keys
PEM_write_bio_RSAPrivateKey(bio, rsaKeyPair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(bioPubKey, rsaKeyPair);
keylen = BIO_pending(bio);
pem_key = calloc(keylen+1, 1); /* Null-terminate */
BIO_read(bio, pem_key, keylen);
//Reading RSA Public Key Bio
keylenPub = BIO_pending(bioPubKey);
pem_pub_key = calloc(keylenPub+1, 1); /* Null-terminate */
BIO_read(bioPubKey, pem_pub_key, keylenPub);
NSString *strData = [NSString stringWithUTF8String:pem_key];
[strData writeToFile:[self privateKeyPath] atomically:YES encoding:NSUTF8StringEncoding error:nil];
NSString *strPubData = [NSString stringWithUTF8String:pem_pub_key];
[strPubData writeToFile:[self publicKeyPath] atomically:YES encoding:NSUTF8StringEncoding error:nil];
BIO_free_all(bio);
RSA_free(rsaKeyPair);
}
并且:
// Documents directory path
-(NSString *)privateKeyPath
{
NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
return [documentsFolder stringByAppendingPathComponent:@"rsaprivkey.pem"];
}
和
-(NSString *)publicKeyPath
{
NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
return [documentsFolder stringByAppendingPathComponent:@"rsapubkey.pem"];
}
和
-(NSString *)derPrivateKeyPath
{
NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
return [documentsFolder stringByAppendingPathComponent:@"rsaprivateKey.der"];
}
和
#pragma mark - Signing section
-(NSData *)generateSignatureWithdataToSign :(NSData*)signableData
{
BIO *in = BIO_new_file([[self derPrivateKeyPath] cStringUsingEncoding:NSUTF8StringEncoding], "rb");
PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in,NULL);
EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
NSLog(@"%i", p8inf->broken);
PKCS8_PRIV_KEY_INFO_free(p8inf);
BIO_free(in);
uint8_t * cipherBuffer = NULL;
// Calculate the buffer sizes.
unsigned int cipherBufferSize = RSA_size(pkey->pkey.rsa);
unsigned int signatureLength;
// Allocate some buffer space. I don't trust calloc.
cipherBuffer = malloc(cipherBufferSize);
memset((void *)cipherBuffer, 0x0, cipherBufferSize);
unsigned char *openSSLHash = SHA1(signableData.bytes, signableData.length, NULL);
int success = RSA_sign(NID_sha1, openSSLHash, 20, cipherBuffer, &signatureLength, pkey->pkey.rsa); //pkey->pkey.rsa
if (success) NSLog(@"WIN");
NSData *signatureData = [NSData dataWithBytes:(const void*)cipherBuffer length:signatureLength];
EVP_PKEY_free(pkey);
return signatureData;
}
注意:我想从" rsaprivkey.pem"获得DER证书。并将该DER写入" rsaprivateKey.der" ..之后,我需要使用" rsaprivateKey.der"来实现上面编码的签名过程。证书......
答案 0 :(得分:2)
最后,我找到了我的问题的答案。以下代码可以帮助所有人都遇到类似问题的其他人....
-(void)generateCertificate
{
const int kBits = 1024;
const int kExp = 65537;
int keylen, keylenPub;
char *pem_key, *pem_key_pub;
RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0);
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
bioPriv = BIO_new(BIO_s_mem());
//PKCS8 Encoded private Key
i2d_PKCS8PrivateKey_bio(bioPriv, pkey, NULL, NULL, 0, NULL, NULL);
keylen = BIO_pending(bioPriv);
pem_key = calloc(keylen+1, 1);
BIO_read(bioPriv, pem_key, keylen);
printf("%s", pem_key);
NSData *data = [NSData dataWithBytes:pem_key length:keylen];
[data writeToFile:[self privateKeyPathDER] atomically:YES];
//Public Key encryption and Saving
bioPub = BIO_new(BIO_s_mem());
i2d_RSA_PUBKEY_bio(bioPub, rsa);
keylenPub = BIO_pending(bioPub);
pem_key_pub = calloc(keylenPub+1, 1);
BIO_read(bioPub, pem_key_pub, keylenPub);
printf("%s", pem_key_pub);
NSData *dataPub = [NSData dataWithBytes:pem_key_pub length:keylenPub];
[dataPub writeToFile:[self publicKeyPathDER] atomically:YES];
RSA_free(rsa);
}
#pragma mark - Signing section
-(NSData *)generateSignatureWithdataToSign :(NSData*)signableData
{
//BIO *in = BIO_new_file([[self privateKeyPathDER] cStringUsingEncoding:NSUTF8StringEncoding], "rb");
PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(bioPriv,NULL);
EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
NSLog(@"%i", p8inf->broken);
PKCS8_PRIV_KEY_INFO_free(p8inf);
BIO_free(bioPriv);
uint8_t * cipherBuffer = NULL;
// Calculate the buffer sizes.
unsigned int cipherBufferSize = RSA_size(pkey->pkey.rsa);
unsigned int signatureLength;
// Allocate some buffer space. I don't trust calloc.
cipherBuffer = malloc(cipherBufferSize);
memset((void *)cipherBuffer, 0x0, cipherBufferSize);
unsigned char *openSSLHash = SHA1(signableData.bytes, signableData.length, NULL);
int success = RSA_sign(NID_sha1, openSSLHash, 20, cipherBuffer, &signatureLength, pkey->pkey.rsa); //pkey->pkey.rsa
if (success) NSLog(@"WIN");
NSData *signatureData = [NSData dataWithBytes:(const void*)cipherBuffer length:signatureLength];
EVP_PKEY_free(pkey);
return signatureData;
}
-(NSString *)privateKeyPathDER
{
NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
return [documentsFolder stringByAppendingPathComponent:@"rsaprivkey.der"];
}
-(NSString *)publicKeyPathDER
{
NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
return [documentsFolder stringByAppendingPathComponent:@"rsapubkey.der"];
}