使用OpenSSL创建CSR而无需签名

时间:2017-02-28 15:27:37

标签: c++ openssl sign csr

我正在使用OpenScript在C ++上工作,并在我的CSR生成中遇到麻烦。我想要做的是在不使用私钥的情况下创建CSR。我想把我的详细信息,当然还有公钥,但由于安全管理,我不能调用sign功能。 相反,我想收集所有“应该签名的数据”并将其传输到另一个在安全区域创建签名的应用程序。当我的应用程序收到签名时,我想手动设置X509_REQ结构中的值,并将CSR写入PEM格式。

我的问题是,如何获取“数据签名”?我知道CSR是Asn1解码的,您知道将asn1数据作为字符串或其他东西获取的任何函数吗?

这是我的测试编程:

std::string subjectCN = "Test123";
std::string subjectL = "Test456";
std::string subjectSN = "1234";
std::string szProvinceStr = "test";
std::string szOrganization = "My Organization";
std::string szCountry = "DE";
int         nVersion = 1;
EVP_PKEY        *test = NULL;

//RSA just for test validation
std::string mKey = "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCDT4ntP3Fqj73RQW32B6hCDHMG64GtxeQDZ5BcQnQSRB3S/EwM\ngpZwuGYwTb7E65pdAAQ0e5na2d7yIGZX4MoDRGaDbYgdxr49J430cVLRU1r9EW+O\nqZQERyGYefxWOqBaNZL2PBclS/qf+AxRh1WnD8aY5V5zNItgVV4Bv9w4YQIDAQAB\nAoGAMd6xaXNg5bG1y5Vn57q8wmjr/sLOu2qe0FQy1Xc/kfhgw1Kip1WpQSInXU0J\nmMxKEewBrNUMd7urGpYHiHSNA+QXiIp3qxGy7PrmZrPSrJImPxAE02YaUGDoh+6o\nZJc7xXCw2bwX8Fth8Duj2KNcIDuWuieybfzwTYKKJG3J04ECQQDxSa4gq/0SiiZ2\nc8YTn9wCTwqezmdI8SWsWXRnpXt1BhejokvLFbqpfQZ6m9LLYvpUsihZ2QkBXUl/\n1/uNu+aJAkEAi1Ey/7fjJJSJalNUgF3lKQdTqUlYI/9O9/98zPOcDmXcKlLNpf+f\nTV3nhK3vsewYqsx3Tu9bMKBVTE0dv+/NGQJAHfYyQyhYMpcpE4hozkMJhNffz7x9\notcfAHnTNJOd8vggs1cR5lP6a9V0moEC+fJ+d0nwLMgAkETPParKN91fUQJAEWMB\n3V4ir+cFu0pJCngtaFBsxXzMzjlHrrWo6p8gg798mZ+Z4LSlOe+VPD7E4kyXy4EX\nBrfihpAL9SjOpKyVyQJBAPD3E4Z7THZCQI/2u4eRXz3qbJAmPYLPTn/AxuX4VssW\n1WJAxZeCFHWL6+/84zoDWwzXN0xQFzO0ZspxxQNFqCI=\n-----END RSA PRIVATE KEY-----";

BIO* bo = BIO_new( BIO_s_mem() );
BIO_write( bo, mKey.c_str(),mKey.length());

EVP_PKEY* pkey = 0;
PEM_read_bio_PrivateKey( bo, &pkey, 0, 0 );

BIO_free(bo);

RSA* rsa = EVP_PKEY_get1_RSA( pkey );

x509Req = X509_REQ_new();
ret = X509_REQ_set_version(x509Req, nVersion);

x509Name = X509_REQ_get_subject_name(x509Req);

ret = X509_NAME_add_entry_by_txt(x509Name,"C", MBSTRING_ASC, (const unsigned char*)szCountry.c_str(), -1, -1, 0);
ret = X509_NAME_add_entry_by_txt(x509Name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince.c_str(), -1, -1, 0);
ret = X509_NAME_add_entry_by_txt(x509Name,"L", MBSTRING_ASC, (const unsigned char*)subjectL.c_str(), -1, -1, 0);
ret = X509_NAME_add_entry_by_txt(x509Name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization.c_str(), -1, -1, 0);
ret = X509_NAME_add_entry_by_txt(x509Name,"CN", MBSTRING_ASC, (const unsigned char*)subjectCN.c_str(), -1, -1, 0);

test = EVP_PKEY_new();
EVP_PKEY_assign_RSA(test, rsa);
ret = X509_REQ_set_pubkey(x509Req, test);

PEM_write_bio_X509_REQ(basicInputOutput, x509Req);
BIO_get_mem_ptr(basicInputOutput, &pointerToBuffer);

std::string csrTemp = std::string(pointerToBuffer->data, pointerToBuffer->length);

//now i need all the data to create the signature
//i cant't call 
//ret = X509_REQ_sign(x509Req, test, EVP_sha256());

0 个答案:

没有答案