我的内存中有一个证书,看起来像:
MIICnDCCAkKgAwIBAgINAewcjX0ynuzHzwJwazAKBggqhkjOPQQDAjBTMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRklETyBBbGxpYW5jZTEdMBsGA1UECxMUTWV0YWRhdGEgVE9DIFNpZ25pbmcxDTALBgNVBAMTBENBLTEwHhcNMTgwNDE4MDAwMDAwWhcNMjEwNDE4MDAwMDAwWjBkMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRklETyBBbGxpYW5jZTEdMBsGA1UECxMUTWV0YWRhdGEgVE9DIFNpZ25pbmcxHjAcBgNVBAMTFU1ldGFkYXRhIFRPQyBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIpf6ndbaPUZXiVDCfsdc2PiWH17bABron20EhCFtBOSoy81kacfE6fvJNnc2lg7lkZWCv9cLrqqWLsFYDyOBN + jgekwgeYwDgYDVR0PAQH / BAQDAgbAMAwGA1UdEwEB / wQCMAAwHQYDVR0OBBYEFFyQ0X7PPEy4u + b6pGMt4lB / QPDLMB8GA1UdIwQYMBaAFGkRXi1pZIWdlrjW / 1zNvzx1z0wYMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9tZHMuZmlkb2FsbGlhbmNlLm9yZy9DQS0xLmNybDBPBgNVHSAESDBGMEQGCysGAQQBguUcAQMBMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vbWRzLmZpZG9hbGxpYW5jZS5vcmcvcmVwb3NpdG9yeTAKBggqhkjOPQQDAgNIADBFAiEAlG26qOOLu3pkyCThAExxJpL6l / V / UYQy + GDcQ2Mtcq0CIGRYGaFVm8Enga8a9Le3CiLp + tc2N3OcGmPBOUy7pI6t
它看起来像是pem格式,所以我要添加开始和结束证书以创建有效的证书:
----- BEGIN CERTIFICATE ----- MIICnDCCAkKgAwIBAgINAewcjX0ynuzHzwJwazAKBggqhkjOPQQDAjBTMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRklETyBBbGxpYW5jZTEdMBsGA1UECxMUTWV0YWRhdGEgVE9DIFNpZ25pbmcxDTALBgNVBAMTBENBLTEwHhcNMTgwNDE4MDAwMDAwWhcNMjEwNDE4MDAwMDAwWjBkMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRklETyBBbGxpYW5jZTEdMBsGA1UECxMUTWV0YWRhdGEgVE9DIFNpZ25pbmcxHjAcBgNVBAMTFU1ldGFkYXRhIFRPQyBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIpf6ndbaPUZXiVDCfsdc2PiWH17bABron20EhCFtBOSoy81kacfE6fvJNnc2lg7lkZWCv9cLrqqWLsFYDyOBN + jgekwgeYwDgYDVR0PAQH / BAQDAgbAMAwGA1UdEwEB / wQCMAAwHQYDVR0OBBYEFFyQ0X7PPEy4u + b6pGMt4lB / QPDLMB8GA1UdIwQYMBaAFGkRXi1pZIWdlrjW / 1zNvzx1z0wYMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9tZHMuZmlkb2FsbGlhbmNlLm9yZy9DQS0xLmNybDBPBgNVHSAESDBGMEQGCysGAQQBguUcAQMBMDUwMwYIKwYBBQUHAgEWJ2h0dHBzOi8vbWRzLmZpZG9hbGxpYW5jZS5vcmcvcmVwb3NpdG9yeTAKBggqhkjOPQQDAgNIADBFAiEAlG26qOOLu3pkyCThAExxJpL6l / V / UYQy + GDcQ2Mtcq0CIGRYGaFVm8Enga8a9Le3CiLp + tc2N3OcGmPBOUy7pI6t -----结束证书-----
然后通过以下方式加载它:
certbio = BIO_new_mem_buf(certificate, strlen(certificate));
cert = PEM_read_bio_X509(certbio, NULL, 0, NULL);
我可以通过调用X509_verify_cert使用根证书来验证证书,这似乎还可以。
我通过以下方式获取公钥:
pkey = X509_get_pubkey(cert);
ec = EVP_PKEY_get0_EC_KEY(pkey);
现在,我还有一个要验证的签名。我获取数据,并使用sha256计算摘要,然后调用:
ECDSA_verify(0, hash_val, digest_length, sig, siglen, ec)
其中digest_length为32,siglen为64。我遇到以下错误:
0:错误:0D0680A8:asn1编码例程:asn1_check_tlen:错误 标签:.... \ openssl-1.1.0f \ crypto \ asn1 \ tasn_dec.c:1112: 0:错误:0D07803A:asn1编码例程:asn1_item_embed_d2i:嵌套 1号 错误:.... \ openssl-1.1.0f \ crypto \ asn1 \ tasn_dec.c:274:Type = ECDSA_SIG
有人可以帮忙吗?