SecKeychainItemExport获取私钥数据,但转换为OpenSSL EVP_PKEY错误

时间:2012-02-14 05:54:14

标签: openssl keychain

我使用SecKeychainItemExport来获取公钥和私钥的原始数据。代码:

CFDataRef key_data = NULL;
ret = SecKeychainItemExport(key_ref, kSecFormatBSAFE, 0, NULL, &key_data);

并且公钥转换正常:

 d2i_RSA_PUBKEY_bio(public_key_bio, &rsa1_ptr);
 EVP_PKEY_set1_RSA(evp_public_key_ptr, rsa1_ptr);

但是私钥的转换失败了:

 d2i_RSA_PrivateKey_bio(private_key_bio, &rsa2_ptr);

ERR_print_errors_fp(stdout)转储错误:

16586:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1315:
16586:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:827:
16586:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:747:Field=n, Type=RSA
16586:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:99:

我使用openssl asn1parse,打印出privatekey.der文件的信息:

OpenSSL> asn1parse -inform DER -in privatekey.der
    0:d=0  hl=4 l= 630 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  13 cons: SEQUENCE          
    9:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim: NULL              
   22:d=1  hl=4 l= 608 prim: OCTET STRING      [HEX DUMP]:3082025C02010002818100A75F05604B1E303CC8174081D8BF2BD96826E1224327464EE274E07568F8D226A5FE03DBBE6830BB1FB7B48F0DAFF3B9E4A9DDD14783CCA11310B0FBE5CFC5A71C5DD9725A5340EA0A8347346B3B2D5E5041EA69E18179242A26F2238F2922DE3C0D7627710C923F954448D6E886A077CC0BE653387ADDA6D28E1EA4C6336C6902030100010281804681A8EA1FBADFE73B0350916295660B77ECA8FA9DFF7586D5AF16BF5F3132964566F48925750ED245524625DD463A0E1D5DD1ABCFCC9DEF5CF0B31DEA79D4711AF6A2466DD3594F214C7B7075580728F027040C0840B464FD2141F907D4837C23AFBDE9408AA53F6949B0F8FC98477FB224136D8917915297D3C348BC63AD61024100D41418FA9B2B8851D70ED3FCBFC6DAE08EBE78E7E89109D65D72BA7CDF61557BE1409E39C2999890878EB7CAA88D22E140FE442761D7E31AB0A9561F8366E3D3024100CA08A56B35883D353805484B780ACB65E039980DC3B50BEC16ADD89A8111A7FD9FC0BCB1D4D6C511F370559A8D68808E383B5A0D4ED65D304900A58A15F3D553024100CA891701DE46C8BD3FE10D5A87DBE51427BE87C1123DD163438359CDFF96F90881AA3071810326CC80692FE4FEEB2AB06C5D67C1249404736CDB8B40354181B902402F6FF04747FE8140A9B2B3D2E490C4495B68AA8730D8A5BFFD633C64AAC1968C3AA26AABE6A9B7040C00E858ADB347DC1CDFF2B90535D813AA50788DFFB18CF9024051651FEA85A8DC1BCE7B4774A38989ACAF118E26CD25CC7098A887E982DF112439B4A896EDF948E2E886BF7642198F87D792D2D3692B2005EE72D4BB0CB73786

并且openssl生成的密钥解析信息为:

OpenSSL> asn1parse -inform DER -in openssl.privatekey.der
    0:d=0  hl=4 l= 604 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=3 l= 129 prim: INTEGER           :BFEC6EF278EAA85FFAB7641348A3BB2B448D88DAA83D91375F95C5C3DFAFDCA13C771A4C86A5A56718FCB1A3F5EDF28CCD0193809C43F5D95E7F944E95A50BF1F31FD01E969C82E21ED20BD4DD9AA683A3E09F7AF2E6C501BD7A448AA21E0245C9E02F925AEF073D39481AAAD1440DD024ED6ADC57303AC3BD26003C51747E23
  139:d=1  hl=2 l=   1 prim: INTEGER           :03
  142:d=1  hl=3 l= 128 prim: INTEGER           :7FF2F4A1A5F1C59551CF980CDB17D21CD85E5B3C70290B7A3FB92E82951FE86B7DA4BC33046E6E44BB532117F9494C5DDE010D00682D4E90E9AA62DF0E6E07F579E5B2F78EEC1B6A8EB6EECD498131976261571707CDEDE4AAAB69B98356F4F39A274A3D0ED6B8DB374296D7895E6B144AB63AA6A467A13787A2F24F08D866DB
  273:d=1  hl=2 l=  65 prim: INTEGER           :ECBF357666549510226D953FAFBE0E8CCDC88D0C73644FA8C9D8B7F0DCB9FD092BD7EFD707839BFC497935874882154F7890310474F71A938C316FB4EF2A84DD
  340:d=1  hl=2 l=  65 prim: INTEGER           :CF880E34D9E5C4B2265210613F9ACD93C2860FCBF3CD9081F3A06E03806195CF36CD505FBD2955F81CEB02E03AB457E23C4BE1DDEB9DAE5CE5802510D5055EFF
  407:d=1  hl=2 l=  65 prim: INTEGER           :9DD4CE4EEEE30E0AC19E637FCA7EB45DDE85B35DA242DFC5DBE5CFF5E87BFE061D3A9FE4AFAD12A830FB7904DB01638A506020ADA34F670D0820F5234A1C5893
  474:d=1  hl=2 l=  65 prim: INTEGER           :8A5AB4233BEE83216EE16040D511DE6281AEB532A2890B014D159EAD00410E8A2488E03FD370E3FABDF201EAD1CD8FEC28329693F2691EE8990018B5E358E9FF
  541:d=1  hl=2 l=  65 prim: INTEGER           :EA03B3BC171D1642CA7AA4D34226CE23CE079410341393FFFEF550B31E3D9D686BDA99ABC72478FBA0D3D36C91EA3E970B9DA95A1F91519F197F71A06208549A

我更改了SecKeychainItemExport的参数(格式),但没有任何影响。 是SecKeychainItemExport的用法吗? 如何将私钥转换为EVP_PKEY?

1 个答案:

答案 0 :(得分:0)

我偶然发现了同样的问题。

我必须先查看PEM_write_bio_PrivateKey的源代码,然后才能找到以我们想要的方式编写私有密钥的代码:

  

i2d_PKCS8PrivateKey_bio(private_key_bio,evp_private_key_ptr,NULL,   NULL,0,NULL,NULL);

在你的情况下,你只需要像我一样使用d2i而不是i2d:

  

d2i_PKCS8PrivateKey_bio(private_key_bio,& evp_private_key_ptr,NULL,NULL);