Extract public key ASN.1 encode from X.509 certificate with OpenSSL

最新推荐文章于 2024-09-25 13:10:48 发布
最新推荐文章于 2024-09-25 13:10:48 发布
阅读量1.2k 收藏 1
点赞数
分类专栏: OpenSSL 文章标签: OpenSSL
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/henter/article/details/82835808
版权

    X509_get0_pubkey_bitstr( ) function is declared in x509.h of OpenSSL source code set. Let's have a look at it:
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
    When the public key ASN.1 encode is needed to be extracted from X.509 certificate, this function can be used. Example programs are given in several files as follows:

1) extract_pub_key.h:

/**************************************************
* File name: extract_pub_key.h
* Author: HAN Wei
* Author's blog: http://blog.csdn.net/henter/
* Date: Sept 25th, 2018
* Description: declare functions of extracting public
  key encode from X.509 certificate
**************************************************/

#ifndef HEADER_EXTRACT_PUBLIC_KEY_ENCODE_FROM_X509_CERTIFICATE_H
  #define HEADER_EXTRACT_PUBLIC_KEY_ENCODE_FROM_X509_CERTIFICATE_H
 
#ifdef  __cplusplus
  extern "C" {
#endif

/**************************************************
* Name: ExtractPubKeyEncodeFromCert
* Function: extract public key ASN.1 encode from X.509 certificate
* Parameters:
    cert[in]                       certificate in the form of X.509 DER 
	                           encode
    cert_len[in]                   certificate byte length
    pub_key_encode[out]            ASN.1 encode of public key
    pub_key_encode_len[in, out]    ASN.1 encode byte length of public key
* Return value:
    0:                  function executes successfully
    any other value:    an error occurs
* Notes:
1. When the value of pub_key_encode is NULL, this function only
   calculates the byte length of public key ASN.1 encode, and assigns
   the length to the integer that parameter pub_key_encode points to.
   It does not extract public key encode from certificate.
2. When the value of pub_key_encode is not NULL, this function 
   extracts public key encode from certificate, and the byte 
   length of public key encode is assigned to the integer that 
   the parameter pub_key_encode points to.
**************************************************/
int ExtractPubKeyEncodeFromCert(unsigned char *cert,
	                        const int cert_len,
				unsigned char *pub_key_encode,
				int *pub_key_encode_len);

/**************************************************
* Name: ExtractPubKeyEncodeFromCertFile
* Function: extract public key ASN.1 encode from X.509 certificate file
* Parameters:
    cert_file[in]                  certificate file name. The file is in 
	                           the form of X.509 DER encode, and file 
				   path can be included
    pub_key_encode[out]            ASN.1 encode of public key
    pub_key_encode_len[in, out]    ASN.1 encode byte length of public key
* Return value:
    0:                  function executes successfully
    any other value:    an error occurs
* Notes:
1. When the value of pub_key_encode is NULL, this function only
   calculates the byte length of public key ASN.1 encode, and assigns
   the length to the integer that parameter pub_key_encode points to.
   It does not extract public key encode from certificate.
2. When the value of pub_key_encode is not NULL, this function 
   extracts public key encode from certificate, and the byte 
   length of public key encode is assigned to the integer that 
   the parameter pub_key_encode points to.
**************************************************/
int ExtractPubKeyEncodeFromCertFile(char *cert_file,
                                    unsigned char *pub_key_encode,
				    int *pub_key_encode_len);

#ifdef  __cplusplus
  }
#endif
 
#endif  /* end of HEADER_EXTRACT_PUBLIC_KEY_ENCODE_FROM_X509_CERTIFICATE_H */

2) extract_pub_key.c:

/**************************************************
* File name: extract_pub_key.c
* Author: HAN Wei
* Author's blog: http://blog.csdn.net/henter/
* Date: Sept 25th, 2018
* Description: implement functions of extracting public
  key encode from X.509 certificate
**************************************************/

#include <openssl/x509.h>
#include "extract_pub_key.h"
#include "c_file_operation.h"

/*************************************************************/
int ExtractPubKeyEncodeFromCert(unsigned char *cert,
	                        const int cert_len,
				unsigned char *pub_key_encode,
				int *pub_key_encode_len)
{
	X509 *certificate = NULL;
	const unsigned char *p = cert;
	unsigned char *q = pub_key_encode;
	ASN1_BIT_STRING *pub_key_bit_str;
	int encode_len;

	if ( !(d2i_X509(&certificate, &p, cert_len)) )
	{
#ifdef _DEBUG
		printf("X509 certificate decode failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
		return (-1);
	}
	if ( !(pub_key_bit_str = X509_get0_pubkey_bitstr(certificate)) )
	{
#ifdef _DEBUG
		printf("Get public key from X.509 certificate decode failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
		X509_free(certificate);
		return (-1);
	}
	
	encode_len = i2d_ASN1_BIT_STRING(pub_key_bit_str, NULL);
	if (encode_len <= 0)
	{
#ifdef _DEBUG
		printf("Calculate public key ASN.1 encode length failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
        X509_free(certificate);
		return (-1);
	}
	
	if (pub_key_encode)
	{
		if (*pub_key_encode_len < encode_len)
		{
#ifdef _DEBUG
			printf("Error! Buffer length is not enough at %s, line %d!\n", __FILE__, __LINE__);
#endif
			X509_free(certificate);
			return (-1);
		}
		if ( (i2d_ASN1_BIT_STRING(pub_key_bit_str, &q)) <= 0 )
		{
#ifdef _DEBUG
            printf("Encode public key failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
            X509_free(certificate);
			return (-1);
		}
	}

	*pub_key_encode_len = encode_len;
	X509_free(certificate);
	return 0;
}

/*************************************************************/
int ExtractPubKeyEncodeFromCertFile(char *cert_file,
                                    unsigned char *pub_key_encode,
                                    int *pub_key_encode_len)
{
	int error_code;
	long long file_length;
	int file_len;
	char *buffer;

	if ( error_code = GetFileLength(cert_file, &file_length) )
	{
#ifdef _DEBUG
		printf("Get certificate file length failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
		return error_code;
	}
	file_len = (int)file_length;

	if ( error_code = ReadFileIntoMemoryBuffer(cert_file, &buffer) )
	{
#ifdef _DEBUG
		printf("Read certificate file into memory failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
		return error_code;
	}

	if ( error_code = ExtractPubKeyEncodeFromCert((unsigned char *)buffer,
	                                              file_len,
                                                      pub_key_encode,
                                                      pub_key_encode_len) )
	{
#ifdef _DEBUG
		printf("Get public key encode from X.509 certificate file failed at %s, line %d!\n", __FILE__, __LINE__);
#endif
		FreeFileInMemoryBuffer(buffer);
		return error_code;
	}

	FreeFileInMemoryBuffer(buffer);
	return 0;
}

 

3) Two files: c_file_operation.h and c_file_operation.c . They are published in the blog 'Some simple file operation functions implemented in C' . The website is: https://blog.csdn.net/henter/article/details/77937393

4) test.c :

/**************************************************
* File name: test.c
* Author: HAN Wei
* Author's blog: http://blog.csdn.net/henter/
* Date: Sept 25th, 2018
* Description: demonstrate how to invoke functions
  of extracting public key from X.509 certificate
**************************************************/

#include <stdio.h>
#include <stdlib.h> 
#include "extract_pub_key.h"

int main(void)
{
	int error_code;
	char cert[] = {"sample_cert.cer"};
	unsigned char *pub_key_encode;
	int pub_key_encode_len, i;
	
	if (error_code = ExtractPubKeyEncodeFromCertFile(cert,
	                                                 NULL,
							 &pub_key_encode_len))
	{
		printf("Get public key ASN.1 encode length failed!\n");
		return error_code;
	}

	if ( !(pub_key_encode = (unsigned char *)(malloc)(pub_key_encode_len)) )
	{
		printf("Memory allocation failed!\n");
		return (-1);
	}

	if (error_code = ExtractPubKeyEncodeFromCertFile(cert,
	                                                 pub_key_encode,
							 &pub_key_encode_len))
	{
		printf("Extract public key ASN.1 encode failed!\n");
		free(pub_key_encode);
		return error_code;
	}

	printf("Extract public key ASN.1 encode succeeded!\n");
	printf("Public key encode length is %d bytes.\n", pub_key_encode_len);
	printf("Public key encode:\n");
	for (i = 0; i < pub_key_encode_len; i++)
	{
		printf("0x%x  ", pub_key_encode[i]);
	}
	printf("\n");

	free(pub_key_encode);
	return 0;
}

    An sample certificate file named by 'sample_cert.cer' is used here. Its internal structure can be viewed by a tool called 'Asn1View':

    When the demo program is runned, the output is:

ASN.1语法及其公钥的理解
卦星的专栏
04-06 5401
ASN.1语法及其公钥的理解 1 概述 前段时间对非对称加密,学习了部分内容,但是于密钥的存储部分,一直有个难以理解部分,就是在IE等浏览器中导出的证书,应该如何去理解。 其中http://www.ruanyifeng.com/blog/2013/06/rsa_algorithm_part_one.html http://www.ruanyifeng.com/blog/2013/07/rs
Get RSA public key ASN.1 encode from a certificate in DER format
henter的专栏
09-10 2822
RSA public key ASN.1 encode is defined in PKCS#1 as follows: RSAPublicKey :: = SEQUENCE { modulus INTEGER, -- n publicExponent INTEGER -- e } In a DER encoded certificate the SEQU...
error reading X.509 key or certificate file
最新发布
小牧在一直在学习,在前进的道路上大家一起学习,进步。
09-25 156
你的cert 错误了,查看生成key的命令,是否存在错误,重新生成一个key。git push 提交代码时候出现这个错误。或者就是key 没有权限方法,打开下权限,这个错误 说明你的gitlab 配置的是。
基于ASN.1的RSA算法公私钥存储格式解读
辛勤搬砖的门卫的专栏
05-16 1630
RSA算法公私钥保存成PEM或DER文件规范解读
从证书中提取公钥并加密数据
wangbadan121的专栏
07-25 378
假设我们有一个AI大模型,我们需要使用公钥加密数据进行通信。例如,一个AI模型在处理敏感信息时,我们可以使用公钥对数据进行加密,然后发送给服务器。服务器收到后,可以使用私钥解密得到原始数据。首先,我们需要导入所需的库:PyCryptoDome, M2Crypto。4. AI大模型应用场景。1. 从证书中提取公钥。2. 使用公钥加密数据。# 假设已经有了私钥。
国密接口总结
weixin_43432215的博客
11-01 799
国密接口总结
LTE-V2X_ASN.1.zip
04-27
《LTE-V2X与ASN.1在车联网通信中的应用详解》 在当今信息化飞速发展的时代,车联网(Vehicle-to-Everything,简称V2X)作为智能交通系统的关键组成部分,正日益受到关注。其中,LTE-V2X技术是实现车辆与环境之间...
snacc-1.4.1.tar.gz_asn_cap asn.1_cap 协议_linux asn.1 snacc_snacc-
07-14
ASN.1是一种国际标准(ITU-T X.680系列建议),它定义了一种高级的数据表示语言,用于编码结构化信息。ASN.1的主要目的是为各种通信协议提供一种统一的数据描述方法,使得不同系统间能够互操作。它包括数据类型、...
ITU-T X.696(2021)技术规范:关于ASN.1 OER
04-06
《ITU-T X.696(2021)技术规范:关于ASN.1 OER》是国际电信联盟(ITU-T)制定的一项标准,属于其X系列推荐标准的一部分,主要关注数据网络、开放系统通信与安全领域。这个标准详细阐述了ASN.1(Abstract Syntax ...
《国密算法》--ASN.1 文件解析,实现openssl生成的RSA公钥算法密钥文件以及ECC椭圆曲线算法(国密SM2).zip
03-06
个人实战积累的成果,基于国密算法的总结,希望可以帮到您 亲们下载我任何一个付费资源后,即可私信联系我免费下载其他相关资源哦~ 个人实战积累的成果,基于国密算法的总结,希望可以帮到您 亲们下载我任何一个...
开源工具软件 ASN.1 Editor
11-12
ASN.1(Abstract Syntax Notation One)是一种标准的表示数据语法,用于定义数据结构和通信协议的抽象语法。它在各种领域,如网络通信、分布式系统、数据库接口和加密技术中都有广泛应用。ASN.1 Editor 是一个专为...
x509_c++x509_C++解码x509证书_c++处理x509_C++_yourself2eg
05-10
基于用C++语言完成对X509证书的解析,cer格式证书
[转载]借助openssl解析ECC公钥
weixin_30646315的博客
08-13 612
void GetPubKey(const char* FilePath, char* PubKey) { unsigned char Cert[4099]; unsigned char *pTmp = NULL; FILE *fp = NULL; fp=fopen(FilePath,“rb”); if( NULL != fp) ...
通过OpenSSL解析X509证书基本项
热门推荐
密码开发者
07-08 6万+
通过OpenSSL库解析X509证书基本项,比如版本号、序列号、颁发者、使用者、有效期、公钥算法、证书用途等。
服务器的x.509证书,生成的签名X.509客户端证书无效(没有证书链到其CA)
weixin_31938727的博客
07-30 1922
public static X509Certificate2 GenerateCertificate(X509Certificate2 caCert, string certSubjectName){// Generate Certificatevar cerKp = kpgen.GenerateKeyPair();var certName = new X509Name(true,certSubj...
使用node-forge pki进行RSA加密
weixin_43260489的博客
05-09 4062
先放npm官方文档:www.npmjs.com/package/node-forge 在知道RSA加密的大致原理后,再往下看 使用例子 简单写个方法: // 引入依赖 import forge from 'node-forge'; // base64转换(一般公钥私钥生成都是经过base64转换处理) const encode64 = str => forge.util.encode64(str); // 加密的方法,入参是:待加密文本,公钥,是否需要转化为Pem格式 const encrypted
node 加密音频文件 和 解密音频文件
weixin_30627381的博客
11-01 423
fs.readFile('./downsuccess/'+name+'', {flag: 'r+', encoding: ''}, function (err, data) { console.log('读取中') if(err) { return; } let b = ne...
X.509证书的解析、验证及使用
liuxiaoxiaocsdn的博客
01-05 5万+
X.509证书的解析、验证及使用 1.概述 1.1 简介 X.509格式证书是被广泛使用的数字证书标准,是用于标志通讯各方身份信息的一系列数据。 1.2常见的X.509格式证书 .cer/.crt是用于存放证书,以二进制形式存放,不含私钥 .pem跟.crt/.cer的区别是它以Ascii来表示,可以用于存放证书或私钥。 .pfx/.p12用于存放个人证书/私钥,他通常包含保护密码,
Certificate Formats - X.509, DER and PEM
weixin_34174422的博客
01-08 307
This site Web   Certificate Formats - X.509, DER and PEM Part:   1  2  3  Certificate standard and file encodings seem to be confusing. I wrote down some notes about...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值