简体   繁体   English

通过openssl / c / c ++将RSA公钥读取为字节

[英]read RSA public key as bytes via openssl / c / c++

I'm trying to send an RSA public key of 2048 bits (256byte) to a server. 我正在尝试向服务器发送2048位(256字节)的RSA公钥。 I need to read the data as a byte stream. 我需要将数据作为字节流读取。 I don't seem to find a way. 我似乎没有找到办法。

BIO *memBio = BIO_new(BIO_s_mem());

ASN1_PCTX *asn1=ASN1_PCTX_new();//useless unless I know how to use it

BIO_set_flags(memBio, BIO_FLAGS_WRITE);
int ret=EVP_PKEY_print_private(memBio,rsaAppKeys,0, asn1 );

BUF_MEM *bptr;
BIO_get_mem_ptr(memBio, &bptr);
BIO_set_close(memBio, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */

It prints in memory the key in a DER format, with hex bytes formatted as strings, and ":" between each byte, and a header. 它在内存中以DER格式打印密钥,十六进制字节格式化为字符串,每个字节之间有“:”和标题。 I could parse it but i think there must be a better way. 我可以解析它,但我认为必须有一个更好的方法。 In the docs it's written that by using a ASN1_PCTX I can fine tune the output, but I can't find any documentation of it. 在文档中写道,通过使用ASN1_PCTX我可以微调输出,但我找不到它的任何文档。

Any idea of a simple way to get the key as raw bytes? 有没有想过将密钥作为原始字节获取的简单方法? Thanks 谢谢

Ok.. I couldn't wait so I devised a dirty hack: 好的......我等不及了,所以我设计了一个肮脏的黑客:

  • first I generate a key in PEM format 首先,我生成PEM格式的密钥
  • then parse it to extract an ASN.1 structure 然后解析它以提取ASN.1结构
  • then extract the 2048 bit key from the ASN.1 structure 然后从ASN.1结构中提取2048位密钥

THe ASN.1 parse is dirty, to say the least. 至少可以说,ASN.1解析很脏。 Suggestions welcome 建议欢迎

I've used also the excellent http://lapo.it/asn1js/ to explore the ASN.1 structure. 我还使用了优秀的http://lapo.it/asn1js/来探索ASN.1结构。 And https://shanetully.com/2012/04/simple-public-key-encryption-with-rsa-and-openssl/ to get a go at printing keys to string in base64 form. https://shanetully.com/2012/04/simple-public-key-encryption-with-rsa-and-openssl/以打印键到base64形式的字符串。

//generic method to extract data from an EVP_PKEY
//it's very UGLY. I'm ashamed especially of the ASN.1 parsing (!!)
-(NSData *)getPublicKeyBytes:(EVP_PKEY *)rsaKey{
    ///try to write bytes
    BIO *pub = BIO_new(BIO_s_mem());

    //write pub key as this format:
    //-----BEGIN RSA PUBLIC KEY-----
    //-----END RSA PUBLIC KEY-----
    PEM_write_bio_RSAPublicKey(pub, rsaKey->pkey.rsa);

    size_t pub_len = BIO_pending(pub);

    char *pub_key = malloc(pub_len + 1);

    BIO_read(pub, pub_key, pub_len);
    //zero terminated string
    pub_key[pub_len] = '\0';

    //transform to nsstring
    NSString *plainKey=[[NSString alloc]initWithCString:pub_key encoding:NSASCIIStringEncoding];
    //search for header
    NSRange range=[plainKey rangeOfString:@"-----BEGIN RSA PUBLIC KEY-----"];
        DLog(@"Error, RSA pub key in wrong format: %@",plainKey);
        return nil;
    //strip header
    plainKey=[plainKey substringFromIndex:range.location+range.length];

    //search footer
    range=[plainKey rangeOfString:@"-----END RSA PUBLIC KEY-----"];
        DLog(@"Error, RSA pub key in wrong format: %@",plainKey);
        return nil;

    //strip footer
    plainKey=[plainKey substringToIndex:range.location];

    //now remove \n
    plainKey=[plainKey stringByReplacingOccurrencesOfString:@"\n" withString:@""];
    plainKey=[plainKey stringByReplacingOccurrencesOfString:@"\r" withString:@""];
    //DLog(@"Plain key stripped %@",plainKey);

    //now read as byte
    NSData *rsaBytes=[NSData dataWithBase64EncodedString:plainKey];
    //DLog(@"Data is %d len %@",rsaBytes.length,rsaBytes);
    //unfortunately data is in a ASN1 rame;;
    //it's a sequence of 2 element, integer and exponent (65537).
    //the key starts from byte 9, or 10.. (byte 9 is a zero).
    NSData *pubKeyBytes=[rsaBytes subdataWithRange:NSMakeRange(9, 256)];
    DLog(@"pubKeyBytes is %d len %@",pubKeyBytes.length,pubKeyBytes);

    return pubKeyBytes;

Create RSA public key from der encoded byte stream using, d2i_RSA_PUBKEY() 使用, d2i_RSA_PUBKEY()从编码的字节流创建RSA公钥

then use BN_bn2bin() function to convert RSA public keys modulus to a big-endian byte stream. 然后使用BN_bn2bin()函数将RSA公钥模数转换为大端字节流。

eg. 例如。

RSA * pubKey = d2i_RSA_PUBKEY(NULL, <der encoded byte stream pointer>, <num bytes>);
BN_bn2bin(pubKey->n, <where to put the result>);

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM