生成openssl密钥对osx openssl

Question

I have the following working terminal commands that I'm trying to convert into xcode/obj c:

openssl genrsa -out privatekey.pem 1024

openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825

I've compiled my project against openssl and the following code is generating some key pairs:

RSA *keypair = RSA_generate_key(1024, 3, NULL, NULL);
BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());

PEM_write_bio_RSAPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(pub, keypair);

size_t pri_len = BIO_pending(pri);
size_t pub_len = BIO_pending(pub);

char *pri_key = malloc(pri_len + 1);
char *pub_key = malloc(pub_len + 1);

BIO_read(pri, pri_key, (int) pri_len);
BIO_read(pub, pub_key, (int) pub_len);

pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';

printf("\n%s\n%s\n", pri_key, pub_key);

The problem is they are in the wrong format. I suspect its the x509 parameter. Any help would be appreciated.

-------- UPDATE ---------------

I've now got this to work based on the awesome post by Nathan Osman here: https://stackoverflow.com/a/15082282/313272

Here is my complete code:

EVP_PKEY * pkey;
pkey = EVP_PKEY_new();

RSA * rsa;
rsa = RSA_generate_key(
                       1024,
                       RSA_F4, /* exponent - RSA_F4 is defined as 0x10001L */
                       NULL,   /* callback - can be NULL if we aren't displaying progress */
                       NULL    /* callback argument - not needed in this case */
                       );
EVP_PKEY_assign_RSA(pkey, rsa);

X509 * x509;
x509 = X509_new();

ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);

X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), 157680000L); //31536000L = 360 days, xero recommend 1825 days

X509_set_pubkey(x509, pkey);

X509_NAME * name;
name = X509_get_subject_name(x509);

X509_NAME_add_entry_by_txt(name, "C",  MBSTRING_ASC,
                           (unsigned char *)"AU", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O",  MBSTRING_ASC,
                           (unsigned char *)"MyCompany Inc.", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
                           (unsigned char *)"localhost", -1, -1, 0);

X509_set_issuer_name(x509, name);

X509_sign(x509, pkey, EVP_sha1());

FILE * f;
f = fopen("privatekey.pem", "wb");
PEM_write_PrivateKey(
                     f,                  /* write the key to the file we've opened */
                     pkey,               /* our key from earlier */
                     NULL, /* default cipher for encrypting the key on disk */
                     NULL,       /* passphrase required for decrypting the key on disk */
                     10,                 /* length of the passphrase string */
                     NULL,               /* callback for requesting a password */
                     NULL                /* data to pass to the callback */
                     );
fclose(f);

f = fopen("publickey.cer", "wb");
PEM_write_X509(
               f,   /* write the certificate to the file we've opened */
               x509 /* our certificate */
               );
fclose(f);

Answer 1

You need to change in your first variant: RSA *keypair = RSA_generate_key(1024, 3, NULL, NULL);

to ->

RSA * keypair = RSA_generate_key(1024, RSA_F4, NULL, NULL);

This is give your pub key in this format:

'-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAOg0U9Do/+11jhmYFO9jdvPqOYcE0CDOfYDXbY+2u0/RTOb3jXL5mF19 E4SPsqHvrDGtRGOh8X8Sind1SWjfaeiFH0ooFa+67FR4iOa0KQXq/PRpAIRRmi/3 iODshjwqTlcIqpymNEouddDJ82GUacReglCC1ObPAZLIyvhJ9wFJAgMBAAE= -----END RSA PUBLIC KEY-----'