[英]generate openssl key pair osx openssl
I have the following working terminal commands that I'm trying to convert into xcode/obj c: 我有以下正在尝试转换为xcode / obj c的工作终端命令:
openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825
I've compiled my project against openssl and the following code is generating some key pairs: 我已经针对openssl编译了我的项目,以下代码生成了一些密钥对:
RSA *keypair = RSA_generate_key(1024, 3, NULL, NULL);
BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());
PEM_write_bio_RSAPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(pub, keypair);
size_t pri_len = BIO_pending(pri);
size_t pub_len = BIO_pending(pub);
char *pri_key = malloc(pri_len + 1);
char *pub_key = malloc(pub_len + 1);
BIO_read(pri, pri_key, (int) pri_len);
BIO_read(pub, pub_key, (int) pub_len);
pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';
printf("\n%s\n%s\n", pri_key, pub_key);
The problem is they are in the wrong format. 问题在于它们的格式错误。 I suspect its the x509 parameter.
我怀疑它的x509参数。 Any help would be appreciated.
任何帮助,将不胜感激。
-------- UPDATE --------------- --------更新---------------
I've now got this to work based on the awesome post by Nathan Osman here: https://stackoverflow.com/a/15082282/313272 基于Nathan Osman的精彩帖子,我现在可以使用此工具: https : //stackoverflow.com/a/15082282/313272
Here is my complete code: 这是我完整的代码:
EVP_PKEY * pkey;
pkey = EVP_PKEY_new();
RSA * rsa;
rsa = RSA_generate_key(
1024,
RSA_F4, /* exponent - RSA_F4 is defined as 0x10001L */
NULL, /* callback - can be NULL if we aren't displaying progress */
NULL /* callback argument - not needed in this case */
);
EVP_PKEY_assign_RSA(pkey, rsa);
X509 * x509;
x509 = X509_new();
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
X509_gmtime_adj(X509_get_notAfter(x509), 157680000L); //31536000L = 360 days, xero recommend 1825 days
X509_set_pubkey(x509, pkey);
X509_NAME * name;
name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(unsigned char *)"AU", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
(unsigned char *)"MyCompany Inc.", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
(unsigned char *)"localhost", -1, -1, 0);
X509_set_issuer_name(x509, name);
X509_sign(x509, pkey, EVP_sha1());
FILE * f;
f = fopen("privatekey.pem", "wb");
PEM_write_PrivateKey(
f, /* write the key to the file we've opened */
pkey, /* our key from earlier */
NULL, /* default cipher for encrypting the key on disk */
NULL, /* passphrase required for decrypting the key on disk */
10, /* length of the passphrase string */
NULL, /* callback for requesting a password */
NULL /* data to pass to the callback */
);
fclose(f);
f = fopen("publickey.cer", "wb");
PEM_write_X509(
f, /* write the certificate to the file we've opened */
x509 /* our certificate */
);
fclose(f);
You need to change in your first variant: RSA *keypair = RSA_generate_key(1024, 3, NULL, NULL); 您需要更改第一个变量:RSA *密钥对= RSA_generate_key(1024,3,NULL,NULL);
to -> 到->
RSA * keypair = RSA_generate_key(1024, RSA_F4, NULL, NULL);
This is give your pub key in this format: 这是使用以下格式提供您的发布密钥:
'-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAOg0U9Do/+11jhmYFO9jdvPqOYcE0CDOfYDXbY+2u0/RTOb3jXL5mF19 E4SPsqHvrDGtRGOh8X8Sind1SWjfaeiFH0ooFa+67FR4iOa0KQXq/PRpAIRRmi/3 iODshjwqTlcIqpymNEouddDJ82GUacReglCC1ObPAZLIyvhJ9wFJAgMBAAE= -----END RSA PUBLIC KEY-----' '----- BEGIN RSA公钥----- MIGJAoGBAOg0U9Do / + + 11jhmYFO9jdvPqOYcE0CDOfYDXbY 2u0 / RTOb3jXL5mF19 E4SPsqHvrDGtRGOh8X8Sind1SWjfaeiFH0ooFa + 67FR4iOa0KQXq / PRpAIRRmi / 3 iODshjwqTlcIqpymNEouddDJ82GUacReglCC1ObPAZLIyvhJ9wFJAgMBAAE = ----- END RSA公钥-----'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.