如何在iOS中将十六进制格式rsa私钥转换为PKCS8格式

Question

I need to use a private key to do RSA Signing.

The company gave me the private key like this:

It's in a hex format, but OpenSSL's PEM_read_bio_RSAPrivateKey() function returns NULL. I searched for help about this and found out the private key must be in "PKCS8" format. So how can I convert the hex format above to PKCS8 format in my code?

Answer 1

The following uses OpenSSL 1.1.0 (I needed to do some other testing). It also uses d2i_RSAPrivateKey rather than PEM_read_bio_RSAPrivateKey . The key is in ASN.1/DER, so you can't use the PEM routines.

Compile and link with something similar to gcc -I/usr/local/ssl/1.1.0/include test.cc -o test.exe /usr/local/ssl/1.1.0/lib/libcrypto.a .

You should also add code to cleanup the library. Also see Library Initialization on the OpenSSL wiki.

#include <stdio.h>
#include <unistd.h>

#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/rsa.h>

const char encoded[] =
    "3082025C02010002818100AB13EC000380B4E489F717440D42473BD1C0"
    "F0B4F36D765171B3868ADF1CCAA782B48C71560C48342DFAEA01C6DBAF"
    "7A36F885B58BB24D7934352AA304941B1EB8373B561C4FBF11181C2E75"
    "ED3356CAE5B0DC9759A42CE997F5E5321AA5A67C5A2AE923F4705E61C2"
    "C7C8C2441CDCE6DE8638AB9294DA7A9A5B59E2E31C8A9B020301000102"
    "8180037ECDB4965DBBD46B8933DD7D13DC96B94B62DF9F959DF43E0977"
    "F74065BB323EF667642D68E4D4C417BB4E3BFCE311F12B94B7C7D9E5C1"
    "5332BEE343C5AEE4223BF3ADE524C2726A685E62938C6B62ADA73529C7"
    "62A61ABF707E936CFAC2233AD2C7DB0D8764194A7648C16A85FA54E0EB"
    "A32BFAB616CBE0009E5E3B8B5349024100D463E0012A09AA1399B5AD6B"
    "DDB47A7418F35109786899DDE1913647D3864A7897747D001122E3430C"
    "A58F4E94391208E9059606AEA8389E045B31273EBD2C75024100CE347F"
    "1CF65ACEFB6B21B758D7AB6B850F4BA1ECFC7DA1B0FC52538AF5D52803"
    "93ADB06D0A0762E66526C5755ABC6F81C22A6463E8B0E27D69BDEFFA8F"
    "3C38CF024100A10054FE8CEF668E1527339F61213EF263378F66AE701C"
    "B3A61A7E1B54ADA82662295BD88125014202843E6E42CE406DA0B72B53"
    "45731FF8293537BD9841AF410240472BDF63C3B3FC14D319440B2A0544"
    "8B1C88624F45A6A7144B42AF0B1B6682F51917ADF934A8EFFDCD93E03B"
    "6D21F4EAB875A148CA9BA2D0DE9A6C25F3223A0902401E673CB216C11D"
    "CCD41D99F4892C2027A03ADE42E64C7B4410BF9C4D1B0A58C51CF33FA3"
    "BA1D8F4D693A2C5CCB0D42A4A787EE32729871FEF4FC143DFFA170A2";

int main(int argc, char* argv[])
{
    long length = 0;
    unsigned char* decoded = NULL;
    RSA* rsa = NULL;

    decoded = OPENSSL_hexstr2buf(encoded, &length);
    if (decoded == NULL || length == 0)
        return 1;

    const unsigned char* temp = decoded;
    rsa = d2i_RSAPrivateKey(NULL, &temp, length);
    if (rsa == NULL)
        return 1;

    RSA_print_fp(stdout, rsa, 0);

    if (rsa)
        RSA_free(rsa);

    if (decoded)
        OPENSSL_free(decoded);

    return 0;
}

const unsigned char* temp = decoded is used because temp is temporary, and d2i_RSAPrivateKey increments the pointer to the next private key (if another parse will be attempted). You can still get to the original data through decoded .

It results in:

$ ./test.exe 
Private-Key: (1024 bit)
modulus:
    00:ab:13:ec:00:03:80:b4:e4:89:f7:17:44:0d:42:
    47:3b:d1:c0:f0:b4:f3:6d:76:51:71:b3:86:8a:df:
    1c:ca:a7:82:b4:8c:71:56:0c:48:34:2d:fa:ea:01:
    c6:db:af:7a:36:f8:85:b5:8b:b2:4d:79:34:35:2a:
    a3:04:94:1b:1e:b8:37:3b:56:1c:4f:bf:11:18:1c:
    2e:75:ed:33:56:ca:e5:b0:dc:97:59:a4:2c:e9:97:
    f5:e5:32:1a:a5:a6:7c:5a:2a:e9:23:f4:70:5e:61:
    c2:c7:c8:c2:44:1c:dc:e6:de:86:38:ab:92:94:da:
    7a:9a:5b:59:e2:e3:1c:8a:9b
publicExponent: 65537 (0x10001)
privateExponent:
    03:7e:cd:b4:96:5d:bb:d4:6b:89:33:dd:7d:13:dc:
    96:b9:4b:62:df:9f:95:9d:f4:3e:09:77:f7:40:65:
    bb:32:3e:f6:67:64:2d:68:e4:d4:c4:17:bb:4e:3b:
    fc:e3:11:f1:2b:94:b7:c7:d9:e5:c1:53:32:be:e3:
    43:c5:ae:e4:22:3b:f3:ad:e5:24:c2:72:6a:68:5e:
    62:93:8c:6b:62:ad:a7:35:29:c7:62:a6:1a:bf:70:
    7e:93:6c:fa:c2:23:3a:d2:c7:db:0d:87:64:19:4a:
    76:48:c1:6a:85:fa:54:e0:eb:a3:2b:fa:b6:16:cb:
    e0:00:9e:5e:3b:8b:53:49
prime1:
    00:d4:63:e0:01:2a:09:aa:13:99:b5:ad:6b:dd:b4:
    7a:74:18:f3:51:09:78:68:99:dd:e1:91:36:47:d3:
    86:4a:78:97:74:7d:00:11:22:e3:43:0c:a5:8f:4e:
    94:39:12:08:e9:05:96:06:ae:a8:38:9e:04:5b:31:
    27:3e:bd:2c:75
prime2:
    00:ce:34:7f:1c:f6:5a:ce:fb:6b:21:b7:58:d7:ab:
    6b:85:0f:4b:a1:ec:fc:7d:a1:b0:fc:52:53:8a:f5:
    d5:28:03:93:ad:b0:6d:0a:07:62:e6:65:26:c5:75:
    5a:bc:6f:81:c2:2a:64:63:e8:b0:e2:7d:69:bd:ef:
    fa:8f:3c:38:cf
exponent1:
    00:a1:00:54:fe:8c:ef:66:8e:15:27:33:9f:61:21:
    3e:f2:63:37:8f:66:ae:70:1c:b3:a6:1a:7e:1b:54:
    ad:a8:26:62:29:5b:d8:81:25:01:42:02:84:3e:6e:
    42:ce:40:6d:a0:b7:2b:53:45:73:1f:f8:29:35:37:
    bd:98:41:af:41
exponent2:
    47:2b:df:63:c3:b3:fc:14:d3:19:44:0b:2a:05:44:
    8b:1c:88:62:4f:45:a6:a7:14:4b:42:af:0b:1b:66:
    82:f5:19:17:ad:f9:34:a8:ef:fd:cd:93:e0:3b:6d:
    21:f4:ea:b8:75:a1:48:ca:9b:a2:d0:de:9a:6c:25:
    f3:22:3a:09
coefficient:
    1e:67:3c:b2:16:c1:1d:cc:d4:1d:99:f4:89:2c:20:
    27:a0:3a:de:42:e6:4c:7b:44:10:bf:9c:4d:1b:0a:
    58:c5:1c:f3:3f:a3:ba:1d:8f:4d:69:3a:2c:5c:cb:
    0d:42:a4:a7:87:ee:32:72:98:71:fe:f4:fc:14:3d:
    ff:a1:70:a2

---

If you don't cleanup, then Valgrind will report something like:

$ valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes ./test.exe 
==32773== Memcheck, a memory error detector
==32773== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==32773== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==32773== Command: ./test.exe
==32773== 
...
==32773== 
==32773== HEAP SUMMARY:
==32773==     in use at exit: 63,005 bytes in 365 blocks
==32773==   total heap usage: 547 allocs, 182 frees, 69,806 bytes allocated
==32773== 
==32773== 200 bytes in 1 blocks are still reachable in loss record 55 of 83
==32773==    at 0x4D11: malloc (vg_replace_malloc.c:303)
==32773==    by 0x10010AA3E: CRYPTO_zalloc (in ./test.exe)
==32773==    by 0x1001522BB: CRYPTO_THREAD_lock_new (in ./test.exe)
==32773==    by 0x100104EC8: do_ex_data_init (in ./test.exe)
==32773==    by 0xD8FBF: pthread_once (in /usr/lib/system/libsystem_c.dylib)
==32773==    by 0x1001523A8: CRYPTO_THREAD_run_once (in ./test.exe)
==32773==    by 0x100104768: CRYPTO_new_ex_data (in ./test.exe)
==32773==    by 0x10012A9C3: RSA_new_method (in ./test.exe)
==32773==    by 0x100129ED1: rsa_cb (in ./test.exe)
==32773==    by 0x100027057: asn1_item_embed_new (in ./test.exe)
==32773==    by 0x1000244CA: asn1_item_embed_d2i (in ./test.exe)
==32773==    by 0x100024125: ASN1_item_d2i (in ./test.exe)
==32773== 
==32773== 4,096 bytes in 1 blocks are still reachable in loss record 81 of 83
==32773==    at 0x4D11: malloc (vg_replace_malloc.c:303)
==32773==    by 0x1431D8: __smakebuf (in /usr/lib/system/libsystem_c.dylib)
==32773==    by 0x104F34: __swsetup (in /usr/lib/system/libsystem_c.dylib)
==32773==    by 0x142392: __sfvwrite (in /usr/lib/system/libsystem_c.dylib)
==32773==    by 0x142994: fwrite (in /usr/lib/system/libsystem_c.dylib)
==32773==    by 0x100031997: file_write (in ./test.exe)
==32773==    by 0x100030A29: BIO_write (in ./test.exe)
==32773==    by 0x10002CFFB: BIO_vprintf (in ./test.exe)
==32773==    by 0x10002CEFC: BIO_printf (in ./test.exe)
==32773==    by 0x100129B7C: do_rsa_print (in ./test.exe)
==32773==    by 0x10012EDBC: RSA_print_fp (in ./test.exe)
==32773==    by 0x1000010C4: main (test.cc:48)
==32773== 
==32773== LEAK SUMMARY:
==32773==    definitely lost: 0 bytes in 0 blocks
==32773==    indirectly lost: 0 bytes in 0 blocks
==32773==      possibly lost: 0 bytes in 0 blocks
==32773==    still reachable: 4,296 bytes in 2 blocks
==32773==         suppressed: 58,709 bytes in 363 blocks
==32773==