当前位置：文江博客话题详情

将证书转换为字节数组

发布于 2024-10-15 01:24:33 字数 166 浏览 1 评论 0原文

如何将证书（PEM/DER 格式）转换为字节数组？

我的设备上没有文件系统，并且想在其上使用客户端证书。所以我想将此 SSL 证书复制到缓冲区（无符号字符）中。我的 Windows 机器上有证书文件。

将证书转换为数组的正确方法是什么？简单的角色复制可以吗？

维沙尔·N

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

晨光如昨 2024-10-22 01:24:33

检查此代码，解释作为注释添加，

1 将文件加载到BIO结构中
2 使用 PEM_read_bio_X509_AUX 将其转换为 x509
3 使用 i2d_X509 将 x509 转换为 unsigned char *

int main()
{    
    X509 *x509;    
    BIO *certBio = BIO_new(BIO_s_file());   
    char * path = "E:\\share\\TempCert.pem"; /* directory path where certificate exists*/
    int len;
    unsigned char *buf;   

    buf = NULL;
    BIO_read_filename(certBio, path);
    x509 = PEM_read_bio_X509_AUX(certBio, NULL, 0, NULL);      /*loading the certificate to x509 structure*/
    len = i2d_X509(x509, &buf);     /*loading the certificate to unsigned char buffer*/

    /* You can use this buf as BYTE array since BYTE is typedef of unsigned char and len will contain the length(size) of the certificate */
    BIO_free_all(certBio);  
    return 0;
}

检查 i2d_X509， PEM_read_bio_X509_AUX 函数了解更多详细信息。

该缓冲区可用于创建PCCERT_CONTEXT结构。

check this code, explanations are added as comments ,

1 Load the file into BIO structure
2 Convert it to x509 using PEM_read_bio_X509_AUX
3 convert the x509 to unsigned char * using i2d_X509

int main()
{    
    X509 *x509;    
    BIO *certBio = BIO_new(BIO_s_file());   
    char * path = "E:\\share\\TempCert.pem"; /* directory path where certificate exists*/
    int len;
    unsigned char *buf;   

    buf = NULL;
    BIO_read_filename(certBio, path);
    x509 = PEM_read_bio_X509_AUX(certBio, NULL, 0, NULL);      /*loading the certificate to x509 structure*/
    len = i2d_X509(x509, &buf);     /*loading the certificate to unsigned char buffer*/

    /* You can use this buf as BYTE array since BYTE is typedef of unsigned char and len will contain the length(size) of the certificate */
    BIO_free_all(certBio);  
    return 0;
}

check the i2d_X509, PEM_read_bio_X509_AUX functions for more details.

This buffer can be used to create PCCERT_CONTEXT structure.

回复收藏 0 原文

浮生未歇 2024-10-22 01:24:33

当你使用gcc+gnu-binutils+openssl时，可以使用 ld 将文件文字包含到程序中。然后使用 d2i_X509 将文字解析为 X509 结构。

首先运行 ld -r -b binary -o cert.crt.o cert.crt （cert.crt 必须采用 DER 形式，我不知道 .crt 是否是 DER 的正确扩展名）。

example.c

#include <openssl/x509.h>
#include <stdio.h>

extern unsigned char _binary_cert_crt_start[];
extern unsigned char _binary_cert_crt_end[];

int main()
{
   X509 *cert;
   const unsigned char *buf = _binary_cert_crt_start;
   unsigned const char** inp = &buf;
   cert = d2i_X509(NULL, inp, _binary_cert_crt_end-_binary_cert_crt_start);
   printf("%p\n", cert);
   return !cert;
}

然后使用 gcc -o ct example.c cert.crt.o -lcrypto 编译该程序。

When you use gcc+gnu-binutils+openssl, you can use ld to include a file literal into the program. Then you use d2i_X509 to parse the literal into a X509 structure.

First run ld -r -b binary -o cert.crt.o cert.crt (cert.crt MUST be in DER form, I don't know if .crt is the correct extension for DER).

example.c

#include <openssl/x509.h>
#include <stdio.h>

extern unsigned char _binary_cert_crt_start[];
extern unsigned char _binary_cert_crt_end[];

int main()
{
   X509 *cert;
   const unsigned char *buf = _binary_cert_crt_start;
   unsigned const char** inp = &buf;
   cert = d2i_X509(NULL, inp, _binary_cert_crt_end-_binary_cert_crt_start);
   printf("%p\n", cert);
   return !cert;
}

Then you compile this program with gcc -o ct example.c cert.crt.o -lcrypto.

回复收藏 0 原文

~没有更多了~