如何使用 openSSL 函数验证 PEM 证书的密钥长度

发布于 2024-12-26 13:23:21 字数 418 浏览 0 评论 0原文

如何验证以这种方式生成的 PEM 证书的密钥长度：

# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

我需要的是使用 OpenSSL 中的过程的 C 函数，该函数对 PEM 证书执行验证（我将其用于 lighttpd HTTPS 服务器），并返回证书中存储的密钥长度（在本例中为 1024）。

原文

How do I verify the key length of a PEM certificate that is generated in this way:

# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

What I need is a C function using procedures from OpenSSL, that performs validation on a PEM certificate (I use it for the lighttpd HTTPS server), and returns the length of the key stored in the certificate (in this case, 1024).

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

橘味果▽酱 2025-01-02 13:23:21

经过一些调整，我相信已经找到了正确的例程。

如果您需要处理其他类型的证书，以下内容应该可以帮助您开始探索其他 OpenSSL 例程 (x509< /a>、pem）。

另请通读本地 x509.h 和 pem.h，了解可恢复您想要的其他信息的结构和函数。

/* Compile with 'gcc -Wall -lcrypto foo.c' or similar...
   ---------------------------------------------------------
   $ ./a.out server.crt
   Opened: server.crt
   RSA Public Key: (1024 bit) 

   $ ./a.out server.key
   ERROR: could not read x509 data from server.key                
*/

#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>

int main(int argc, char *argv[]) 
{
    FILE *fp = NULL;
    X509 *x509 = NULL;
    EVP_PKEY *public_key = NULL;

    fp = fopen(argv[1], "r");
    if (fp) {
        PEM_read_X509(fp, &x509, NULL, NULL);
        fclose(fp);

        if (x509) {
            fprintf(stderr, "Opened PEM certificate file: %s\n", argv[1]);
            /* do stuff with certificate... */
            public_key = X509_get_pubkey(x509);
            if (public_key) {
                switch (public_key->type) {
                    case EVP_PKEY_RSA:
                        fprintf(stdout, "RSA Public Key: (%d bit)\n", BN_num_bits(public_key->pkey.rsa->n));
                        break;
                    default:
                        fprintf(stdout, "Unknown public key type? See OpenSSL documentation\n");
                        break;
                }
                EVP_PKEY_free(public_key);
            }
            X509_free(x509);
        }
        else {
            fprintf(stderr, "ERROR: could not read x509 data from %s\n", argv[1]);
            return EXIT_FAILURE;
        }
    }
    else {
        fprintf(stderr, "ERROR: could not open file!\n");
        return EXIT_FAILURE;
    }

    return EXIT_SUCCESS;
}

After some tweaking, I believe have found the right routines.

The following should get you started with exploring other OpenSSL routines, in case you need to handle other types of certificates (x509, pem).

Also read through your local x509.h and pem.h for structures and functions that will recover other information you're after.

/* Compile with 'gcc -Wall -lcrypto foo.c' or similar...
   ---------------------------------------------------------
   $ ./a.out server.crt
   Opened: server.crt
   RSA Public Key: (1024 bit) 

   $ ./a.out server.key
   ERROR: could not read x509 data from server.key                
*/

#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>

int main(int argc, char *argv[]) 
{
    FILE *fp = NULL;
    X509 *x509 = NULL;
    EVP_PKEY *public_key = NULL;

    fp = fopen(argv[1], "r");
    if (fp) {
        PEM_read_X509(fp, &x509, NULL, NULL);
        fclose(fp);

        if (x509) {
            fprintf(stderr, "Opened PEM certificate file: %s\n", argv[1]);
            /* do stuff with certificate... */
            public_key = X509_get_pubkey(x509);
            if (public_key) {
                switch (public_key->type) {
                    case EVP_PKEY_RSA:
                        fprintf(stdout, "RSA Public Key: (%d bit)\n", BN_num_bits(public_key->pkey.rsa->n));
                        break;
                    default:
                        fprintf(stdout, "Unknown public key type? See OpenSSL documentation\n");
                        break;
                }
                EVP_PKEY_free(public_key);
            }
            X509_free(x509);
        }
        else {
            fprintf(stderr, "ERROR: could not read x509 data from %s\n", argv[1]);
            return EXIT_FAILURE;
        }
    }
    else {
        fprintf(stderr, "ERROR: could not open file!\n");
        return EXIT_FAILURE;
    }

    return EXIT_SUCCESS;
}

回复收藏 0 原文

~没有更多了~