使用 OpenSSL 将 DER 编码的密钥转换为 PEM

Question

我正在使用 Open SSL 生成 RSA 密钥对并使用 SHA1 算法签署令牌。使用 OpenSSL 成功生成了密钥对，结果我得到了“PEM”证书。

要继续进行签名过程，我需要 DER 格式的私钥。如果有人知道，请分享使用 openssl 将 PEM 转换为 DER 证书的代码。我尝试使用终端，它工作正常。但是，我需要为此采用程序化方法。

以下是我生成 PEM 证书的代码：

-(void)generateCertificate
{
    RSA *rsaKeyPair = NULL;
    rsaKeyPair = RSA_new();        

    BIGNUM *e = BN_new();
    BN_set_word(e, 65537);

    //Generating KeyPair
    RSA_generate_key_ex(rsaKeyPair, 1024, e, NULL);

    int keylen, keylenPub;
    char *pem_key, *pem_pub_key;

    /* To get the C-string PEM form: */
    BIO *bio = BIO_new(BIO_s_mem());
    BIO *bioPubKey = BIO_new(BIO_s_mem());        

    //Writing RSA Private and Public Keys        
    PEM_write_bio_RSAPrivateKey(bio, rsaKeyPair, NULL, NULL, 0, NULL, NULL);
    PEM_write_bio_RSAPublicKey(bioPubKey, rsaKeyPair);
    keylen = BIO_pending(bio);
    pem_key = calloc(keylen+1, 1); /* Null-terminate */
    BIO_read(bio, pem_key, keylen);

    //Reading RSA Public Key Bio        
    keylenPub = BIO_pending(bioPubKey);
    pem_pub_key = calloc(keylenPub+1, 1); /* Null-terminate */
    BIO_read(bioPubKey, pem_pub_key, keylenPub);            

    NSString *strData = [NSString stringWithUTF8String:pem_key];
    [strData writeToFile:[self privateKeyPath] atomically:YES encoding:NSUTF8StringEncoding error:nil];        

    NSString *strPubData = [NSString stringWithUTF8String:pem_pub_key];
    [strPubData writeToFile:[self publicKeyPath] atomically:YES encoding:NSUTF8StringEncoding error:nil];

    BIO_free_all(bio);
    RSA_free(rsaKeyPair);
}

还有：

// Documents directory path
-(NSString *)privateKeyPath
{
    NSString *documentsFolder =   [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"rsaprivkey.pem"];
 }

还有：

-(NSString *)publicKeyPath
{
    NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"rsapubkey.pem"];
}

还有：

-(NSString *)derPrivateKeyPath
{
    NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"rsaprivateKey.der"];
}

还有：

#pragma mark - Signing section
-(NSData *)generateSignatureWithdataToSign :(NSData*)signableData
{
    BIO *in = BIO_new_file([[self derPrivateKeyPath] cStringUsingEncoding:NSUTF8StringEncoding], "rb");        

    PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in,NULL);

    EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
    NSLog(@"%i", p8inf->broken);
    PKCS8_PRIV_KEY_INFO_free(p8inf);
    BIO_free(in);
    uint8_t * cipherBuffer = NULL;

    // Calculate the buffer sizes.
    unsigned int cipherBufferSize = RSA_size(pkey->pkey.rsa);
    unsigned int signatureLength;

    // Allocate some buffer space. I don't trust calloc.
    cipherBuffer = malloc(cipherBufferSize);
    memset((void *)cipherBuffer, 0x0, cipherBufferSize);

    unsigned char *openSSLHash = SHA1(signableData.bytes, signableData.length, NULL);
    int success = RSA_sign(NID_sha1, openSSLHash, 20, cipherBuffer, &signatureLength, pkey->pkey.rsa);  //pkey->pkey.rsa
    if (success) NSLog(@"WIN");


    NSData *signatureData = [NSData dataWithBytes:(const void*)cipherBuffer length:signatureLength];

    EVP_PKEY_free(pkey);

    return signatureData;
}

注意：我想从“rsaprivkey.pem”获取 DER 证书并将该 DER 写入“rsaprivateKey.der”.. 之后，我需要使用“rsaprivateKey.der”证书实现上面编码的签名过程...

Answer 1

最后，我找到了我的问题的答案。下面的代码可能会帮助其他遇到类似问题的人......

-(void)generateCertificate
{
    const int kBits = 1024;
    const int kExp = 65537;

    int keylen, keylenPub;
    char *pem_key, *pem_key_pub;

    RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0);



    EVP_PKEY *pkey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pkey, rsa);

     bioPriv = BIO_new(BIO_s_mem());

    //PKCS8 Encoded private Key

    i2d_PKCS8PrivateKey_bio(bioPriv, pkey, NULL, NULL, 0, NULL, NULL);


    keylen = BIO_pending(bioPriv);
    pem_key = calloc(keylen+1, 1);
    BIO_read(bioPriv, pem_key, keylen);

    printf("%s", pem_key);

    NSData *data = [NSData dataWithBytes:pem_key length:keylen];
    [data writeToFile:[self privateKeyPathDER] atomically:YES];



    //Public Key encryption and Saving

    bioPub = BIO_new(BIO_s_mem());
    i2d_RSA_PUBKEY_bio(bioPub, rsa);


    keylenPub = BIO_pending(bioPub);
    pem_key_pub = calloc(keylenPub+1, 1);
    BIO_read(bioPub, pem_key_pub, keylenPub);

    printf("%s", pem_key_pub);



    NSData *dataPub = [NSData dataWithBytes:pem_key_pub length:keylenPub];
   [dataPub writeToFile:[self publicKeyPathDER] atomically:YES];





    RSA_free(rsa);


}
#pragma mark - Signing section


-(NSData *)generateSignatureWithdataToSign :(NSData*)signableData
{

   //BIO *in = BIO_new_file([[self privateKeyPathDER] cStringUsingEncoding:NSUTF8StringEncoding], "rb");

    PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(bioPriv,NULL);

    EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
    NSLog(@"%i", p8inf->broken);
    PKCS8_PRIV_KEY_INFO_free(p8inf);
    BIO_free(bioPriv);



    uint8_t * cipherBuffer = NULL;

    // Calculate the buffer sizes.
    unsigned int cipherBufferSize = RSA_size(pkey->pkey.rsa);
    unsigned int signatureLength;

    // Allocate some buffer space. I don't trust calloc.
    cipherBuffer = malloc(cipherBufferSize);
    memset((void *)cipherBuffer, 0x0, cipherBufferSize);

    unsigned char *openSSLHash = SHA1(signableData.bytes, signableData.length, NULL);
    int success = RSA_sign(NID_sha1, openSSLHash, 20, cipherBuffer, &signatureLength, pkey->pkey.rsa);  //pkey->pkey.rsa
    if (success) NSLog(@"WIN");


    NSData *signatureData = [NSData dataWithBytes:(const void*)cipherBuffer length:signatureLength];

    EVP_PKEY_free(pkey);


    return signatureData;


}



-(NSString *)privateKeyPathDER
{
    NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"rsaprivkey.der"];
}

-(NSString *)publicKeyPathDER
{
    NSString *documentsFolder = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
    return [documentsFolder stringByAppendingPathComponent:@"rsapubkey.der"];
}