从 objective c 生成密钥并从 OpenSSL 签名创建 CSR
Generate Key from objective c and create CSR with signed from OpenSSL
我正在开发需要从 objective c 生成密钥的应用程序,如以下代码。
- (NSData *) getKeyDataWithIdentifier
{
NSData * keyBits = nil;
NSMutableDictionary * keyQuery = [[NSMutableDictionary alloc] init];
[keyQuery setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
[keyQuery setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[keyQuery setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData];
[keyQuery setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
OSStatus sanityCheck = SecItemCopyMatching((CFDictionaryRef)keyQuery, (void *)&keyBits);
if (sanityCheck != noErr) {
NSLog(@"Error: %d", (int)sanityCheck);
}
return keyBits;
}
并使用 OpenSSL 签名创建 CSR。我完成了以下操作,但在此行上签名返回 0 ret = X509_REQ_sign(x509_req, pKey, EVP_sha512());
以上一切都很好,但无法在此处签名 下面是我正在做的代码。
- (void)genCSRX509ForRSA:(NSData *) keyData
{
int ret = 0;
RSA *rsa = NULL;
BIGNUM *bne = NULL;
BN_GENCB *bGen = NULL;
int nVersion = 1;
int bits = 2048;
unsigned long e = RSA_F4;
X509_REQ *x509_req = NULL;
X509_NAME *x509_name = NULL;
EVP_PKEY *pKey = NULL;
RSA *tem = NULL;
BIO *out = NULL, *bio_err = NULL;
const char *szCountry = "US";
const char *szProvince = "MU";
const char *szCity = "Boston";
const char *szOrganization = "MyOrg";
const char *szCommon = "MO";
const char *szPath = "x509Req.pem";
const unsigned char * bitsOfKeyData = (unsigned char *) [keyData bytes];
int lengthOfKeyData = [keyData length];
// 1. generate rsa key
bne = BN_new();
ret = BN_set_word(bne,e);
if(ret != 1){
goto free_all;
}
rsa = RSA_new();
rsa = d2i_RSAPublicKey(&rsa, &bitsOfKeyData, lengthOfKeyData);
// 2. set version of x509 req
x509_req = X509_REQ_new();
ret = X509_REQ_set_version(x509_req, nVersion);
if (ret != 1){
goto free_all;
}
// 3. set subject of x509 req
x509_name = X509_REQ_get_subject_name(x509_req);
ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
if (ret != 1){
goto free_all;
}
// 4. set public key of x509 req
pKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pKey,rsa);
if(ret != 1){
goto free_all;
}
ret = X509_REQ_set_pubkey(x509_req, pKey);
if (ret != 1){
goto free_all;
}
// 5. set sign key of x509 req
ret = X509_REQ_sign(x509_req, pKey, EVP_sha512()); // return x509_req->signature->length
if (ret <= 0){
goto free_all;
}
out = BIO_new_file(szPath,"w");
ret = PEM_write_bio_X509_REQ(out, x509_req);
X509_REQ_print_fp(stdout, x509_req);
[self createFileForPEM:x509_req];
// PEM_write_X509_REQ(pemFile, certSigningRequest);
// 6. free
free_all:
X509_REQ_free(x509_req);
BIO_free_all(out);
EVP_PKEY_free(pKey);
BN_free(bne);
}
在 https://github.com/ateska/ios-csr (which is for RSA) but I converted to EC with 256 and also upload into Github 的帮助下,我终于完成了这项工作。
谢谢希望这也能帮助很多其他正在寻找这个的人。
我正在开发需要从 objective c 生成密钥的应用程序,如以下代码。
- (NSData *) getKeyDataWithIdentifier
{
NSData * keyBits = nil;
NSMutableDictionary * keyQuery = [[NSMutableDictionary alloc] init];
[keyQuery setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
[keyQuery setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[keyQuery setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnData];
[keyQuery setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
OSStatus sanityCheck = SecItemCopyMatching((CFDictionaryRef)keyQuery, (void *)&keyBits);
if (sanityCheck != noErr) {
NSLog(@"Error: %d", (int)sanityCheck);
}
return keyBits;
}
并使用 OpenSSL 签名创建 CSR。我完成了以下操作,但在此行上签名返回 0 ret = X509_REQ_sign(x509_req, pKey, EVP_sha512());
以上一切都很好,但无法在此处签名 下面是我正在做的代码。
- (void)genCSRX509ForRSA:(NSData *) keyData
{
int ret = 0;
RSA *rsa = NULL;
BIGNUM *bne = NULL;
BN_GENCB *bGen = NULL;
int nVersion = 1;
int bits = 2048;
unsigned long e = RSA_F4;
X509_REQ *x509_req = NULL;
X509_NAME *x509_name = NULL;
EVP_PKEY *pKey = NULL;
RSA *tem = NULL;
BIO *out = NULL, *bio_err = NULL;
const char *szCountry = "US";
const char *szProvince = "MU";
const char *szCity = "Boston";
const char *szOrganization = "MyOrg";
const char *szCommon = "MO";
const char *szPath = "x509Req.pem";
const unsigned char * bitsOfKeyData = (unsigned char *) [keyData bytes];
int lengthOfKeyData = [keyData length];
// 1. generate rsa key
bne = BN_new();
ret = BN_set_word(bne,e);
if(ret != 1){
goto free_all;
}
rsa = RSA_new();
rsa = d2i_RSAPublicKey(&rsa, &bitsOfKeyData, lengthOfKeyData);
// 2. set version of x509 req
x509_req = X509_REQ_new();
ret = X509_REQ_set_version(x509_req, nVersion);
if (ret != 1){
goto free_all;
}
// 3. set subject of x509 req
x509_name = X509_REQ_get_subject_name(x509_req);
ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
if (ret != 1){
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
if (ret != 1){
goto free_all;
}
// 4. set public key of x509 req
pKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pKey,rsa);
if(ret != 1){
goto free_all;
}
ret = X509_REQ_set_pubkey(x509_req, pKey);
if (ret != 1){
goto free_all;
}
// 5. set sign key of x509 req
ret = X509_REQ_sign(x509_req, pKey, EVP_sha512()); // return x509_req->signature->length
if (ret <= 0){
goto free_all;
}
out = BIO_new_file(szPath,"w");
ret = PEM_write_bio_X509_REQ(out, x509_req);
X509_REQ_print_fp(stdout, x509_req);
[self createFileForPEM:x509_req];
// PEM_write_X509_REQ(pemFile, certSigningRequest);
// 6. free
free_all:
X509_REQ_free(x509_req);
BIO_free_all(out);
EVP_PKEY_free(pKey);
BN_free(bne);
}
在 https://github.com/ateska/ios-csr (which is for RSA) but I converted to EC with 256 and also upload into Github 的帮助下,我终于完成了这项工作。 谢谢希望这也能帮助很多其他正在寻找这个的人。