将 RSA 私钥加载到 EVP_PKEY

Load RSA private key to EVP_PKEY

我目前在 .pem 文件中有私钥。在我的应用程序 (iOS) 中,我想将私钥加载到 EVP_PKEY 结构中以签署 X509_REQ。

我目前的问题是我能够加载私钥,但实际上它是一个与我的文件系统中的私钥不同的私钥。

这是我的代码:

BIO *bio_err;
X509_REQ *x509=NULL;
EVP_PKEY *pkey= NULL;
EVP_PKEY *pubKey = NULL;

NSString *privateKeyFile = [SecurityManager privateKeyFileAndProof:YES];
char const *privKeyPath =  [[NSFileManager defaultManager] fileSystemRepresentationWithPath:privateKeyFile];
FILE *fp = fopen(privKeyPath, "r");

PEM_read_PrivateKey(fp, &pkey, NULL, NULL);

fclose(fp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);

PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);

这是我的实际私钥文件:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzl8TJ46uLTo6ELLrEPRpS7S0IYBAhAXbxvvKaRLvjBi9khud
8ybfDSjoD//uoAlZDIfRak31tHIXqiJntaDZJ8ujIEK4DdRBVHowPNC/tKuYUti8
vZ94BkN48nyJwfFtYPtqaMI6XC0Vh0ffQnQ9jl1d8TVfvxuhlK2+C/WG8Gz9NmRu
JGgCiNuHOIIjaDtlJW36fj21KxW5de1dEW1GUF9GPctN0QjeU4xPFukbu0w8qrr7
ShiIlz0DCkzuj2ww1mr/Gpt4boGCmyM9u+IMg30WMGYacb1+qIpswHJIVaDx7Jmf
xnn8k2rVZT5FUpSjyusSeWFkU7Qh0cKm5BrFNQIDAQABAoIBAEJV2Uhb2qz7DHMV
r+2xQq9tFIG4QgSuBWk+wl9oEMwNn9H5QppIImaOgZmzALc8if03Ix9yk8o+6lBr
4r5FR8g88uCJ0bPQSHepFxxVVWnzxnDK7lBdlC0fPx9i3L0Up74G0rt9w1ihvUvQ
1Hj9+FNsu6evKmm5rgSmnHInqApbyivyogqqSFZ1WlbR9PlT7J15RJAL6lVL+6DP
bIyFDL38degVtOUCAekTsBj1tpewfpFYIb6g5ovVFMgbzXBFL8tEmTe40UheUD1R
LBSaBISQQdl1b6dp0A7jPisk6NE9RZRv0aXLf/t1GrCGIVNQ73+ZtJPETL5Ckk3n
+eEWizkCgYEA9Vmg3pfMHB6QAcsEASK+bdOx2p+Sq47Yd4wISWXKpiylYudKFv0I
bm/0fhU3QOwIUpD0/i5dvUetE08ARU8vXHS+Aar9Gr109KslgdoLFnwTp9A9MsJP
Kuo7ZV3/P3APYlsCdoA2YmR8ys6JIooNlwwV523vI0S7q0Jc277tHf8CgYEA11RO
7FpFMYgYniSyal4Sze+YLXbhvhTPdmbhY+zAh3U0aJ4WHckmofeyomgqQ9ZAdcfu
cUyZKqxJ6FQelc5voBjOTj6rNfziWrU618ldIgmW/0hsQ4Wb+j7W+csqJVTPPGCy
bg+jRIv0W9foIPFhXijC/HWS3Vq2QCklGO5kBMsCgYBC1B4AY4KCKkT5aA34LTmH
esEYFp0Bw8/siCT9sQ9IwiJuVSeWKWfxhOcorKi3M1N1Aezpi0GXO/3Fo6AkQNRa
r6XNmICGlxJTTobR3s1kW3mTHSJ+P/UGcHSrQLY01lYqaTW7h2LI3CwtpaIu2UGo
Ye9ZcVVQ2vjvRg07Ab9eiwKBgFrmWlLoYKFiRJIuB6tjfyi0Zld7Ah0OB+6By9A1
F6mXTsKDSe7VBZwGRsDMnFr6zUdrWTs3DMm45ZJQQIEZHoJFNoJNblViJeQI8Yg6
lzhROA8YcauncYsYkAPvQiF0Re/FGk3gCBpdwpAq+vE9NM9dAcM1lwQe0SUQuXpm
2I41AoGBALUMXfvtDKzcHnZ3UjXuVHM/H6gFiOLx9GhQ9K4BMe7nkbKsDnwbw6Z2
124ZdhkBMgFsL8XTyhyGo2upB/Sq9enLT5fNcD3OZcfRfBGgQO/27IV/A5/ofpG6
N3bDZhBhKHvriP683gXF/L2ki4OTtDI6gym/jaXn3RdNK0kL4tJu
-----END RSA PRIVATE KEY-----

这是我在加载 EVP_PKEY 结构

时打印的私钥
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOXxMnjq4tOjoQ
susQ9GlLtLQhgECEBdvG+8ppEu+MGL2SG53zJt8NKOgP/+6gCVkMh9FqTfW0cheq
Ime1oNkny6MgQrgN1EFUejA80L+0q5hS2Ly9n3gGQ3jyfInB8W1g+2powjpcLRWH
R99CdD2OXV3xNV+/G6GUrb4L9YbwbP02ZG4kaAKI24c4giNoO2Ulbfp+PbUrFbl1
7V0RbUZQX0Y9y03RCN5TjE8W6Ru7TDyquvtKGIiXPQMKTO6PbDDWav8am3hugYKb
Iz274gyDfRYwZhpxvX6oimzAckhVoPHsmZ/GefyTatVlPkVSlKPK6xJ5YWRTtCHR
wqbkGsU1AgMBAAECggEAQlXZSFvarPsMcxWv7bFCr20UgbhCBK4FaT7CX2gQzA2f
0flCmkgiZo6BmbMAtzyJ/TcjH3KTyj7qUGvivkVHyDzy4InRs9BId6kXHFVVafPG
cMruUF2ULR8/H2LcvRSnvgbSu33DWKG9S9DUeP34U2y7p68qabmuBKaccieoClvK
K/KiCqpIVnVaVtH0+VPsnXlEkAvqVUv7oM9sjIUMvfx16BW05QIB6ROwGPW2l7B+
kVghvqDmi9UUyBvNcEUvy0SZN7jRSF5QPVEsFJoEhJBB2XVvp2nQDuM+KyTo0T1F
lG/Rpct/+3UasIYhU1Dvf5m0k8RMvkKSTef54RaLOQKBgQD1WaDel8wcHpABywQB
Ir5t07Han5Krjth3jAhJZcqmLKVi50oW/Qhub/R+FTdA7AhSkPT+Ll29R60TTwBF
Ty9cdL4Bqv0avXT0qyWB2gsWfBOn0D0ywk8q6jtlXf8/cA9iWwJ2gDZiZHzKzoki
ig2XDBXnbe8jRLurQlzbvu0d/wKBgQDXVE7sWkUxiBieJLJqXhLN75gtduG+FM92
ZuFj7MCHdTRonhYdySah97KiaCpD1kB1x+5xTJkqrEnoVB6Vzm+gGM5OPqs1/OJa
tTrXyV0iCZb/SGxDhZv6Ptb5yyolVM88YLJuD6NEi/Rb1+gg8WFeKML8dZLdWrZA
KSUY7mQEywKBgELUHgBjgoIqRPloDfgtOYd6wRgWnQHDz+yIJP2xD0jCIm5VJ5Yp
Z/GE5yisqLczU3UB7OmLQZc7/cWjoCRA1Fqvpc2YgIaXElNOhtHezWRbeZMdIn4/
9QZwdKtAtjTWVippNbuHYsjcLC2loi7ZQahh71lxVVDa+O9GDTsBv16LAoGAWuZa
UuhgoWJEki4Hq2N/KLRmV3sCHQ4H7oHL0DUXqZdOwoNJ7tUFnAZGwMycWvrNR2tZ
OzcMybjlklBAgRkegkU2gk1uVWIl5AjxiDqXOFE4Dxhxq6dxixiQA+9CIXRF78Ua
TeAIGl3CkCr68T00z10BwzWXBB7RJRC5embYjjUCgYEAtQxd++0MrNwedndSNe5U
cz8fqAWI4vH0aFD0rgEx7ueRsqwOfBvDpnbXbhl2GQEyAWwvxdPKHIaja6kH9Kr1
6ctPl81wPc5lx9F8EaBA7/bshX8Dn+h+kbo3dsNmEGEoe+uI/rzeBcX8vaSLg5O0
MjqDKb+NpefdF00rSQvi0m4=
-----END PRIVATE KEY-----

从 OpenSSL 版本 1.0.0 开始,PEM_write_PrivateKey 等例程默认为 PKCS8 格式,其页眉和页脚如下:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

如果您想在 1.0.0 之后的版本中以传统格式写入,请特别调用读写例程,例如 PEM_read_RSAPrivateKeyPEM_write_RSAPrivateKey

传统密钥格式的页眉和页脚如下:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----