从内存中读取公钥/私钥与OpenSSL的 [英] Reading Public/Private Key from Memory with OpenSSL

问题描述

我使用的公钥/私钥在我的项目加密/解密的一些数据。

I am using Public/Private Keys in my project to encrypt/decrypt some data.

我托管服务器上的一个公共密钥（public.pem）。

I am hosting a public key ("public.pem") on a server.

public.pem看起来是这样的：

"public.pem" looks like this:

-----BEGIN PUBLIC KEY-----
.....
.....
-----END PUBLIC KEY-----

我写了这个下载公共密钥并将其保存到磁盘上的客户端，然后调用OpenSSL的PEM_read_RSA_PUBKEY（）与某个文件描述符到该文件。
此操作的伟大工程，结果是一个RSA对象，已准备好进行加密。

I wrote a client side that downloads this public key and save it to disk and then calls OpenSSL's PEM_read_RSA_PUBKEY() with a File descriptor to that file. This operation works great and the result is an RSA object that is ready for encryption.

我想避免每次写公钥到磁盘（因为我已经在内存中已缓存）。

I would like to avoid writing the public key to disk each time (since i have the buffer in memory already).

我如何可以做同样的操作，而不保存中buffer to disk？
我注意到一个叫功能：）PEM_read_bio_RSAPublicKey（但我不知道它是生物结构的使用。我在正确的道路上？

How can i do the same operation without saving the buffer to disk? I noticed a function called: PEM_read_bio_RSAPublicKey() but i am not sure of it's usage of BIO structure. Am I on the right path?

所以，真正的问题是：如何做我读直接从内存中，而不是从一个文件描述符公共/私有到RSA对象键​​

So the real question would be: How do I read a public/private key to an RSA object straight from memory and not from a file descriptor.

推荐答案

您是在正确的轨道上。您必须已经通过BIO缓冲的方式通过 BIO_new_mem_buf包裹PEM关键存储器（）。换句话说，是这样的：

You are on the right track. You must wrap the PEM key already in memory by means of a BIO buffer via BIO_new_mem_buf(). In other words, something like:

BIO *bufio;
RSA *rsa

bufio = BIO_new_mem_buf((void*)pem_key_buffer, pem_key_buffer_len);
PEM_read_bio_RSAPublicKey(bufio, &rsa, 0, NULL);

同样的方法是有效的RSA私钥（通过 PEM_read_bio_RSAPrivateKey ），但在这种情况下，你肯定需要迎合密码短语。检查手册页了解详情。

The same approach is valid for an RSA private key (via PEM_read_bio_RSAPrivateKey), but in that case you most certainly need to cater for the pass phrase. Check the man page for details.

这篇关于从内存中读取公钥/私钥与OpenSSL的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！