如何存储公钥为C数组 [英] how to store public key as c array
问题描述
我一直在寻找这个答案了一段时间,所以我虽然我可能藏汉寄我已经找到了。
I've been looking for an answer for this for a while so i though i might aswell post what I've found.
我使用OpenSSL的签署和使用私钥签名和公钥来验证验证许可证。
I'm using openssl to sign and verify license using private key to sign and public key to verify.
因为我发送公钥到客户端进行验证,我不能给他,并要求路径关键,因为他可以改变公共密钥,并使用自己的私人/公共密钥加密邮件
since I'm sending the public key to the client for verification, I can't give it to him and ask for path to key, because he can change the public key and encrypt the message using his own private/public keys.
解决方案:存储C程序中作为一个数组公钥
the solution: store the public key inside the C program as an array.
现在我需要改变从阅读公钥我的code:
now i need to change my code of reading the public key from:
EVP_PKEY *public_key = NULL;
public_key_fd = fopen( public_key_path, "r" );
if ( !public_key_fd )
// something went wrong
PEM_read_PUBKEY( public_key_fd, &public_key, NULL, NULL );
fclose( public_key_path );
要使用字符串而不是一个文件的东西。
to something that uses a string instead of a file.
推荐答案
首先,我们需要了解什么是什么样子,使用cat:
first we need to understand what does the look like, using cat:
cat public_key.pem
我们得到
---- BEGIN PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYs
c8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS
0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7r
NzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaX
fgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQ
LGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L
---- END PUBLIC KEY ----
我读过此CHAR成炭来理解是'\\ n'以及其他不可见字符和我所发现的是,每一行的'\\ n'
I've read this char by char to understand where are the '\n' and other invisible characters and what I've found is that each line ends with '\n'
让我们得到什么作为对C将是一个数组:
so what we get as an array for C will be:
char *key_string = "---- BEGIN PUBLIC KEY ----\nAAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYs\nc8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS\n0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7r\nNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaX\nfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQ\nLGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L\n---- END PUBLIC KEY ----\n";
和读取字符数组的一个关键所需的code是:
and The code needed to read a key from a char array is:
EVP_PKEY *public_key = NULL;
BIO *bio;
bio = BIO_num_mem_buf( key_string, strlen( key_string ) );
PEM_read_bio_PUBKEY( bio, &public_key, NULL, NULL );
的解释: PEM_read_PrivateKey()约为PEM_ASN1_read()(包装从一个读取任意ASN.1对象
PEM-CN codeD BLOB)和d2i_PrivateKey()(它知道如何读的私人密钥blob明确)。
explaination: PEM_read_PrivateKey() is a wrapper around PEM_ASN1_read() (which reads an arbitrary ASN.1 object from a PEM-encoded blob) and d2i_PrivateKey() (which knows how to read a private key blob specifically).
PEM_ASN1_read()只是简单地创建从你给它FILE *生物,并调用PEM_ASN1_read_bio()。如果
你想,你可以改为创建使用类似BIO_new_mem_buf()的字符串,并呼叫BIO
PEM_ASN1_read_bio()自己。 (生物是OpenSSL的对象,像一个更通用的FILE *)。
PEM_ASN1_read() simply creates a BIO from the FILE* that you give it, and calls PEM_ASN1_read_bio(). If you want, you can instead create a BIO from your string using something like BIO_new_mem_buf() and call PEM_ASN1_read_bio() yourself. (A BIO is an openssl object that's like a more general-purpose FILE*.)
顺便说一句,如果你的密钥存储在数据库中,有大概没有需要他们是PEM-CN codeD;你可以节省
在DER格式存储它们和()直接调用d2i_PrivateKey的空间和时间位。 (PEM格式
或多或少只是基于64位带codeD DER)有一个FAQ条目在此:
http://www.openssl.org/support/faq.html#PROG3
BTW, if your keys are stored in a database, there's probably no need for them to be PEM-encoded; you can save a bit of space and time by storing them in DER format and calling d2i_PrivateKey() directly. (PEM format is more or less just base64-encoded DER.) There's a FAQ entry on this: http://www.openssl.org/support/faq.html#PROG3
这篇关于如何存储公钥为C数组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
