用openssl库获得x509证书散列 [英] Get x509 certificate hash with openssl library

问题描述

我目前正在开发一个应用程序，该应用程序使用openssl库（libcrypto）生成证书。现在我必须得到已经存在的证书的散列。

I'm currently working on an app, which uses the openssl library (libcrypto) to generate certificates. Now I have to get the hash of a already existing certificate.

当我使用我的终端时，我可以使用

When I use my Terminal I am able to generate the hash value by using

openssl x509 -hash -in cert.pem -noout

输出：01da0e2b

Output: 01da0e2b

这是我的代码，我尝试使用C中的库生成我的哈希值。

This is my code where I try t generate my hash value by using the library in C.

X509 *cert = NULL;
FILE *fp = fopen(currentCert.UTF8String, "r");
PEM_read_X509(fp, &cert, NULL, NULL);

long hash = X509_subject_name_hash(cert);
char *mdString = malloc(sizeof(long));
sprintf(mdString, "%lx",hash);
printf(mdString);

输出：1817886a

Output: 1817886a

但实际上我的输出是不同的。有没有人知道我做错了什么？

But actually my output is a different one. Has anybody an idea what am I doing wrong ?

推荐答案

但实际上我的输出是不同的。有没有人知道我做错了什么？

But actually my output is a different one. Has anybody an idea what am I doing wrong ?

以下是OpenSSL如何使用它...

Here's how OpenSSL uses it...

$ cd openssl-1.0.2-src
$ grep -R X509_subject_name_hash *
apps/x509.c:                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
apps/x509.c:                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
crypto/x509/x509.h:unsigned long X509_subject_name_hash(X509 *x);
crypto/x509/x509.h:unsigned long X509_subject_name_hash_old(X509 *x);
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash(X509 *x)
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash_old(X509 *x)
...

然后，看 apps / x509.c ：

...
} else if (subject_hash == i) {
    BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
}
...

你的声明应该是：

unsigned long hash = X509_subject_name_hash(cert);

然后：

Then:

fprintf(stdout, "%08lx\n", hash);

---

另外，OpenSSL改变了计算主题的方式在OpenSSL 1.0.1的某个时候散列。这就是为什么有一个 X509_subject_name_hash 和 X509_subject_name_hash_old 。

如果您正在使用或与OpenSSL 0.9.8（比如Mac OS X 10）进行比较，请参阅在Java中生成X509Certificate的主题散列。虽然它的Java，它详细介绍OpenSSL处理主题散列。

If you are using or comparing against OpenSSL 0.9.8 (on, say Mac OS X 10), then see Generate Subject Hash of X509Certificate in Java. Though its Java, it details OpenSSL handling of the subject hash.

这篇关于用openssl库获得x509证书散列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！