用openssl库获得x509证书散列 [英] Get x509 certificate hash with openssl library
问题描述
我目前正在开发一个应用程序,该应用程序使用openssl库(libcrypto)生成证书。现在我必须得到已经存在的证书的散列。
I'm currently working on an app, which uses the openssl library (libcrypto) to generate certificates. Now I have to get the hash of a already existing certificate.
当我使用我的终端时,我可以使用
When I use my Terminal I am able to generate the hash value by using
openssl x509 -hash -in cert.pem -noout
输出:01da0e2b
Output: 01da0e2b
这是我的代码,我尝试使用C中的库生成我的哈希值。
This is my code where I try t generate my hash value by using the library in C.
X509 *cert = NULL;
FILE *fp = fopen(currentCert.UTF8String, "r");
PEM_read_X509(fp, &cert, NULL, NULL);
long hash = X509_subject_name_hash(cert);
char *mdString = malloc(sizeof(long));
sprintf(mdString, "%lx",hash);
printf(mdString);
输出:1817886a
Output: 1817886a
但实际上我的输出是不同的。有没有人知道我做错了什么?
But actually my output is a different one. Has anybody an idea what am I doing wrong ?
推荐答案
但实际上我的输出是不同的。有没有人知道我做错了什么?
But actually my output is a different one. Has anybody an idea what am I doing wrong ?
以下是OpenSSL如何使用它...
Here's how OpenSSL uses it...
$ cd openssl-1.0.2-src
$ grep -R X509_subject_name_hash *
apps/x509.c: BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
apps/x509.c: BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
crypto/x509/x509.h:unsigned long X509_subject_name_hash(X509 *x);
crypto/x509/x509.h:unsigned long X509_subject_name_hash_old(X509 *x);
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash(X509 *x)
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash_old(X509 *x)
...
然后,看 apps / x509.c
:
...
} else if (subject_hash == i) {
BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
}
...
你的声明应该是:
unsigned long hash = X509_subject_name_hash(cert);
然后:
Then:
fprintf(stdout, "%08lx\n", hash);
另外,OpenSSL改变了计算主题的方式在OpenSSL 1.0.1的某个时候散列。这就是为什么有一个 X509_subject_name_hash
和 X509_subject_name_hash_old
。
如果您正在使用或与OpenSSL 0.9.8(比如Mac OS X 10)进行比较,请参阅在Java中生成X509Certificate的主题散列。虽然它的Java,它详细介绍OpenSSL处理主题散列。
If you are using or comparing against OpenSSL 0.9.8 (on, say Mac OS X 10), then see Generate Subject Hash of X509Certificate in Java. Though its Java, it details OpenSSL handling of the subject hash.
这篇关于用openssl库获得x509证书散列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!