2012-03-27 428 views
2

我已創建一個如下所示的RSA證書。如何從證書獲得主題密鑰標識符

Certificate: 
Data: 
    Version: 3 (0x2) 
    Serial Number: 5 (0x5) 
    Signature Algorithm: sha1WithRSAEncryption 
    Issuer: C=DE, ST=NRW, L=Aachen, O=RWTH Aachen University, CN=Anupam Ashish Root CA/[email protected] 
    Validity 
     Not Before: Mar 1 12:09:56 2012 GMT 
     Not After : Nov 26 12:09:56 2014 GMT 
    Subject: C=DE, ST=NRW, O=RWTH Aachen University, CN=Middle Box2/[email protected] 
    Subject Public Key Info: 
     Public Key Algorithm: rsaEncryption 
     RSA Public Key: (1024 bit) 
      Modulus (1024 bit): 
       00:c5:3f:ef:31:eb:93:48:ca:a9:43:10:a7:35:0f: 
       c2:eb:d6:96:28:d1:14:be:0b:9e:f6:b1:c9:ee:6c: 
       05:11:92:b3:ac:02:0a:b2:a9:e2:22:19:58:e9:ba: 
       72:8d:ff:f4:3d:eb:a1:32:51:ee:02:bc:60:31:77: 
       b4:f7:14:e0:04:7d:e4:5a:05:e7:03:6f:b4:76:2a: 
       05:a1:d2:01:18:d8:a1:a0:b5:0f:85:88:96:94:84: 
       78:26:69:36:3a:66:b0:28:27:ed:58:43:26:c4:00: 
       5f:f1:b2:fb:79:38:a1:b3:96:f4:64:df:b1:15:9f: 
       ba:1a:ac:56:17:0b:47:06:0b 
      Exponent: 65537 (0x10001) 
    X509v3 extensions: 
     X509v3 Basic Constraints: 
      CA:FALSE 
     X509v3 Subject Key Identifier: 
      5D:A1:F3:85:B3:FA:E2:81:9C:F6:C9:8E:E6:63:0F:B5:A3:7E:C3:B7 
     X509v3 Authority Key Identifier: 
      keyid:2E:8B:78:D6:B0:52:F9:D8:EB:55:94:60:55:0D:B3:1A:20:50:93:CE 
      DirName:/C=DE/ST=NRW/L=Aachen/O=RWTH Aachen University/CN=Anupam Ashish Root CA/[email protected] 
      serial:E2:08:67:9C:EF:A1:48:1C 

     Netscape CA Revocation Url: 
      https://www.example.com/example-ca-crl.pem 
Signature Algorithm: sha1WithRSAEncryption 
    62:1b:d4:37:45:62:12:54:b1:75:db:dd:fa:21:c6:73:a4:8b: 
    08:e0:28:b7:5c:d2:c5:d4:8c:71:97:7b:97:a4:d3:fc:87:d5: 
    ea:b2:ba:77:73:61:bf:d5:a5:04:18:f1:3a:a5:eb:bf:68:e0: 
    9b:e1:c8:2b:a5:c0:5c:11:48:9f:27:42:e9:d2:fd:0c:ac:1b: 
    c8:fa:47:fc:03:d2:cc:52:b2:67:1a:a5:96:47:9c:10:d4:5f: 
    67:58:fa:06:b1:12:16:fd:1a:32:e6:77:24:ae:3d:f6:f6:b3: 
    a4:ee:58:18:bb:54:d2:57:4e:60:8f:be:89:bb:ad:57:a6:fe: 
    31:2a 
-----BEGIN CERTIFICATE----- 
MIIDqDCCAxGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx 
DDAKBgNVBAgTA05SVzEPMA0GA1UEBxMGQWFjaGVuMR8wHQYDVQQKExZSV1RIIEFh 
Y2hlbiBVbml2ZXJzaXR5MR4wHAYDVQQDExVBbnVwYW0gQXNoaXNoIFJvb3QgQ0Ex 
IDAeBgkqhkiG9w0BCQEWEXJvb3RfY2FAZ21haWwuY29tMB4XDTEyMDMwMTEyMDk1 
NloXDTE0MTEyNjEyMDk1NlowcDELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEf 
MB0GA1UEChMWUldUSCBBYWNoZW4gVW5pdmVyc2l0eTEUMBIGA1UEAxMLTWlkZGxl 
IEJveDIxHDAaBgkqhkiG9w0BCQEWDW1iMkBnbWFpbC5jb20wgZ8wDQYJKoZIhvcN 
AQEBBQADgY0AMIGJAoGBAMU/7zHrk0jKqUMQpzUPwuvWlijRFL4Lnvaxye5sBRGS 
s6wCCrKp4iIZWOm6co3/9D3roTJR7gK8YDF3tPcU4AR95FoF5wNvtHYqBaHSARjY 
oaC1D4WIlpSEeCZpNjpmsCgn7VhDJsQAX/Gy+3k4obOW9GTfsRWfuhqsVhcLRwYL 
AgMBAAGjggEwMIIBLDAJBgNVHRMEAjAAMB0GA1UdDgQWBBRdofOFs/rigZz2yY7m 
Yw+1o37DtzCBxAYDVR0jBIG8MIG5gBQui3jWsFL52OtVlGBVDbMaIFCTzqGBlaSB 
kjCBjzELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEPMA0GA1UEBxMGQWFjaGVu 
MR8wHQYDVQQKExZSV1RIIEFhY2hlbiBVbml2ZXJzaXR5MR4wHAYDVQQDExVBbnVw 
YW0gQXNoaXNoIFJvb3QgQ0ExIDAeBgkqhkiG9w0BCQEWEXJvb3RfY2FAZ21haWwu 
Y29tggkA4ghnnO+hSBwwOQYJYIZIAYb4QgEEBCwWKmh0dHBzOi8vd3d3LmV4YW1w  
bGUuY29tL2V4YW1wbGUtY2EtY3JsLnBlbTANBgkqhkiG9w0BAQUFAAOBgQBiG9Q3 
RWISVLF12936IcZzpIsI4Ci3XNLF1Ixxl3uXpNP8h9Xqsrp3c2G/1aUEGPE6peu/ 
aOCb4cgrpcBcEUifJ0Lp0v0MrBvI+kf8A9LMUrJnGqWWR5wQ1F9nWPoGsRIW/Roy 
5nckrj329rOk7lgYu1TSV05gj76Ju61Xpv4xKg== 
-----END CERTIFICATE----- 

我能夠從文件中讀取證書,並在x509結構的內存中擁有證書。 但是,對於我的項目,我需要存儲在x509v3擴展組件中的主題密鑰標識符(SKID)中的公鑰的散列。我無法找到一個明確的方式,以我如何在C檢索此使用OpenSSL的功能

請幫

感謝 阿努邦

回答

1

看看X509_get_ext_by_NID()

例如:

int loc = X509_get_ext_by_NID(cert, NID_subject_key_identifier,-1); 
    X509_EXTENSION *ext = X509_get_ext(cert, loc); 
    if (ext) { 
      /* your code here, data is in ext->value->data */ 
    } 

過時的文件,但仍然有效:

http://www.umich.edu/~x509/ssleay/x509_exts.html

+0

我嘗試以下這一點,但未能找到表示SKID的結構,所以就用一個ASN1_OCTET_STRING像這樣'ASN1_OCTET_STRING * subjectKeyID =(ASN1_OCTET_STRING *)X509V3_EXT_d2i(EXT);'我得到的結果是由不同通過直接檢查證書獲得。你能詳細說明你的答案嗎? – nullgraph 2015-08-19 18:22:31