2
我已創建一個如下所示的RSA證書。如何從證書獲得主題密鑰標識符
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=NRW, L=Aachen, O=RWTH Aachen University, CN=Anupam Ashish Root CA/[email protected]
Validity
Not Before: Mar 1 12:09:56 2012 GMT
Not After : Nov 26 12:09:56 2014 GMT
Subject: C=DE, ST=NRW, O=RWTH Aachen University, CN=Middle Box2/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c5:3f:ef:31:eb:93:48:ca:a9:43:10:a7:35:0f:
c2:eb:d6:96:28:d1:14:be:0b:9e:f6:b1:c9:ee:6c:
05:11:92:b3:ac:02:0a:b2:a9:e2:22:19:58:e9:ba:
72:8d:ff:f4:3d:eb:a1:32:51:ee:02:bc:60:31:77:
b4:f7:14:e0:04:7d:e4:5a:05:e7:03:6f:b4:76:2a:
05:a1:d2:01:18:d8:a1:a0:b5:0f:85:88:96:94:84:
78:26:69:36:3a:66:b0:28:27:ed:58:43:26:c4:00:
5f:f1:b2:fb:79:38:a1:b3:96:f4:64:df:b1:15:9f:
ba:1a:ac:56:17:0b:47:06:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
5D:A1:F3:85:B3:FA:E2:81:9C:F6:C9:8E:E6:63:0F:B5:A3:7E:C3:B7
X509v3 Authority Key Identifier:
keyid:2E:8B:78:D6:B0:52:F9:D8:EB:55:94:60:55:0D:B3:1A:20:50:93:CE
DirName:/C=DE/ST=NRW/L=Aachen/O=RWTH Aachen University/CN=Anupam Ashish Root CA/[email protected]
serial:E2:08:67:9C:EF:A1:48:1C
Netscape CA Revocation Url:
https://www.example.com/example-ca-crl.pem
Signature Algorithm: sha1WithRSAEncryption
62:1b:d4:37:45:62:12:54:b1:75:db:dd:fa:21:c6:73:a4:8b:
08:e0:28:b7:5c:d2:c5:d4:8c:71:97:7b:97:a4:d3:fc:87:d5:
ea:b2:ba:77:73:61:bf:d5:a5:04:18:f1:3a:a5:eb:bf:68:e0:
9b:e1:c8:2b:a5:c0:5c:11:48:9f:27:42:e9:d2:fd:0c:ac:1b:
c8:fa:47:fc:03:d2:cc:52:b2:67:1a:a5:96:47:9c:10:d4:5f:
67:58:fa:06:b1:12:16:fd:1a:32:e6:77:24:ae:3d:f6:f6:b3:
a4:ee:58:18:bb:54:d2:57:4e:60:8f:be:89:bb:ad:57:a6:fe:
31:2a
-----BEGIN CERTIFICATE-----
MIIDqDCCAxGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
DDAKBgNVBAgTA05SVzEPMA0GA1UEBxMGQWFjaGVuMR8wHQYDVQQKExZSV1RIIEFh
Y2hlbiBVbml2ZXJzaXR5MR4wHAYDVQQDExVBbnVwYW0gQXNoaXNoIFJvb3QgQ0Ex
IDAeBgkqhkiG9w0BCQEWEXJvb3RfY2FAZ21haWwuY29tMB4XDTEyMDMwMTEyMDk1
NloXDTE0MTEyNjEyMDk1NlowcDELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEf
MB0GA1UEChMWUldUSCBBYWNoZW4gVW5pdmVyc2l0eTEUMBIGA1UEAxMLTWlkZGxl
IEJveDIxHDAaBgkqhkiG9w0BCQEWDW1iMkBnbWFpbC5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAMU/7zHrk0jKqUMQpzUPwuvWlijRFL4Lnvaxye5sBRGS
s6wCCrKp4iIZWOm6co3/9D3roTJR7gK8YDF3tPcU4AR95FoF5wNvtHYqBaHSARjY
oaC1D4WIlpSEeCZpNjpmsCgn7VhDJsQAX/Gy+3k4obOW9GTfsRWfuhqsVhcLRwYL
AgMBAAGjggEwMIIBLDAJBgNVHRMEAjAAMB0GA1UdDgQWBBRdofOFs/rigZz2yY7m
Yw+1o37DtzCBxAYDVR0jBIG8MIG5gBQui3jWsFL52OtVlGBVDbMaIFCTzqGBlaSB
kjCBjzELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEPMA0GA1UEBxMGQWFjaGVu
MR8wHQYDVQQKExZSV1RIIEFhY2hlbiBVbml2ZXJzaXR5MR4wHAYDVQQDExVBbnVw
YW0gQXNoaXNoIFJvb3QgQ0ExIDAeBgkqhkiG9w0BCQEWEXJvb3RfY2FAZ21haWwu
Y29tggkA4ghnnO+hSBwwOQYJYIZIAYb4QgEEBCwWKmh0dHBzOi8vd3d3LmV4YW1w
bGUuY29tL2V4YW1wbGUtY2EtY3JsLnBlbTANBgkqhkiG9w0BAQUFAAOBgQBiG9Q3
RWISVLF12936IcZzpIsI4Ci3XNLF1Ixxl3uXpNP8h9Xqsrp3c2G/1aUEGPE6peu/
aOCb4cgrpcBcEUifJ0Lp0v0MrBvI+kf8A9LMUrJnGqWWR5wQ1F9nWPoGsRIW/Roy
5nckrj329rOk7lgYu1TSV05gj76Ju61Xpv4xKg==
-----END CERTIFICATE-----
我能夠從文件中讀取證書,並在x509結構的內存中擁有證書。 但是,對於我的項目,我需要存儲在x509v3擴展組件中的主題密鑰標識符(SKID)中的公鑰的散列。我無法找到一個明確的方式,以我如何在C檢索此使用OpenSSL的功能
請幫
感謝 阿努邦
我嘗試以下這一點,但未能找到表示SKID的結構,所以就用一個ASN1_OCTET_STRING像這樣'ASN1_OCTET_STRING * subjectKeyID =(ASN1_OCTET_STRING *)X509V3_EXT_d2i(EXT);'我得到的結果是由不同通過直接檢查證書獲得。你能詳細說明你的答案嗎? – nullgraph 2015-08-19 18:22:31