S.l.e!ep.¢%

像打了激速一样,以四倍的速度运转,开心的工作
简单、开放、平等的公司文化;尊重个性、自由与个人价值;
posts - 1098, comments - 335, trackbacks - 0, articles - 1
  C++博客 :: 首页 :: 新随笔 :: 联系 :: 聚合  :: 管理

OPENSSL 生成 CERT 参考

Posted on 2010-06-06 17:57 S.l.e!ep.¢% 阅读(1128) 评论(1)  编辑 收藏 引用 所属分类: OpenSSL
#pragma comment(lib,"libeay32.lib")
#pragma comment(lib,"ssleay32.lib")
char mainkey[17]="0123456789abcdef";
char *c1="CN";
char *pr1="hunan";
char *ct1="xiangtan";
char *or1="hnust";
char *dp1="computer";
char *co1="Ling";
char *c;
char *pr;
char *ct;
char *or;
char *dp;
char *co;
X509_REQ *req=X509_REQ_new();  
X509_NAME *subj=X509_NAME_new();  
EVP_PKEY *m_pClientKey=EVP_PKEY_new();
EVP_PKEY *m_pCAKey;
X509 *m_pCACert;
X509 *ptemp=NULL;
X509 *m_pClientCert=X509_new();
BIO *pbio;
FILE *fp;
char *Save="E:\\毕业设计\\openssl_help\\CCert.der";
char *KeyName="E:\\毕业设计\\openssl_help\\RootKey.pem";
char *CerName="E:\\毕业设计\\openssl_help\\RootCert.crt";
char *KeyPwd1="481511220";
char *KeyPwd2="srvca";
char *KeyPwd3="1tian=1day";
char *crp="e:\\毕业设计\\openssl_help\\RootCert.pem";
char *ck="e:\\毕业设计\\openssl_help\\RootKey.pem";
char *country="cn";
--------------------------------------加解密----------------------------------------------
void md5(unsigned char *str,unsigned char *md)
{

  EVP_Digest(str, strlen((char *)str), md, NULL, EVP_md5(), NULL);
}
void des_cpy(char *des,char *src)
{
int i;
for(i=0;i<8;i++)
{
des[i]=src[i];
}
}
void des_ini(DES_cblock cb)
{
int i;
for(i=0;i<8;i++)
cb[i]=0x00;
}
void des_e(unsigned char *key,char *input,char **output)
{
char *output1;
char *output2;
int i;
int l=strlen(input);
int m=l/8;
int n=l%8;
DES_cblock des_key;
DES_string_to_key((char *)key, &des_key);
DES_key_schedule schedule;
  DES_set_key_checked(&des_key, &schedule);
DES_cblock des_input;
DES_cblock des_output;
if(n==0) 
{
output1=(char *)malloc(m*8+1);
output2=(char *)malloc((m*8)*2+1);
output1[m*8]='\0';
output2[m*8*2]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
for(i=0;i<m*8;i++)
{
output2[i*2]=(((output1[i]>>4)&0x0f)|0x40)+1;
output2[i*2+1]=((output1[i]&0x0f)|0x40)+1;
}
}
else 
{
output1=(char *)malloc((m+1)*8+1);
output2=(char *)malloc(((m+1)*8)*2+1);
output1[(m+1)*8]='\0';
output2[(m+1)*8*2]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
des_ini(des_input);
for(i=0;i<n;i++)
{
des_input[i]=input[m*8+i];
}
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+m*8,(char *)des_output);
for(i=0;i<(m+1)*8;i++)
{
output2[i*2]=(((output1[i]>>4)&0x0f)|0x40)+1;
output2[i*2+1]=((output1[i]&0x0f)|0x40)+1;
}
}
*output=output2;
}
void des_d(unsigned char *key,char *input,char **output)
{
char *output1;
char *input1;
int l=strlen(input)/2;
input1=(char *)malloc(l+1);
int i;
input1[l]='\0';
int m=l/8;
int n=l%8;
for(i=0;i<l;i++)
{
  input[2*i]--;
  input[2*i+1]--;
input1[i]=((input[2*i]<<4)&0xf0)|(input[2*i+1]&0x0f);
}
DES_cblock des_key;
DES_string_to_key((char *)key, &des_key);
DES_key_schedule schedule;
  DES_set_key_checked(&des_key, &schedule);
DES_cblock des_input;
DES_cblock des_output;
output1=(char *)malloc(l+1);
output1[l]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input1+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_DECRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
*output=output1;
}
void ent()
{
  char key[6][17];
  unsigned char md[6][16];
  int i;
  for(i=0;i<6;i++)
  {
strcpy(key[i],mainkey);
  }
  strcat(key[0],REQ_COUNTRY_NAME);
  strcat(key[1],REQ_STATA_OR_PROVINCE_NAME);
  strcat(key[2],REQ_LOCALITE_NAME);
  strcat(key[3],REQ_ORG_NAME);
  strcat(key[4],REQ_DEPT_NAME);
  strcat(key[5],REQ_COMMON_NAME);
  for(i=0;i<6;i++)
  {
md5((unsigned char *)key[i],md[i]);
md[i][8]='\0';
  }
  des_e((unsigned char *)key[0],c1,&c);
  des_e((unsigned char *)key[1],pr1,&pr);
  des_e((unsigned char *)key[2],ct1,&ct);
  des_e((unsigned char *)key[3],or1,&or);
  des_e((unsigned char *)key[4],dp1,&dp);
  des_e((unsigned char *)key[5],co1,&co);
}
------------------------------------------加解密部分完------------------------------------------------

主函数部分
void main(int argc,char* argv[])
{
  OpenSSL_add_all_ciphers();
  OpenSSL_add_all_digests();
  ERR_load_crypto_strings();
  /*pbio = BIO_new_file((LPSTR)(LPCTSTR)KeyName,"r");
  if(pbio==NULL)
  {
printf("CA私钥文件读取失败\n");
return;
  }
  m_pCAKey = PEM_read_bio_PrivateKey(pbio,NULL,0,(unsigned char*)(LPCTSTR)KeyPwd1);
  if(m_pCAKey==NULL)
  {
printf("CA私钥文件读取失败\n");
return;
  }
  BIO_free_all(pbio);
  pbio = BIO_new_file((LPSTR)(LPCTSTR)CerName,"r");
  if(pbio==NULL)
  {
printf("CA证书文件读取失败\n");
return;
  }
  m_pCACert=d2i_X509_bio(pbio,NULL);
  if(m_pCACert==NULL)
  {
printf("CA证书读取失败\n");
return;
  }
  BIO_free_all(pbio);*/
 /*if(!(pbio = BIO_new_file((LPSTR)(LPCTSTR)crp,"r")))
  {
printf("打开CA证书失败");
BIO_free_all(pbio);
return;
  }
  m_pCACert=d2i_X509_bio(pbio,NULL);
  if(m_pCACert==NULL)
  {
printf("打开证书失败");
BIO_free_all(pbio);
return;
  }
  m_pCAKey = PEM_read_bio_PrivateKey(pbio,NULL,0,(unsigned char*)(LPCTSTR)KeyPwd2);
  if(m_pCAKey==NULL)
  {
printf("打开私钥失败");
BIO_free_all(pbio);
return;
  }*/
  if (!(pbio = BIO_new_file((LPSTR)(LPCTSTR)crp,"r")))
  printf("打开CA文件时出错");
  if (!(m_pCACert = PEM_read_bio_X509(pbio,NULL,NULL,NULL)))
  printf("从CA证书文件中读取证书时出错");
  BIO_free_all(pbio);
  if (!(pbio = BIO_new_file((LPSTR)(LPCTSTR)ck,"r")))
  printf("打开CA私钥时出错");
  if (!(m_pCAKey = PEM_read_bio_PrivateKey(pbio, NULL, NULL,KeyPwd3)))
  printf("从文件中读取CA私钥时出错");
  BIO_free_all(pbio);

  ent();//<-------------------------------------------------------------------------------加密属性值

  EVP_PKEY_assign_RSA(m_pClientKey,RSA_generate_key(1024,0x10001,NULL,NULL));
  X509_NAME_add_entry_by_txt(subj,REQ_COUNTRY_NAME,MBSTRING_ASC,(unsigned char *)c,-1,-1,0);
  X509_NAME_add_entry_by_txt(subj,REQ_STATA_OR_PROVINCE_NAME,MBSTRING_ASC,(unsigned char *)pr,-1,-1,0);
  X509_NAME_add_entry_by_txt(subj,REQ_LOCALITE_NAME,MBSTRING_ASC,(unsigned char *)ct,-1,-1,0);
  X509_NAME_add_entry_by_txt(subj,REQ_ORG_NAME,MBSTRING_ASC,(unsigned char *)or,-1,-1,0);
  X509_NAME_add_entry_by_txt(subj,REQ_DEPT_NAME,MBSTRING_ASC,(unsigned char *)dp,-1,-1,0);
  X509_NAME_add_entry_by_txt(subj,REQ_COMMON_NAME,MBSTRING_ASC,(unsigned char *)co,-1,-1,0);
  //if(X509_REQ_set_subject_name(req,subj)!=1)
  //if(X509_NAME_set(&req->req_info->subject,subj)!=1)
  req->req_info->subject=X509_NAME_dup(subj);
  if(req->req_info->subject==NULL)
  {
printf("加入主体信息失败\n");
return;
  }
  
  //加入一个主体公钥(上小节生成的m_pClientKey)
  //X509_REQ_set_pubkey(req, m_pClientKey);
  X509_PUBKEY_set(&req->req_info->pubkey,m_pClientKey);
  //加入一组可选的扩展属性
  STACK_OF(X509_EXTENSION) *extlist=sk_X509_EXTENSION_new_null();//<--------------------调试出错在这行
  X509_EXTENSION *ext=X509V3_EXT_conf(NULL,NULL,"addr","hunanust"); 
  //生成扩展对象
  sk_X509_EXTENSION_push(extlist,ext);
  X509_REQ_add_extensions(req,extlist);//加入扩展项目。
  //用主体的私钥对上面的req进行签名。在签名是需要选择摘要算法,
  EVP_MD const *digest=EVP_md5();//(选择MD5算法)
  X509_REQ_sign(req,m_pClientKey,digest);
  ptemp=m_pClientCert;
  //设置版本号
  X509_set_version(ptemp, 2);
  //设置证书序列号,这个sn就是CA中心颁发的第N份证书
  ASN1_INTEGER_set(X509_get_serialNumber(ptemp),0);
  //设置证书开始时间
  X509_gmtime_adj(X509_get_notBefore(ptemp),0);
  //设置证书结束时间
  X509_gmtime_adj(X509_get_notAfter(ptemp), (long)60*60*24*365);
  //设置证书的主体名称,req就是刚刚生成的请求证书
  X509_set_subject_name(ptemp, X509_REQ_get_subject_name(req));
  //设置证书的公钥信息
  X509_set_pubkey(ptemp, X509_PUBKEY_get(req->req_info->pubkey));
  //设置证书的签发者信息,m_pCACert是CA证书
  X509_set_issuer_name(ptemp, X509_get_subject_name(m_pCACert));
  //设置扩展项目
  X509V3_CTX ctx;
  X509V3_set_ctx(&ctx, m_pCACert, m_pClientCert, NULL, NULL, 0);
  X509_EXTENSION *x509_ext = X509_EXTENSION_new();
  x509_ext = X509V3_EXT_conf(NULL,NULL, "hellomsg","good luck");
  X509_add_ext(m_pClientCert,x509_ext,-1);
  //设置签名值
  X509_sign(m_pClientCert,m_pCAKey,EVP_md5());
  pbio = BIO_new_file((LPSTR)(LPCTSTR)Save,"w");
  i2d_X509_bio(pbio, m_pClientCert); //DER格式
  printf("OK\n");

}

Feedback

# re: OPENSSL 生成 CERT 参考  回复  更多评论   

2013-04-18 19:29 by 吕文华
REQ_DEPT_NAME 等 这些定义在哪? 最好把头文件都给列出来。谢谢!

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   博问   Chat2DB   管理