RSA public key ASN.1 encode is defined in PKCS#1 as follows:
RSAPublicKey :: = SEQUENCE  {
    modulus    INTEGER,  -- n
    publicExponent    INTEGER  -- e
}
    In a DER encoded certificate the SEQUENCE is encoded again as BIT STRING type, that is, it is put into the payload part of the BIT STRING.
    If the public key ASN.1 encode is expected to be extracted from a certifcate, functions: d2i_X509() and X509_get0_pubkey_bitstr(const X509 *x) in OpenSSL can be used.
    But each time d2i_X509() is invoked, about 352 bytes memory is leaked. CRYPTO_cleanup_all_ex_data() function can be used to solve this problem. As stated in FAQ of  www.openssl.org, CRYPTO_cleanup_all_ex_data() function is a "brutal" (thread-unsafe) application-global cleanup function. Can we avoid doing this way?
   
    Let's recall ASN.1 encode rule, usually an ASN.1 object comprises three parts:
1. Type;
2. Payload length;
3. Payload.
  Firstly auxiliary functions are needed. Functions: GetPayloadByteLength(), MovePointerToPayloadStartAddress(), MovePointerToPayloadEndAddress() are designed. By invoking these functions we can count payload length and move a pointer to some special location of an ASN.1 object.
  Next the structure of a DER encoded certificate is analyzed. Look at the figure blow:

The following conclusion can be drawn: The relative location of the public key encode in a DER encoded certificate is fixed!

From this point of view, if a pointer is moved forward by adequate steps, it will be located at the start point of RSAPublicKey SEQUENCE in a DER certificate.
  At first, the pointer is pointed to the address of the first byte of the certificate.

Next, The pointer "jumps" into the SEQUENCE's payload. The payload is SEQUENCE type, too. So the pointer "jumps" into next SEQUENCE's payload. The pointer jumps over Context[0] (corresponds to version), INTEGER (corresponds to serial number), SEQUENCE (corresponds to signature algorithm), SEQUENCE (corresponds to issuer info), SEQUENCE (corresponds to validity date and time), SEQUENCE (corresponds to subject info). Now the pointer is pointed to SubjectPublicKeyInfo. The ASN.1 definition of SubjectPublicKeyInfo is as follows:

SubjectPublicKeyInfo ::= SEQUENCE  {

algorithm  AlgorithmIdentifier,

subjectPublicKey  BIT STRING

}

The pointer jumps into SubjectPublicKeyInfo's payload. Next the pointer jumps over SEQUENCE (corresponds to AlgorithmIdentifier). Now the pointer is pointed to the address of the first byte of subjectPublicKey. subjectPublicKey is BIT STRING type. If RSAPublicKey SEQUENCE is needed, the pointer must be moved to the payload part of subjectPublicKey (exactly speaking, the second byte of subjectPublicKey's payload since the first byte is 0x0).

Based on the ideas above, functions MovePointerToPublicKeyBitStringEncodeStartAddress() and GetRsaPublicKeyEncodeFromCertificate() are designed to extract public key ASN.1 encode from a certificate in DER format.

All of functions and an example program are given here:

/**************************************************

* Author: HAN Wei

* Author's blog: http://blog.csdn.net/henter/

* Date: Sept 10th, 2013

* Description: the following programs demonstrates how to

    get RSA public key ASN.1 encode from a certificate

    in DER format

**************************************************/

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

/**************************************************

* Name: MovePointerToPayloadStartAddress()

* Function: locate a pointer at the start address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object's payload

   length cannot be more than 4, that is, ASN.1 object's payload

   byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadStartAddress(unsigned char **pointer_address,

                                     unsigned char *asn1_object_encode)

{

  unsigned int byte_count_of_payload_length;

  unsigned char *p;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

    return (-1);

  p++;

  if ( *p==0x80 )  /* invalid DER encode */

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	p++;

	(*pointer_address)=p;

	return 0;

  }

  else  /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p += byte_count_of_payload_length;

	p++;

	(*pointer_address)=p;

	return 0;

  }

}

/**************************************************

* Name: GetPayloadByteLength()

* Function: get byte length of an ASN.1 object's payload part

* Parameters:

	ans1_object_encode        [in]

    payload_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

  The number of bytes used to represent ASN.1 object's payload

length cannot be more than 4, that is, ASN.1 object's payload

byte length must be less than 4G.

**************************************************/

int GetPayloadByteLength(unsigned char *asn1_object_encode,

                         unsigned int *payload_byte_len_pointer)

{

  unsigned int byte_count_of_payload_length, payload_byte_length;

  unsigned char *p;

  int i;

  payload_byte_length=0;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

  {

    *payload_byte_len_pointer=0;

    return 0;

  }

  p++;

  if ( *p==0x80 )

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	*payload_byte_len_pointer = *p;

	return 0;

  }

  else   /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p++;

    i=(int)(byte_count_of_payload_length);

	while (i>0)

	{

	  payload_byte_length = (payload_byte_length<<8) | (*p++);

	  i--;

	}

	*payload_byte_len_pointer = payload_byte_length;

	return 0;

  }

}

/**************************************************

* Name: MovePointerToPayloadEndAddress()

* Function: locate a pointer at the end address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object payload

   byte length cannot be more than 4, that is, ASN.1 object

   payload byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadEndAddress(unsigned char **pointer_address,

                                   unsigned char *asn1_object_encode)

{

  unsigned char *p;

  unsigned int pay_load_byte_len;

  if ( GetPayloadByteLength(asn1_object_encode,

                            &pay_load_byte_len) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&p, asn1_object_encode) )

    return (-1);

  p = (p + pay_load_byte_len - 1);

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: MovePointerToPublicKeyBitStringEncodeStartAddress()

* Function: locate a pointer at the start address of RSA public

    key BIT STRING part in a certificate in DER format

* Parameters:

    pointer_address      [out]

	certificate_pointer  [in]

* Return value:

   succeed -- 0

   fail    -- -1

**************************************************/

int MovePointerToPublicKeyBitStringEncodeStartAddress(unsigned char **pointer_address,

                                                      unsigned char *certificate_pointer)

{

  unsigned char *p, *next_asn1_object_pointer;

  int i;

  next_asn1_object_pointer = certificate_pointer;

  for (i=0; i<2; i++)

  {

	if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	next_asn1_object_pointer=p;

  }

  for (i=0; i<6; i++)

  {

	if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	p++;

	next_asn1_object_pointer=p;

  }

  if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

    return (-1);

  next_asn1_object_pointer=p;

  if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

    return (-1);

  p++;

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: GetRsaPublicKeyEncodeFromCertificate

* Function: get RSA public key ASN.1 encode from a certificate

    in DER format

* Parameters:

    certificate_pointer                 [in]

	public_key_encode_pointer           [in/out]

	public_key_encode_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. If the value of public_key_encode_pointer is NULL, the byte

   length of public key encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

2. If the value of public_key_encode_pointer is not NULL, RSA

   public key ASN.1 encode is copyed to the buffer pointed

   by public_key_encode_pointer, the byte length of public key

   encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

**************************************************/

int GetRsaPublicKeyEncodeFromCertificate(unsigned char *certificate_pointer,

	                                     unsigned char *public_key_encode_pointer,

							             unsigned int *public_key_encode_byte_len_pointer)

{

  unsigned char *public_key_bit_string_start_pointer, *start_pointer, *end_pointer;

  unsigned int public_key_encode_byte_len;

  if ( MovePointerToPublicKeyBitStringEncodeStartAddress(&public_key_bit_string_start_pointer,

                                                         certificate_pointer) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&start_pointer, public_key_bit_string_start_pointer) )

    return (-1);

  start_pointer++;  /* The vaule of the ASN.1 BIT STRING object's first byte is 0x0. The pointer

					   is moved forward by one byte so that it is pointed to the start addrss of

					   RSA public key SEQUENCE */

/* count the byte length of RSA public key SEQUENCE */

  if ( MovePointerToPayloadEndAddress(&end_pointer, start_pointer) )

    return (-1);

  public_key_encode_byte_len = end_pointer - start_pointer + 1;

  *public_key_encode_byte_len_pointer = public_key_encode_byte_len;

  if (!public_key_encode_pointer)

    return 0;

  else

  {

    memcpy(public_key_encode_pointer, start_pointer, public_key_encode_byte_len);

    return 0;

  }

}

/**************************************************

Example:

  The following progarm demonstrates how to get RSA public

key ASN.1 encode from a certificate file. The certificate

is in DER format.

**************************************************/

int main(void)

{

  FILE *fp;

  errno_t err;

  int file_byte_len;

  unsigned char *buffer;

  unsigned int i;

  unsigned char *public_key_encode_pointer;

  unsigned int public_key_encode_byte_len;

  if ( err=fopen_s(&fp, "test_cert.cer", "rb") )

  {

    printf("Open certificate file failed!\n");

    system("pause");

    return (-1);

  }

// get file length

  fseek(fp, 0L, SEEK_END);

  file_byte_len=ftell(fp);

  printf("The file length is %d bytes.\n", file_byte_len);

// read file into buffer

  if ( !(buffer=(unsigned char *)malloc(file_byte_len)) )

  {

	printf("malloc function failed!\n");

	fclose(fp);

	system("pause");

	return (-1);

  }

  fseek(fp,0L,SEEK_SET);

  fread(buffer, file_byte_len, 1, fp);

  fclose(fp);

// get public key ASN.1 encode byte length

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       NULL,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode byte length from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  if ( !(public_key_encode_pointer=(unsigned char *)malloc(public_key_encode_byte_len)) )

  {

	printf("malloc() function failed!\n");

	free(buffer);

	system("pause");

	return (-1);

  }

// get public key ASN.1 encode

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       public_key_encode_pointer,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  free(buffer);

  printf("publick key encode length is %d bytes.\n", public_key_encode_byte_len);

  printf("public key encode:\n");

  for (i=0; i<public_key_encode_byte_len; i++)

  {

    printf("0x%x  ", public_key_encode_pointer[i]);

  }

  printf("\n");

  free(public_key_encode_pointer);

  system("pause");

  return 0;

}

The extracted ASN.1 encode of RSA public key cannot be used directly. It is an ASN.1 SEQUENCE. RSA modulus and public exponent can be obtained after this SEQUENCE is decoded.

Get RSA public key ASN.1 encode from a certificate in DER format的更多相关文章

  1. .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY

    .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY 我得到了一个公钥,形式如下 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMroxz3 ...

  2. 在iOS中使用OpenSSL的Public Key 进行加密

    这几天一直潜心于iOS开发,刚好把遇到的问题都记录一下.这次遇到的问题就是如果根据得到的Public Key在iOS 客户端对用户名和密码进行加密. Public Key如下: -----BEGIN ...

  3. Github 访问时出现Permission denied (public key)

    一. 发现问题: 使用 git clone 命令时出现Permission denied (public key) . 二. 解决问题: 1.首先尝试重新添加以前生成的key,添加多次,仍然不起作用. ...

  4. 【原创】浅析密码学在互联网支付中的应用|RSA,Hash,AES,DES,3DES,SHA1,SHA256,MD5,SSL,Private Key,Public Key

    一)概述 什么是互联网支付? 当支付遇到互联网,一场革命自然不可避免.成为现实的是传统的现金支付已经“退居二线”,各种在线支付方式成为人们日常消费的主要支付方式.银行推出的网银以及第三方支付公司推出的 ...

  5. windows,linux,mac生成ssh public key 和 private key

    https://help.launchpad.net/YourAccount/CreatingAnSSHKeyPair Creating the key How you create your SSH ...

  6. gpg --verify之"Can't check signature: No public key"

    自从XcodeGhost之后下载软件之后也会先验证一下md5sum,现在发现后面还有gpg签名,于是也开始学习一下. gpg的文件在centos6.4上是默认安装的,其安装使用可以参照ruanyife ...

  7. 使用public key来做SSH authentication

    public key authentication(公钥认证)是对通过敲用户名.密码方式登录服务器的一种替代办法.这种方法更加安全更具有适应性,但是更难以配置. 传统的密码认证方式中,你通过证明你你知 ...

  8. SSH公钥(public key)验证

    安全的设置服务器 登陆,之前用用户名和密码登陆服务器 这样不安全 ,用SSH公钥(public key)验证  这个办法能很好的解决 登陆服务器 和安全登陆服务器 的特点: 目标: Client 免输 ...

  9. windows下git库的ssh连接,使用public key的方法

    在windows下进行项目开发,使用git,通过ssh方式与git库连接,而ssh方式用public key实现连接. 首先需要下载mygit,安装后使用git bash.git bash(有GUI界 ...

随机推荐

  1. USACO Healthy Holsteins DFS

    使用排列组合,遍历所有可能的情况C(1)+C(2)+C(3)……C(n)= 2^G种组合 数据规模不大,暴力过去最多也就是2^15 = 23768种情况 所以就暴力咯,不过还是Debug了一会 Sou ...

  2. WebFetch 是无依赖极简网页爬取组件

    WebFetch 是无依赖极简网页爬取组件,能在移动设备上运行的微型爬虫. WebFetch 要达到的目标: 没有第三方依赖jar包 减少内存使用 提高CPU利用率 加快网络爬取速度 简洁明了的api ...

  3. 项目中用到的Java注解

    元注解: @Retention(RetentionPolicy.RUNTIME)   @Target({ElementType.METHOD})  作用:@interface用来声明一个注解,其中的每 ...

  4. 常用位操作,写8位 12864串口模式 I2C 1302 18B20

    /*以1302为例*/ void DS1302InputByte(unsigned char d)  //实时时钟写入一字节(内部函数) {     unsigned char i;     ACC ...

  5. 更好地认知Azure

    编辑人员注释:本文章由 Windows Azure 网站团队项目经理 Erez Benari 撰写. 我们的网站 http://www.windowsazure.com 包含大量信息,并且也在不断添加 ...

  6. cocos2d-x游戏开发系列教程-坦克大战游戏之敌方坦克AI的编写

    在上篇我们完成了子弹和地图碰撞的检测,在这篇我们将完成敌方坦克AI的编写. 具体思路是屏幕中保持有四个敌方坦克,然后坦克随机方向运动,并且子弹消失后1秒发射一次 1.我们新建一个敌方坦克的AI类来控制 ...

  7. [C++Boost]程序参数项解析库Program_options使用指南

    介绍 程序参数项(program options)是一系列name=value对,program_options 允许程序开发者获得通过命令行(command line)和配置文件(config fi ...

  8. PClady专访中国第一名媛、元媛舞会总裁周采茨女士【图】_摩登前沿 _奢品 _太平洋时尚网

    PClady专访中国第一名媛.元媛舞会总裁周采茨女士[图]_摩登前沿 _奢品 _太平洋时尚网 PClady专访中国第一名媛.元媛舞会总裁周采茨女士

  9. PHP - 图像处理

    第14章 处理图像 学习要点: 1.创建图像 2.简单小案例 在PHP5中,动态图象的处理要比以前容易得多.PHP5在php.ini文件中包含了GD扩展包,只需去掉GD扩展包的相应注释就可以正常使用了 ...

  10. 多文件上传组件FineUploader使用心得

    原文 多文件上传组件FineUploader使用心得 做Web开发的童鞋都知道,需要经常从客户端上传文件到服务端,当然,你可以使用<input type="file"/> ...