RSA public key ASN.1 encode is defined in PKCS#1 as follows:
RSAPublicKey :: = SEQUENCE  {
    modulus    INTEGER,  -- n
    publicExponent    INTEGER  -- e
}
    In a DER encoded certificate the SEQUENCE is encoded again as BIT STRING type, that is, it is put into the payload part of the BIT STRING.
    If the public key ASN.1 encode is expected to be extracted from a certifcate, functions: d2i_X509() and X509_get0_pubkey_bitstr(const X509 *x) in OpenSSL can be used.
    But each time d2i_X509() is invoked, about 352 bytes memory is leaked. CRYPTO_cleanup_all_ex_data() function can be used to solve this problem. As stated in FAQ of  www.openssl.org, CRYPTO_cleanup_all_ex_data() function is a "brutal" (thread-unsafe) application-global cleanup function. Can we avoid doing this way?
   
    Let's recall ASN.1 encode rule, usually an ASN.1 object comprises three parts:
1. Type;
2. Payload length;
3. Payload.
  Firstly auxiliary functions are needed. Functions: GetPayloadByteLength(), MovePointerToPayloadStartAddress(), MovePointerToPayloadEndAddress() are designed. By invoking these functions we can count payload length and move a pointer to some special location of an ASN.1 object.
  Next the structure of a DER encoded certificate is analyzed. Look at the figure blow:

The following conclusion can be drawn: The relative location of the public key encode in a DER encoded certificate is fixed!

From this point of view, if a pointer is moved forward by adequate steps, it will be located at the start point of RSAPublicKey SEQUENCE in a DER certificate.
  At first, the pointer is pointed to the address of the first byte of the certificate.

Next, The pointer "jumps" into the SEQUENCE's payload. The payload is SEQUENCE type, too. So the pointer "jumps" into next SEQUENCE's payload. The pointer jumps over Context[0] (corresponds to version), INTEGER (corresponds to serial number), SEQUENCE (corresponds to signature algorithm), SEQUENCE (corresponds to issuer info), SEQUENCE (corresponds to validity date and time), SEQUENCE (corresponds to subject info). Now the pointer is pointed to SubjectPublicKeyInfo. The ASN.1 definition of SubjectPublicKeyInfo is as follows:

SubjectPublicKeyInfo ::= SEQUENCE  {

algorithm  AlgorithmIdentifier,

subjectPublicKey  BIT STRING

}

The pointer jumps into SubjectPublicKeyInfo's payload. Next the pointer jumps over SEQUENCE (corresponds to AlgorithmIdentifier). Now the pointer is pointed to the address of the first byte of subjectPublicKey. subjectPublicKey is BIT STRING type. If RSAPublicKey SEQUENCE is needed, the pointer must be moved to the payload part of subjectPublicKey (exactly speaking, the second byte of subjectPublicKey's payload since the first byte is 0x0).

Based on the ideas above, functions MovePointerToPublicKeyBitStringEncodeStartAddress() and GetRsaPublicKeyEncodeFromCertificate() are designed to extract public key ASN.1 encode from a certificate in DER format.

All of functions and an example program are given here:

/**************************************************

* Author: HAN Wei

* Author's blog: http://blog.csdn.net/henter/

* Date: Sept 10th, 2013

* Description: the following programs demonstrates how to

    get RSA public key ASN.1 encode from a certificate

    in DER format

**************************************************/

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

/**************************************************

* Name: MovePointerToPayloadStartAddress()

* Function: locate a pointer at the start address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object's payload

   length cannot be more than 4, that is, ASN.1 object's payload

   byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadStartAddress(unsigned char **pointer_address,

                                     unsigned char *asn1_object_encode)

{

  unsigned int byte_count_of_payload_length;

  unsigned char *p;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

    return (-1);

  p++;

  if ( *p==0x80 )  /* invalid DER encode */

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	p++;

	(*pointer_address)=p;

	return 0;

  }

  else  /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p += byte_count_of_payload_length;

	p++;

	(*pointer_address)=p;

	return 0;

  }

}

/**************************************************

* Name: GetPayloadByteLength()

* Function: get byte length of an ASN.1 object's payload part

* Parameters:

	ans1_object_encode        [in]

    payload_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

  The number of bytes used to represent ASN.1 object's payload

length cannot be more than 4, that is, ASN.1 object's payload

byte length must be less than 4G.

**************************************************/

int GetPayloadByteLength(unsigned char *asn1_object_encode,

                         unsigned int *payload_byte_len_pointer)

{

  unsigned int byte_count_of_payload_length, payload_byte_length;

  unsigned char *p;

  int i;

  payload_byte_length=0;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

  {

    *payload_byte_len_pointer=0;

    return 0;

  }

  p++;

  if ( *p==0x80 )

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	*payload_byte_len_pointer = *p;

	return 0;

  }

  else   /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p++;

    i=(int)(byte_count_of_payload_length);

	while (i>0)

	{

	  payload_byte_length = (payload_byte_length<<8) | (*p++);

	  i--;

	}

	*payload_byte_len_pointer = payload_byte_length;

	return 0;

  }

}

/**************************************************

* Name: MovePointerToPayloadEndAddress()

* Function: locate a pointer at the end address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object payload

   byte length cannot be more than 4, that is, ASN.1 object

   payload byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadEndAddress(unsigned char **pointer_address,

                                   unsigned char *asn1_object_encode)

{

  unsigned char *p;

  unsigned int pay_load_byte_len;

  if ( GetPayloadByteLength(asn1_object_encode,

                            &pay_load_byte_len) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&p, asn1_object_encode) )

    return (-1);

  p = (p + pay_load_byte_len - 1);

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: MovePointerToPublicKeyBitStringEncodeStartAddress()

* Function: locate a pointer at the start address of RSA public

    key BIT STRING part in a certificate in DER format

* Parameters:

    pointer_address      [out]

	certificate_pointer  [in]

* Return value:

   succeed -- 0

   fail    -- -1

**************************************************/

int MovePointerToPublicKeyBitStringEncodeStartAddress(unsigned char **pointer_address,

                                                      unsigned char *certificate_pointer)

{

  unsigned char *p, *next_asn1_object_pointer;

  int i;

  next_asn1_object_pointer = certificate_pointer;

  for (i=0; i<2; i++)

  {

	if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	next_asn1_object_pointer=p;

  }

  for (i=0; i<6; i++)

  {

	if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	p++;

	next_asn1_object_pointer=p;

  }

  if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

    return (-1);

  next_asn1_object_pointer=p;

  if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

    return (-1);

  p++;

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: GetRsaPublicKeyEncodeFromCertificate

* Function: get RSA public key ASN.1 encode from a certificate

    in DER format

* Parameters:

    certificate_pointer                 [in]

	public_key_encode_pointer           [in/out]

	public_key_encode_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. If the value of public_key_encode_pointer is NULL, the byte

   length of public key encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

2. If the value of public_key_encode_pointer is not NULL, RSA

   public key ASN.1 encode is copyed to the buffer pointed

   by public_key_encode_pointer, the byte length of public key

   encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

**************************************************/

int GetRsaPublicKeyEncodeFromCertificate(unsigned char *certificate_pointer,

	                                     unsigned char *public_key_encode_pointer,

							             unsigned int *public_key_encode_byte_len_pointer)

{

  unsigned char *public_key_bit_string_start_pointer, *start_pointer, *end_pointer;

  unsigned int public_key_encode_byte_len;

  if ( MovePointerToPublicKeyBitStringEncodeStartAddress(&public_key_bit_string_start_pointer,

                                                         certificate_pointer) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&start_pointer, public_key_bit_string_start_pointer) )

    return (-1);

  start_pointer++;  /* The vaule of the ASN.1 BIT STRING object's first byte is 0x0. The pointer

					   is moved forward by one byte so that it is pointed to the start addrss of

					   RSA public key SEQUENCE */

/* count the byte length of RSA public key SEQUENCE */

  if ( MovePointerToPayloadEndAddress(&end_pointer, start_pointer) )

    return (-1);

  public_key_encode_byte_len = end_pointer - start_pointer + 1;

  *public_key_encode_byte_len_pointer = public_key_encode_byte_len;

  if (!public_key_encode_pointer)

    return 0;

  else

  {

    memcpy(public_key_encode_pointer, start_pointer, public_key_encode_byte_len);

    return 0;

  }

}

/**************************************************

Example:

  The following progarm demonstrates how to get RSA public

key ASN.1 encode from a certificate file. The certificate

is in DER format.

**************************************************/

int main(void)

{

  FILE *fp;

  errno_t err;

  int file_byte_len;

  unsigned char *buffer;

  unsigned int i;

  unsigned char *public_key_encode_pointer;

  unsigned int public_key_encode_byte_len;

  if ( err=fopen_s(&fp, "test_cert.cer", "rb") )

  {

    printf("Open certificate file failed!\n");

    system("pause");

    return (-1);

  }

// get file length

  fseek(fp, 0L, SEEK_END);

  file_byte_len=ftell(fp);

  printf("The file length is %d bytes.\n", file_byte_len);

// read file into buffer

  if ( !(buffer=(unsigned char *)malloc(file_byte_len)) )

  {

	printf("malloc function failed!\n");

	fclose(fp);

	system("pause");

	return (-1);

  }

  fseek(fp,0L,SEEK_SET);

  fread(buffer, file_byte_len, 1, fp);

  fclose(fp);

// get public key ASN.1 encode byte length

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       NULL,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode byte length from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  if ( !(public_key_encode_pointer=(unsigned char *)malloc(public_key_encode_byte_len)) )

  {

	printf("malloc() function failed!\n");

	free(buffer);

	system("pause");

	return (-1);

  }

// get public key ASN.1 encode

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       public_key_encode_pointer,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  free(buffer);

  printf("publick key encode length is %d bytes.\n", public_key_encode_byte_len);

  printf("public key encode:\n");

  for (i=0; i<public_key_encode_byte_len; i++)

  {

    printf("0x%x  ", public_key_encode_pointer[i]);

  }

  printf("\n");

  free(public_key_encode_pointer);

  system("pause");

  return 0;

}

The extracted ASN.1 encode of RSA public key cannot be used directly. It is an ASN.1 SEQUENCE. RSA modulus and public exponent can be obtained after this SEQUENCE is decoded.

Get RSA public key ASN.1 encode from a certificate in DER format的更多相关文章

  1. .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY

    .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY 我得到了一个公钥,形式如下 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMroxz3 ...

  2. 在iOS中使用OpenSSL的Public Key 进行加密

    这几天一直潜心于iOS开发,刚好把遇到的问题都记录一下.这次遇到的问题就是如果根据得到的Public Key在iOS 客户端对用户名和密码进行加密. Public Key如下: -----BEGIN ...

  3. Github 访问时出现Permission denied (public key)

    一. 发现问题: 使用 git clone 命令时出现Permission denied (public key) . 二. 解决问题: 1.首先尝试重新添加以前生成的key,添加多次,仍然不起作用. ...

  4. 【原创】浅析密码学在互联网支付中的应用|RSA,Hash,AES,DES,3DES,SHA1,SHA256,MD5,SSL,Private Key,Public Key

    一)概述 什么是互联网支付? 当支付遇到互联网,一场革命自然不可避免.成为现实的是传统的现金支付已经“退居二线”,各种在线支付方式成为人们日常消费的主要支付方式.银行推出的网银以及第三方支付公司推出的 ...

  5. windows,linux,mac生成ssh public key 和 private key

    https://help.launchpad.net/YourAccount/CreatingAnSSHKeyPair Creating the key How you create your SSH ...

  6. gpg --verify之"Can't check signature: No public key"

    自从XcodeGhost之后下载软件之后也会先验证一下md5sum,现在发现后面还有gpg签名,于是也开始学习一下. gpg的文件在centos6.4上是默认安装的,其安装使用可以参照ruanyife ...

  7. 使用public key来做SSH authentication

    public key authentication(公钥认证)是对通过敲用户名.密码方式登录服务器的一种替代办法.这种方法更加安全更具有适应性,但是更难以配置. 传统的密码认证方式中,你通过证明你你知 ...

  8. SSH公钥(public key)验证

    安全的设置服务器 登陆,之前用用户名和密码登陆服务器 这样不安全 ,用SSH公钥(public key)验证  这个办法能很好的解决 登陆服务器 和安全登陆服务器 的特点: 目标: Client 免输 ...

  9. windows下git库的ssh连接,使用public key的方法

    在windows下进行项目开发,使用git,通过ssh方式与git库连接,而ssh方式用public key实现连接. 首先需要下载mygit,安装后使用git bash.git bash(有GUI界 ...

随机推荐

  1. shiro权限框架

    权限的组成部分:用户 资源 角色 权限 数据库关系表设计是根据自己项目需求设计的 account表role表(id,rolename)account_role(id,aid,rid)permissio ...

  2. 第2次增加ssh 主机信任脚本

    dr-mysql01:/root# cat a1.sh #用户名 uname="$1" #密码 passwd="$2" #执行检测并安装expect模块 ep= ...

  3. 红黑树和AVL树的实现与比较-----算法导论

    一.问题描述 实现3种树中的两种:红黑树,AVL树,Treap树 二.算法原理 (1)红黑树 红黑树是一种二叉查找树,但在每个结点上增加一个存储位表示结点的颜色,可以是red或black.红黑树满足以 ...

  4. 关于 Oracle外键列上是否需要索引问题?

    外键列上缺少索引会带来两个问题,限制并发性.影响性能.而这两个问题中的任意一个都可能会造成严重性能问题.   无论是Oracle的官方文档,还是在Tom的书中都说明了两种情况下可以忽略外键上的索引.其 ...

  5. saltstack:使用教程之二高级模块用法Grains、Pillar

    1.grains用法: 在客户端服务启动的时候收集客户的基础信息,在配置发生变化后也可以通过master重新同步 显示一个客户端的所有项目: [root@node5 ~]# salt "no ...

  6. img标签中的src为php文件

    先来看个例子: <img src="imgcode.php" alt="看不清楚,换一张" style="cursor: pointer;&qu ...

  7. Navicat连接oracle,出现Only compatible with oci version 8.1 and&amp;nb

    与本地oracle连接的时候,一般没问题.sqlplus和oci都是本地oracle自带的.(设置: 工具->选项->oci) 分别为:   oci:D:\app\pcman\produc ...

  8. Javascript面向对象研究心得

    这段时间正好公司项目须要,须要改动fullcalendar日历插件,有机会深入插件源代码.正好利用这个机会,我也大致学习了下面JS的面向对象编程,感觉收获还是比較多的. 所以写了以下这篇文章希望跟大家 ...

  9. UITableViewHeaderFooterView的使用+自己主动布局

    UITableViewHeaderFooterView的使用+自己主动布局 使用UITableView的header或footer复用时,假设採用自己主动布局,你会发现有约束冲突,以下这样写能够消除约 ...

  10. C# - 线程操作

    代码: using System; using System.Collections.Generic; using System.Linq; using System.Text; using Syst ...