RSA public key ASN.1 encode is defined in PKCS#1 as follows:
RSAPublicKey :: = SEQUENCE  {
    modulus    INTEGER,  -- n
    publicExponent    INTEGER  -- e
}
    In a DER encoded certificate the SEQUENCE is encoded again as BIT STRING type, that is, it is put into the payload part of the BIT STRING.
    If the public key ASN.1 encode is expected to be extracted from a certifcate, functions: d2i_X509() and X509_get0_pubkey_bitstr(const X509 *x) in OpenSSL can be used.
    But each time d2i_X509() is invoked, about 352 bytes memory is leaked. CRYPTO_cleanup_all_ex_data() function can be used to solve this problem. As stated in FAQ of  www.openssl.org, CRYPTO_cleanup_all_ex_data() function is a "brutal" (thread-unsafe) application-global cleanup function. Can we avoid doing this way?
   
    Let's recall ASN.1 encode rule, usually an ASN.1 object comprises three parts:
1. Type;
2. Payload length;
3. Payload.
  Firstly auxiliary functions are needed. Functions: GetPayloadByteLength(), MovePointerToPayloadStartAddress(), MovePointerToPayloadEndAddress() are designed. By invoking these functions we can count payload length and move a pointer to some special location of an ASN.1 object.
  Next the structure of a DER encoded certificate is analyzed. Look at the figure blow:

The following conclusion can be drawn: The relative location of the public key encode in a DER encoded certificate is fixed!

From this point of view, if a pointer is moved forward by adequate steps, it will be located at the start point of RSAPublicKey SEQUENCE in a DER certificate.
  At first, the pointer is pointed to the address of the first byte of the certificate.

Next, The pointer "jumps" into the SEQUENCE's payload. The payload is SEQUENCE type, too. So the pointer "jumps" into next SEQUENCE's payload. The pointer jumps over Context[0] (corresponds to version), INTEGER (corresponds to serial number), SEQUENCE (corresponds to signature algorithm), SEQUENCE (corresponds to issuer info), SEQUENCE (corresponds to validity date and time), SEQUENCE (corresponds to subject info). Now the pointer is pointed to SubjectPublicKeyInfo. The ASN.1 definition of SubjectPublicKeyInfo is as follows:

SubjectPublicKeyInfo ::= SEQUENCE  {

algorithm  AlgorithmIdentifier,

subjectPublicKey  BIT STRING

}

The pointer jumps into SubjectPublicKeyInfo's payload. Next the pointer jumps over SEQUENCE (corresponds to AlgorithmIdentifier). Now the pointer is pointed to the address of the first byte of subjectPublicKey. subjectPublicKey is BIT STRING type. If RSAPublicKey SEQUENCE is needed, the pointer must be moved to the payload part of subjectPublicKey (exactly speaking, the second byte of subjectPublicKey's payload since the first byte is 0x0).

Based on the ideas above, functions MovePointerToPublicKeyBitStringEncodeStartAddress() and GetRsaPublicKeyEncodeFromCertificate() are designed to extract public key ASN.1 encode from a certificate in DER format.

All of functions and an example program are given here:

/**************************************************

* Author: HAN Wei

* Author's blog: http://blog.csdn.net/henter/

* Date: Sept 10th, 2013

* Description: the following programs demonstrates how to

    get RSA public key ASN.1 encode from a certificate

    in DER format

**************************************************/

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

/**************************************************

* Name: MovePointerToPayloadStartAddress()

* Function: locate a pointer at the start address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object's payload

   length cannot be more than 4, that is, ASN.1 object's payload

   byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadStartAddress(unsigned char **pointer_address,

                                     unsigned char *asn1_object_encode)

{

  unsigned int byte_count_of_payload_length;

  unsigned char *p;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

    return (-1);

  p++;

  if ( *p==0x80 )  /* invalid DER encode */

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	p++;

	(*pointer_address)=p;

	return 0;

  }

  else  /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p += byte_count_of_payload_length;

	p++;

	(*pointer_address)=p;

	return 0;

  }

}

/**************************************************

* Name: GetPayloadByteLength()

* Function: get byte length of an ASN.1 object's payload part

* Parameters:

	ans1_object_encode        [in]

    payload_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

  The number of bytes used to represent ASN.1 object's payload

length cannot be more than 4, that is, ASN.1 object's payload

byte length must be less than 4G.

**************************************************/

int GetPayloadByteLength(unsigned char *asn1_object_encode,

                         unsigned int *payload_byte_len_pointer)

{

  unsigned int byte_count_of_payload_length, payload_byte_length;

  unsigned char *p;

  int i;

  payload_byte_length=0;

  p=asn1_object_encode;

  if ( *p==0x5 )  /* ASN.1 NULL type */

  {

    *payload_byte_len_pointer=0;

    return 0;

  }

  p++;

  if ( *p==0x80 )

    return (-1);

  if ( *p<0x80 )  /* short encoding for payload length part */

  {

	*payload_byte_len_pointer = *p;

	return 0;

  }

  else   /* long encoding for payload length part */

  {

    byte_count_of_payload_length = (*p)&(0x7F);

    if ( byte_count_of_payload_length > 4 )

     return (-1);

    p++;

    i=(int)(byte_count_of_payload_length);

	while (i>0)

	{

	  payload_byte_length = (payload_byte_length<<8) | (*p++);

	  i--;

	}

	*payload_byte_len_pointer = payload_byte_length;

	return 0;

  }

}

/**************************************************

* Name: MovePointerToPayloadEndAddress()

* Function: locate a pointer at the end address of an ASN.1

    object's payload part

* Parameters:

    pointer_address    [out]

	ans1_object_encode [in]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. This function cannot be used for ASN.1 object of NULL type.

2. The number of bytes used to represent ASN.1 object payload

   byte length cannot be more than 4, that is, ASN.1 object

   payload byte length must be less than 4G.

**************************************************/

int MovePointerToPayloadEndAddress(unsigned char **pointer_address,

                                   unsigned char *asn1_object_encode)

{

  unsigned char *p;

  unsigned int pay_load_byte_len;

  if ( GetPayloadByteLength(asn1_object_encode,

                            &pay_load_byte_len) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&p, asn1_object_encode) )

    return (-1);

  p = (p + pay_load_byte_len - 1);

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: MovePointerToPublicKeyBitStringEncodeStartAddress()

* Function: locate a pointer at the start address of RSA public

    key BIT STRING part in a certificate in DER format

* Parameters:

    pointer_address      [out]

	certificate_pointer  [in]

* Return value:

   succeed -- 0

   fail    -- -1

**************************************************/

int MovePointerToPublicKeyBitStringEncodeStartAddress(unsigned char **pointer_address,

                                                      unsigned char *certificate_pointer)

{

  unsigned char *p, *next_asn1_object_pointer;

  int i;

  next_asn1_object_pointer = certificate_pointer;

  for (i=0; i<2; i++)

  {

	if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	next_asn1_object_pointer=p;

  }

  for (i=0; i<6; i++)

  {

	if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

	  return (-1);

	p++;

	next_asn1_object_pointer=p;

  }

  if ( MovePointerToPayloadStartAddress(&p, next_asn1_object_pointer) )

    return (-1);

  next_asn1_object_pointer=p;

  if ( MovePointerToPayloadEndAddress(&p, next_asn1_object_pointer) )

    return (-1);

  p++;

  *pointer_address = p;

  return 0;

}

/**************************************************

* Name: GetRsaPublicKeyEncodeFromCertificate

* Function: get RSA public key ASN.1 encode from a certificate

    in DER format

* Parameters:

    certificate_pointer                 [in]

	public_key_encode_pointer           [in/out]

	public_key_encode_byte_len_pointer  [out]

* Return value:

   succeed -- 0

   fail    -- -1

* Notes:

1. If the value of public_key_encode_pointer is NULL, the byte

   length of public key encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

2. If the value of public_key_encode_pointer is not NULL, RSA

   public key ASN.1 encode is copyed to the buffer pointed

   by public_key_encode_pointer, the byte length of public key

   encode is assigned to the variable

   pointed by public_key_encode_byte_len_pointer.

**************************************************/

int GetRsaPublicKeyEncodeFromCertificate(unsigned char *certificate_pointer,

	                                     unsigned char *public_key_encode_pointer,

							             unsigned int *public_key_encode_byte_len_pointer)

{

  unsigned char *public_key_bit_string_start_pointer, *start_pointer, *end_pointer;

  unsigned int public_key_encode_byte_len;

  if ( MovePointerToPublicKeyBitStringEncodeStartAddress(&public_key_bit_string_start_pointer,

                                                         certificate_pointer) )

    return (-1);

  if ( MovePointerToPayloadStartAddress(&start_pointer, public_key_bit_string_start_pointer) )

    return (-1);

  start_pointer++;  /* The vaule of the ASN.1 BIT STRING object's first byte is 0x0. The pointer

					   is moved forward by one byte so that it is pointed to the start addrss of

					   RSA public key SEQUENCE */

/* count the byte length of RSA public key SEQUENCE */

  if ( MovePointerToPayloadEndAddress(&end_pointer, start_pointer) )

    return (-1);

  public_key_encode_byte_len = end_pointer - start_pointer + 1;

  *public_key_encode_byte_len_pointer = public_key_encode_byte_len;

  if (!public_key_encode_pointer)

    return 0;

  else

  {

    memcpy(public_key_encode_pointer, start_pointer, public_key_encode_byte_len);

    return 0;

  }

}

/**************************************************

Example:

  The following progarm demonstrates how to get RSA public

key ASN.1 encode from a certificate file. The certificate

is in DER format.

**************************************************/

int main(void)

{

  FILE *fp;

  errno_t err;

  int file_byte_len;

  unsigned char *buffer;

  unsigned int i;

  unsigned char *public_key_encode_pointer;

  unsigned int public_key_encode_byte_len;

  if ( err=fopen_s(&fp, "test_cert.cer", "rb") )

  {

    printf("Open certificate file failed!\n");

    system("pause");

    return (-1);

  }

// get file length

  fseek(fp, 0L, SEEK_END);

  file_byte_len=ftell(fp);

  printf("The file length is %d bytes.\n", file_byte_len);

// read file into buffer

  if ( !(buffer=(unsigned char *)malloc(file_byte_len)) )

  {

	printf("malloc function failed!\n");

	fclose(fp);

	system("pause");

	return (-1);

  }

  fseek(fp,0L,SEEK_SET);

  fread(buffer, file_byte_len, 1, fp);

  fclose(fp);

// get public key ASN.1 encode byte length

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       NULL,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode byte length from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  if ( !(public_key_encode_pointer=(unsigned char *)malloc(public_key_encode_byte_len)) )

  {

	printf("malloc() function failed!\n");

	free(buffer);

	system("pause");

	return (-1);

  }

// get public key ASN.1 encode

  if (GetRsaPublicKeyEncodeFromCertificate(buffer,

	                                       public_key_encode_pointer,

						                   &public_key_encode_byte_len) )

  {

    printf("get RSA public key encode from certificate failed!\n");

    free(buffer);

    system("pause");

    return (-1);

  }

  free(buffer);

  printf("publick key encode length is %d bytes.\n", public_key_encode_byte_len);

  printf("public key encode:\n");

  for (i=0; i<public_key_encode_byte_len; i++)

  {

    printf("0x%x  ", public_key_encode_pointer[i]);

  }

  printf("\n");

  free(public_key_encode_pointer);

  system("pause");

  return 0;

}

The extracted ASN.1 encode of RSA public key cannot be used directly. It is an ASN.1 SEQUENCE. RSA modulus and public exponent can be obtained after this SEQUENCE is decoded.

Get RSA public key ASN.1 encode from a certificate in DER format的更多相关文章

  1. .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY

    .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY 我得到了一个公钥,形式如下 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMroxz3 ...

  2. 在iOS中使用OpenSSL的Public Key 进行加密

    这几天一直潜心于iOS开发,刚好把遇到的问题都记录一下.这次遇到的问题就是如果根据得到的Public Key在iOS 客户端对用户名和密码进行加密. Public Key如下: -----BEGIN ...

  3. Github 访问时出现Permission denied (public key)

    一. 发现问题: 使用 git clone 命令时出现Permission denied (public key) . 二. 解决问题: 1.首先尝试重新添加以前生成的key,添加多次,仍然不起作用. ...

  4. 【原创】浅析密码学在互联网支付中的应用|RSA,Hash,AES,DES,3DES,SHA1,SHA256,MD5,SSL,Private Key,Public Key

    一)概述 什么是互联网支付? 当支付遇到互联网,一场革命自然不可避免.成为现实的是传统的现金支付已经“退居二线”,各种在线支付方式成为人们日常消费的主要支付方式.银行推出的网银以及第三方支付公司推出的 ...

  5. windows,linux,mac生成ssh public key 和 private key

    https://help.launchpad.net/YourAccount/CreatingAnSSHKeyPair Creating the key How you create your SSH ...

  6. gpg --verify之"Can't check signature: No public key"

    自从XcodeGhost之后下载软件之后也会先验证一下md5sum,现在发现后面还有gpg签名,于是也开始学习一下. gpg的文件在centos6.4上是默认安装的,其安装使用可以参照ruanyife ...

  7. 使用public key来做SSH authentication

    public key authentication(公钥认证)是对通过敲用户名.密码方式登录服务器的一种替代办法.这种方法更加安全更具有适应性,但是更难以配置. 传统的密码认证方式中,你通过证明你你知 ...

  8. SSH公钥(public key)验证

    安全的设置服务器 登陆,之前用用户名和密码登陆服务器 这样不安全 ,用SSH公钥(public key)验证  这个办法能很好的解决 登陆服务器 和安全登陆服务器 的特点: 目标: Client 免输 ...

  9. windows下git库的ssh连接,使用public key的方法

    在windows下进行项目开发,使用git,通过ssh方式与git库连接,而ssh方式用public key实现连接. 首先需要下载mygit,安装后使用git bash.git bash(有GUI界 ...

随机推荐

  1. C语言深度剖析---const关键字(转载)

    const是constant的缩写,是恒定不变的意思.被const修饰的值,是只读变量. 1.const修饰只读变量,具有不变性      #include <stdio.h> int m ...

  2. onekey_fourLED

    也许我们刚开始用到开发板的时候都会去做跑马灯的程序,后来给我们的要求是,如果硬件接口有限制,只有一个key 或者是button—— 我们的板子上是button,让你用一个button去控制这四个led ...

  3. Krita 3.0 发布,KOffice 的图像处理器(刺激一下自己的神经)

    Krita 3.0 发布了,经历了一年多的开发,动画功能被集成到Krita核心,改善了绘画功能,可及时预览绘画结果,该版本也是最新移植到QT的版本. 查看完整发布说明,可以点击这里. 下载地址: Wi ...

  4. 转:js包装DOM对象

    我们在日常的应用中,使用Javascript大多数时间都是在用DOM ,以致于很多人都有一种看法就是DOM==JS,虽然这种看法是错误的,但是也可以说明DOM的重要性. 这就导致了我们在写JS的时候, ...

  5. 180China丨the Agency for Brand Engagement and Experience

    180China丨the Agency for Brand Engagement and Experience Welcome to 180. Welcome to Creativity. Thank ...

  6. Android 蓝牙( Bluetooth)耳机连接分析及实现

    Android 实现了对Headset 和Handsfree 两种profile 的支持.其实现核心是BluetoothHeadsetService,在PhoneApp 创建的时候会启动它. if ( ...

  7. [转载]IOS项目打包除去NSLog和NSAssert处理之阿堂教程

    原文链接地址:http://blog.sina.com.cn/s/blog_81136c2d0102v1ck.html 原文地址:IOS项目打包除去NSLog和NSAssert处理之阿堂教程作者:时空 ...

  8. DotNet命名规范参考(转)

    来自:http://www.cnblogs.com/w-y-f/archive/2012/05/30/2526254.html DotNet命名规范参考 一.命名规范 注意事项:使用英文命名规则,尽量 ...

  9. Starting the application on Mac does not work(拷贝platforms到不同的位置,才能解决问题),还可设置DYLD_PRINT_LIBRARIES=1 观察动态库

    In some rare cases it can happen that the application does not launch and there is no reaction after ...

  10. ※数据结构※→☆线性表结构(list)☆============单向循环链表结构(list circular single)(四)

    循环链表是另一种形式的链式存贮结构.它的特点是表中最后一个结点的指针域指向头结点,整个链表形成一个环. 单循环链表——在单链表中,将终端结点的指针域NULL改为指向表头结点或开始结点即可. 循环链表的 ...