OpenSSL methods and interfaces for reading various keys

Last Update:2018-07-26 Source: Internet

Author: User

Tags openssl pkcs12 stdin

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

When using OpenSSL to read the key, from the source of OpenSSL to find a good example, the perfect demonstration of reading different formats, different key sources of the program, tidy up, to learn is quite good
The complete code is located in .../apps/app.c
function is

Evp_pkey *load_key (BIO *err,const char *file,int format,int maybe_stdin,const Char *pass,engine *e,const Char *KEY_DESCRI Pt

{Const Ssl_method *meth;
    Meth = Sslv23_client_method ();

    Meth = Tlsv1_client_method ();
    Openssl_add_ssl_algorithms ();

    Ssl_load_error_strings ();
    Parameter 1: Error output bio, General is stderr//bio *bio_err = NULL;
    if (Bio_err = = NULL) Bio_err = BIO_NEW_FP (stderr,nio_moclose);
    Parameter 2: Key file name, either pem,der,pfx, or the label char of key in engine *key_file = NULL;    Parameter 3: key format int key_format = FORMAT_PEM; 
                                    The default in OpenSSL is typically PEM format//format_text//FORMAT_ASN1
                                    FORMAT_PKCS12//format_pemrsa Format_asn1rsa//format_engine//Parameter 4: Key from non-file (stdin) int k
    Ey_stdin = 0;   Parameter 5: Password of the key char *passarg = NULL;
                            parameters, which may come from a file, or may be directly password//pass://env:
      File                      FD://Stdin:char *pass = NULL; Parse out the cipher string//Parameter 6:engine char *engine_id = NULL;
    Engine's name engine *e = NULL;
    E = engine_by_id (engine_id);
    E = Try_load_engine (bio_err,engine_id,debug);

    Engine_set_default (E,engine_method_all);

    Parameter 7: Description of the key const char *key_descript = "Client certificate private key file"; Evp_pkey *load_key (BIO *err,const char *file,int format,int Maybe_stdin,//const char *pass,engine *e,const CH
    AR *key_descript)//OK, now read the key evp_pkey *key = NULL;

    Key = Load_key (Bio_err,key_file,key_format,key_stdin,pass,e,key_descript);
        /****************************************************************///Start analysis process {Pw_cb_data CB_DATA;
        Cb_data.password = pass;

        Cb_data.prompt_info = file;
        BIO *key = NULL;

        Evp_pkey *pkey = NULL;
       Key must come from an if (engine)//engine in File,stdin,engine {     Pkey = Engine_load_private_key (E,key_file,ui_method,&cb_data);

        Goto end;
        } key=bio_new (Bio_s_file ());
        if (Key_stdin)//stdin {bio_set_fp (key,stdin,bio_noclose);
        } else (Key_file)//file {bio_read_filename (Key,key_file)}//Format conversion
        if (format = = FORMAT_ASN1)//der {pkey = D2i_privatekey_bio (key,null);
                    } else if (format = = Format_pem)//pem {pkey = Pem_read_bio_privatekey (Key,null,
        (PEM_PASSWORD_CB *) password_callback,&cb_data); } else if (format = = format_pkcs12)//P12 {//This process is more, or reference source, I only give the process and common functions//load_
                PKCS12 () {PKCS12 *p12;
                Char *pass;
                P12 = D2i_pkcs12_bio (key,null); if (Pkcs12_verify_mac (P12, "", 0) | |
              Pkcs12_verify_mac (p12,null,0))  {pass = ""; }else {Pkcs12_verify_mac (P12,tpass,len)}//Finally, PKCS1
                2 the PKEY,CERT,CA ret = pkcs12_parse (P12,PASS,PKEY,CERT,CA) can be parsed from the P12 file;

            Release if (P12) Pkcs12_free (P12);

    }}else {//Other format parsing, the source code is there, not commonly used is not listed out} return pkey;
    }//Gets the key and fills the key into the CTX of SSL ssl_ctx *ctx = NULL;
    CTX = ssl_ctx_new (meth);

    Ssl_ctx_use_privatekey (Ctx,key); 

    After the certificate is populated, the certificate's public key and the private key are often checked for matching ssl_ctx_check_private_key (CTX);
    SSL *con = NULL;
con = ssl_new (CTX); }

Description
1. Some of the structures that appear in this code do not exist in the standard header file for OpenSSL, but in app.h or other files
2. Of course, OpenSSL also provides

Ssl_ctx_use_privatekey_file (CTX, "Client.key", SSL_FILETYPE_PEM);
    Ssl_filetype_pem
    //SSL_FILETYPE_ASN1

Such a call, but it seems to support only the X509 certificate

//There is also an interface for setting the password

Ssl_ctx_set_default_passwd_cb_userdata ()

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More