gpt4 book ai didi

c++ - PKCS#12 密码无效

转载 作者:行者123 更新时间:2023-11-28 05:35:35 27 4
gpt4 key购买 nike

我在 iPhone 上使用这个 OpenSSL 代码生成一个 PKCS#12 文件,给定证书/私钥的一些数据。我能够验证此 PKCS#12 在 OpenSSL 上是否可解析,因为当我在代码中检查它时它不会打印出错误。但是,当我将它传输到我的服务器时,它显示:错误:无法验证 PKCS#12 MAC。密码无效? 有谁知道这是为什么?我正在使用相同的密码,即“密码”

 - (NSData *)generateP12AsNSData:(NSData *)keyData certificate:(NSData *)certificateData {
//put the certificateData into a X509 certificate
const unsigned char *certificateDataBytes = (const unsigned char*)[certificateData bytes];
X509 *certificateX509 = d2i_X509(NULL, &certificateDataBytes, [certificateData length]);

EVP_PKEY *privateKey;
PKCS12 *p12;
//cast the key data as an unsigned char so that we can convert it to the OpenSSL key format
const unsigned char *bits = (unsigned char *) [keyData bytes];
int length = (int)[keyData length];
privateKey = EVP_PKEY_new();

//convert the unsigned char to OpenSSL Key format
RSA *rsa = NULL;
d2i_RSAPrivateKey(&rsa, &bits, &length);
EVP_PKEY_assign_RSA(privateKey, rsa);

//create the PKCS#12
OpenSSL_add_all_algorithms();
p12 = PKCS12_create("password", "ExtraDeviceP12", privateKey, certificateX509, NULL, 0,0,0,0,0);

//make sure the p12 exists
if(!p12) {
fprintf(stderr, "Error creating PKCS#12 ");
ERR_print_errors_fp(stderr);
return nil;
}

//error checking to make sure we generated the CSR correctly
STACK_OF(X509) *ca = NULL;
EVP_PKEY *parseKey;
X509 *parseCert;
if (!PKCS12_parse(p12, "password", &parseKey, &parseCert, &ca)) {
printf("error parsing PKCS#12 file");
return nil;
}

//convert the PKCS#12 to binary data
//create a new memory BIO. A BIO is used for basic I/O abstraction.
BIO *bio;
bio = BIO_new(BIO_s_mem());
//i2d_PKCS12_bio is used to export a PKCS12 object
i2d_PKCS12_bio(bio, p12);
BUF_MEM *buffer;
BIO_get_mem_ptr(bio, &buffer);

//int bioLen = BIO_pending(&buffer);


char *buff = (char*)malloc(buffer->length);
memcpy(buff, buffer->data, buffer->length - 1);
buff[buffer->length - 1] = 0;
NSData *data = [NSData dataWithBytes:buff length:buffer->length];

NSString *string = [data base64EncodedStringWithOptions:0];
NSLog(@"Base64 PKCS#12: %@", string);

BIO_free_all(bio);

return data;
}

编辑:这是我服务器端用 Javascript 编写的代码。在这种情况下,req.body 是从 iPhone 发送的 NSData。我收到无效密码错误。

  var p12b64 = req.body.toString('base64');    
var p12Der = forge.util.decode64(pk12b64);
var p12Asn1 = forge.asn1.fromDer(p12Der);
var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, 'password');

最佳答案

尝试以下操作。它向您展示了应该检查某些关键返回值的位置,并且避免了额外的数据拷贝:

BIO *bio = BIO_new(BIO_s_mem());
ASSERT(bio != NULL);

int ret = i2d_PKCS12_bio(bio, p12);
ASSERT(ret == 1);

BUF_MEM *buffer;
BIO_get_mem_ptr(bio, &buffer);
ASSERT(buffer != NULL);

NSData *data = [NSData dataWithBytes:buffer->data length:buffer->length];
BIO_free_all(bio);

您可以在 i2d_PKCS12_bio man pages 找到 i2d_PKCS12_bio 的文档.

如果需要,您可以对来自 i2d_PKCS12_bio 的二进制数据进行 Base64 编码。参见 Non-printable character after generating random n-byte Base64 string使用 BIO 链并确保 Base64 字符串以 NULL 终止。

关于c++ - PKCS#12 密码无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38383681/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com