- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我正在尝试在 WinHTTP 中获取 RSA 公钥信息。到目前为止,我已经在 CERT_CONTEXT
结构中获得了证书信息。我可以得到加密算法和其他如下:
PCCERT_CONTEXT cert;
DWORD certLen = sizeof(PCCERT_CONTEXT);
WinHttpQueryOption(hRequest, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &cert, &certLen);
加密算法由以下方式得到
LPSTR pubKeyAlgo = cert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId;
我们可能会得到公钥,如下所示:
CRYPT_BIT_BLOB pubKey = cert->pCertInfo->SubjectPublicKeyInfo.PublicKey;
BYTE *p = pKey.pbData;
但如per the documentation ,这是一种编码形式:
PublicKey
BLOB containing an encoded public key.
那么如何获取实际的 RSA 公钥参数,例如模数和指数?
最佳答案
以下是使用 Wincrypt 提取 RSA 公钥的模数和指数的示例。示例证书是来自 RFC 6187 的 SSH 客户端证书。 。该证书可用于SSH的x509v3-rsa2048-sha256
签名编码方式。 OpenSSL conf 文件位于答案的末尾,但改编自 How to create a self-signed certificate with OpenSSL .
RSA_PUBLIC_KEY_XX
用于将从 CryptDecodeObject
返回的 blob 转换为 API 返回的打包 RSA 结构。使用名称 *_XX
是为了避免与 future 的 Microsoft 结构名称发生冲突。
#include <iostream>
#include <iomanip>
#include <sstream>
#include <memory>
#include <string>
#include <vector>
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h>
#pragma comment(lib, "kernel32")
#pragma comment(lib, "crypt32")
typedef struct _RSA_PUBLIC_KEY_XX
{
#pragma pack(push, 1)
PUBLICKEYSTRUC PublicKeyStruc;
RSAPUBKEY RsaPubKey;
BYTE RsaModulus[ANYSIZE_ARRAY];
#pragma pack(pop)
} RSA_PUBLIC_KEY_XX, *PRSA_PUBLIC_KEY_XX, *const PCRSA_PUBLIC_KEY_XX;
extern std::string pemCertificate;
void PrintErrorAndThrow(const char* fnName, DWORD dwError);
int main(int argc, char* argv[])
{
DWORD dwSize = 0;
std::vector<BYTE> asnCertificate;
std::vector<BYTE> rsaPublicKey;
BOOL bResult = CryptStringToBinary(
&pemCertificate[0],
static_cast<DWORD>(pemCertificate.size()),
CRYPT_STRING_BASE64HEADER,
NULL, &dwSize,
NULL, NULL);
if (bResult == FALSE)
PrintErrorAndThrow("CryptStringToBinary", GetLastError());
asnCertificate.resize(dwSize);
dwSize = static_cast<DWORD>(asnCertificate.size());
bResult = CryptStringToBinary(
&pemCertificate[0],
static_cast<DWORD>(pemCertificate.size()),
CRYPT_STRING_BASE64HEADER,
&asnCertificate[0], &dwSize,
NULL, NULL);
if (bResult == FALSE)
PrintErrorAndThrow("CryptStringToBinary", GetLastError());
PCCERT_CONTEXT pContext = CertCreateCertificateContext(
X509_ASN_ENCODING,
static_cast<PBYTE>(&asnCertificate[0]),
static_cast<DWORD>(asnCertificate.size()));
if (pContext == NULL)
PrintErrorAndThrow("CertCreateCertificateContext", GetLastError());
PCERT_INFO pInfo = pContext->pCertInfo;
PCERT_PUBLIC_KEY_INFO pSubjectPublicKeyInfo = &pInfo->SubjectPublicKeyInfo;
PCRYPT_BIT_BLOB pPublicKey = &pSubjectPublicKeyInfo->PublicKey;
bResult = CryptDecodeObject(
pContext->dwCertEncodingType,
RSA_CSP_PUBLICKEYBLOB,
pPublicKey->pbData,
pPublicKey->cbData,
0, // flags
NULL, &dwSize);
if (bResult == FALSE)
PrintErrorAndThrow("CryptDecodeObject", GetLastError());
rsaPublicKey.resize(dwSize);
dwSize = static_cast<DWORD>(rsaPublicKey.size());
bResult = CryptDecodeObject(
pContext->dwCertEncodingType,
RSA_CSP_PUBLICKEYBLOB,
pPublicKey->pbData,
pPublicKey->cbData,
0, // flags
&rsaPublicKey[0],
&dwSize);
if (bResult == FALSE)
PrintErrorAndThrow("CryptDecodeObject", GetLastError());
PCRSA_PUBLIC_KEY_XX pRsaPublicKey = reinterpret_cast<PCRSA_PUBLIC_KEY_XX>(&rsaPublicKey[0]);
DWORD dwModulusSize = pRsaPublicKey->RsaPubKey.bitlen/8;
DWORD dwExponent = pRsaPublicKey->RsaPubKey.pubexp;
DWORD dwMagic = pRsaPublicKey->RsaPubKey.magic;
if (dwMagic != 0x31415352 /*RSA1*/)
PrintErrorAndThrow("CryptDecodeObject", ERROR_INVALID_DATA);
// The modulus is little-endian. Iterate in reverse for big-endian.
std::ostringstream oss;
for (size_t i=dwModulusSize; i > 0; --i)
{
oss << std::hex << std::setw(2) << std::setfill('0');
oss << (unsigned int)pRsaPublicKey->RsaModulus[i-1];
if (i > 1) { oss << ":"; }
}
std::cout << "Magic: " << "0x" << std::hex << dwMagic << std::endl;
std::cout << "Exponent: " << std::dec << dwExponent << std::endl;
std::cout << "Modulus: " << oss.str() << std::endl;
if (pContext)
CertFreeCertificateContext(pContext);
return 0;
}
void PrintErrorAndThrow(const char* fnName, DWORD dwError)
{
std::ostringstream oss;
oss << fnName << " failed, error " << dwError << " (";
oss << "0x" << std::hex << dwError << ")" << std::endl;
std::cerr << oss.str() << std::endl;
throw std::runtime_error(oss.str());
}
std::string pemCertificate =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIESjCCAzKgAwIBAgIUb2d597NowQ3H/4UE/qjrqzT+EPkwDQYJKoZIhvcNAQEL\r\n"
"BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9y\r\n"
"azEVMBMGA1UECgwMRXhhbXBsZSwgTExDMREwDwYDVQQDDAhKb2huIERvZTEjMCEG\r\n"
"CSqGSIb3DQEJARYUam9obi5kb2VAZXhhbXBsZS5jb20wHhcNMTkwOTE3MTU1OTA1\r\n"
"WhcNMjAwOTE2MTU1OTA1WjB8MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAP\r\n"
"BgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxFeGFtcGxlLCBMTEMxETAPBgNVBAMM\r\n"
"CEpvaG4gRG9lMSMwIQYJKoZIhvcNAQkBFhRqb2huLmRvZUBleGFtcGxlLmNvbTCC\r\n"
"ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOd2VZa5G8clxnT90+1mkCGp\r\n"
"ufPAEXKLwX7THhIOf00NYRpumuhvMBUHFNcH6H17NHM/iauLacXsYIJlHWmTTl1t\r\n"
"0r7fxzVTA4NF8Eedpv+RGXRm3eC/e+Nz/MkdInWZ7qkp6AE9juiEop9rmQPtwM/f\r\n"
"4/LwE2fi+XyhFTwMr2zIUuEVlk1fWaabOVtHweLCWxvstWtomxN4egVY4kB634zM\r\n"
"VywMGRz4YrKzFxSaTYWt5wNoMoPRGeEKFwhBfuXmHIO9QQSxqIfBEoxQfBdppzSN\r\n"
"5qe84Gn9nFSepgmJtw6XLxm31SgMBOuKiwFbFni+oZEnRg9ssy7UYmaAaxcqfikC\r\n"
"AwEAAaOBwzCBwDAdBgNVHQ4EFgQU1nhsQ/gKlSadP9uEUNMj5ezkt7gwHwYDVR0j\r\n"
"BBgwFoAU1nhsQ/gKlSadP9uEUNMj5ezkt7gwCQYDVR0TBAIwADALBgNVHQ8EBAMC\r\n"
"B4AwHwYDVR0RBBgwFoEUam9obi5kb2VAZXhhbXBsZS5jb20wMAYJYIZIAYb4QgEN\r\n"
"BCMWIU9wZW5TU0wgR2VuZXJhdGVkIFNTSCBDZXJ0aWZpY2F0ZTATBgNVHSUEDDAK\r\n"
"BggrBgEFBQcDFTANBgkqhkiG9w0BAQsFAAOCAQEAUkCY+WX55RuqzuuRMt5hEzUh\r\n"
"xfCVLddfBxmokmsodc8qgHlsNkRLLZATyKgnFF5FGIroiNF6QcJ5QJXDZZyz2+6p\r\n"
"m0V1jHF51BtoGxBR1I1ERLT0QOJHC53R6+/OPIaADKdPoXHIpPVQhJww6e1X6CU1\r\n"
"IjIWmliqixhvId5WbU5et6ZpFNs2ZFbPGBk4RrKR5SjxwLj7Jm+THzV660xIYsow\r\n"
"/CP5ox7ga7+OFR6q4kFQldc6Ah5bRFKI8fgWHpnhlS9hB29BiMjrC/p7bm0CL2Su\r\n"
"QER4F/HCpBHBDwkweg1h9DrT62DYgqvgvRxR/j8GPL7Hqg2kLuFcHt3SkQeNZg==\r\n"
"-----END CERTIFICATE-----\r\n";
使用 Visual Studio Developer 命令提示符编译程序。
C:\Users\Test>cl.exe /nologo /W4 /Zi /TP /GR /EHsc cert_test.cxx /link /out:cert_test.exe
cert_test.cxx
cert_test.cxx(37) : warning C4100: 'argv' : unreferenced formal parameter
cert_test.cxx(37) : warning C4100: 'argc' : unreferenced formal parameter
运行该程序会产生以下结果。
C:\Users\Test>.\cert_test.exe
Magic: 0x31415352
Exponent: 65537
Modulus: e7:76:55:96:b9:1b:c7:25:c6:74:fd:d3:ed:66:90:21:a9:b9:f3:c0:11:72:8b:c1
:7e:d3:1e:12:0e:7f:4d:0d:61:1a:6e:9a:e8:6f:30:15:07:14:d7:07:e8:7d:7b:34:73:3f:8
9:ab:8b:69:c5:ec:60:82:65:1d:69:93:4e:5d:6d:d2:be:df:c7:35:53:03:83:45:f0:47:9d:
a6:ff:91:19:74:66:dd:e0:bf:7b:e3:73:fc:c9:1d:22:75:99:ee:a9:29:e8:01:3d:8e:e8:84
:a2:9f:6b:99:03:ed:c0:cf:df:e3:f2:f0:13:67:e2:f9:7c:a1:15:3c:0c:af:6c:c8:52:e1:1
5:96:4d:5f:59:a6:9b:39:5b:47:c1:e2:c2:5b:1b:ec:b5:6b:68:9b:13:78:7a:05:58:e2:40:
7a:df:8c:cc:57:2c:0c:19:1c:f8:62:b2:b3:17:14:9a:4d:85:ad:e7:03:68:32:83:d1:19:e1
:0a:17:08:41:7e:e5:e6:1c:83:bd:41:04:b1:a8:87:c1:12:8c:50:7c:17:69:a7:34:8d:e6:a
7:bc:e0:69:fd:9c:54:9e:a6:09:89:b7:0e:97:2f:19:b7:d5:28:0c:04:eb:8a:8b:01:5b:16:
78:be:a1:91:27:46:0f:6c:b3:2e:d4:62:66:80:6b:17:2a:7e:29
<小时/>
这是使用 OpenSSL 的 x509
子命令转储的证书。
$ cat cert_test.cert.pem | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:67:79:f7:b3:68:c1:0d:c7:ff:85:04:fe:a8:eb:ab:34:fe:10:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = NY, L = New York, O = "Example, LLC", CN = John Doe, emailAddress = john.doe@example.com
Validity
Not Before: Sep 17 15:59:05 2019 GMT
Not After : Sep 16 15:59:05 2020 GMT
Subject: C = US, ST = NY, L = New York, O = "Example, LLC", CN = John Doe, emailAddress = john.doe@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:76:55:96:b9:1b:c7:25:c6:74:fd:d3:ed:66:
90:21:a9:b9:f3:c0:11:72:8b:c1:7e:d3:1e:12:0e:
7f:4d:0d:61:1a:6e:9a:e8:6f:30:15:07:14:d7:07:
e8:7d:7b:34:73:3f:89:ab:8b:69:c5:ec:60:82:65:
1d:69:93:4e:5d:6d:d2:be:df:c7:35:53:03:83:45:
f0:47:9d:a6:ff:91:19:74:66:dd:e0:bf:7b:e3:73:
fc:c9:1d:22:75:99:ee:a9:29:e8:01:3d:8e:e8:84:
a2:9f:6b:99:03:ed:c0:cf:df:e3:f2:f0:13:67:e2:
f9:7c:a1:15:3c:0c:af:6c:c8:52:e1:15:96:4d:5f:
59:a6:9b:39:5b:47:c1:e2:c2:5b:1b:ec:b5:6b:68:
9b:13:78:7a:05:58:e2:40:7a:df:8c:cc:57:2c:0c:
19:1c:f8:62:b2:b3:17:14:9a:4d:85:ad:e7:03:68:
32:83:d1:19:e1:0a:17:08:41:7e:e5:e6:1c:83:bd:
41:04:b1:a8:87:c1:12:8c:50:7c:17:69:a7:34:8d:
e6:a7:bc:e0:69:fd:9c:54:9e:a6:09:89:b7:0e:97:
2f:19:b7:d5:28:0c:04:eb:8a:8b:01:5b:16:78:be:
a1:91:27:46:0f:6c:b3:2e:d4:62:66:80:6b:17:2a:
7e:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:78:6C:43:F8:0A:95:26:9D:3F:DB:84:50:D3:23:E5:EC:E4:B7:B8
X509v3 Authority Key Identifier:
keyid:D6:78:6C:43:F8:0A:95:26:9D:3F:DB:84:50:D3:23:E5:EC:E4:B7:B8
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
email:john.doe@example.com
Netscape Comment:
OpenSSL Generated SSH Certificate
X509v3 Extended Key Usage:
SSH Client
Signature Algorithm: sha256WithRSAEncryption
52:40:98:f9:65:f9:e5:1b:aa:ce:eb:91:32:de:61:13:35:21:
c5:f0:95:2d:d7:5f:07:19:a8:92:6b:28:75:cf:2a:80:79:6c:
36:44:4b:2d:90:13:c8:a8:27:14:5e:45:18:8a:e8:88:d1:7a:
41:c2:79:40:95:c3:65:9c:b3:db:ee:a9:9b:45:75:8c:71:79:
d4:1b:68:1b:10:51:d4:8d:44:44:b4:f4:40:e2:47:0b:9d:d1:
eb:ef:ce:3c:86:80:0c:a7:4f:a1:71:c8:a4:f5:50:84:9c:30:
e9:ed:57:e8:25:35:22:32:16:9a:58:aa:8b:18:6f:21:de:56:
6d:4e:5e:b7:a6:69:14:db:36:64:56:cf:18:19:38:46:b2:91:
e5:28:f1:c0:b8:fb:26:6f:93:1f:35:7a:eb:4c:48:62:ca:30:
fc:23:f9:a3:1e:e0:6b:bf:8e:15:1e:aa:e2:41:50:95:d7:3a:
02:1e:5b:44:52:88:f1:f8:16:1e:99:e1:95:2f:61:07:6f:41:
88:c8:eb:0b:fa:7b:6e:6d:02:2f:64:ae:40:44:78:17:f1:c2:
a4:11:c1:0f:09:30:7a:0d:61:f4:3a:d3:eb:60:d8:82:ab:e0:
bd:1c:51:fe:3f:06:3c:be:c7:aa:0d:a4:2e:e1:5c:1e:dd:d2:
91:07:8d:66
<小时/>
这是来自 How to create a self-signed certificate with OpenSSL 的 OpenSSL 配置文件针对 SSH 客户端进行了调整。
# Create a self signed certificate:
# openssl req -config cert_test.conf -new -x509 -sha256 -newkey rsa:2048 \
# -nodes -keyout cert_test.key.pem -days 365 -out cert_test.cert.pem
#
# Create a signing request (notice the lack of -x509 option):
# openssl req -config cert_test.conf -new -sha256 -newkey rsa:2048 \
# -nodes -keyout cert_test.key.pem -days 365 -out cert_test.cert.pem
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NY
localityName = Locality Name (eg, city)
localityName_default = New York
organizationName = Organization Name (eg, company)
organizationName_default = Example, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = John Doe
emailAddress = Email Address
emailAddress_default = john.doe@example.com
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated SSH Certificate"
extendedKeyUsage = secureShellClient
# Section req_ext is used when generating a certificate signing request. I.e., openssl req ...
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated SSH Certificate"
extendedKeyUsage = secureShellClient
[ alternate_names ]
email = john.doe@example.com
关于c++ - 从 WinHTTP 中的 CRYPT_BIT_BLOB 获取 RSA 公钥?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23864214/
我目前正在使用 Crypto++ 为数据块生成签名。我希望签名是 20 个字节(SHA 1 Hash),因为我的理解是签名只是一个加密的哈希。但是当检查 maxsignaturelength 和 si
我不是加密专家,所以我对这些事情的了解接近于零。我必须与使用 RSA 加密的系统进行互操作。使用他们的 key 时,我遇到了为相同的输入/ key 获取不同密码的问题。图书馆是https://code
我想利用 postman 来测试需要使用 RSA 加密对输入字段之一进行加密的 REST API。 我看到 postman 通过 require('crypto-js') 提供了功能使用 AES 加密
我正在尝试在我的 (Java) 应用程序中实现一个(简化的)类似 RSA 的验证过程。客户端发送一个请求(数据+私钥签名),服务器要么拒绝他的请求,要么处理它——取决于签名的有效性。 但是我不明白验证
我正在尝试在我的 (Java) 应用程序中实现一个(简化的)类似 RSA 的验证过程。客户端发送一个请求(数据+私钥签名),服务器要么拒绝他的请求,要么处理它——取决于签名的有效性。 但是我不明白验证
下面是我想要做的最小、完整且可验证的示例。 基本上我想实现一个集成一些 CUDA 代码的 OpenSSL RSA 引擎。 CUDA 部分应该执行模幂运算,但在本例中并不重要,因此我只是按顺序使用了 B
是否有任何非常简单的跨平台 C++ 库可以进行不对称加密?不需要高效,只要工作。我想它可能只是 .h 文件中的 3-4 个函数,它们可以执行任意精度的数学运算,仅此而已。 我相信在这里使用 OpenS
我使用以下命令创建了私钥和公钥, openssl genrsa -out privatekey.pem 1024 openssl req -new -x509 -key privatekey.pem
我在 .net 环境(所有版本)中工作并使用 vb.net。我想根据密码生成 RSA 公钥和私钥。 我对 RSA 算法的理解仅限于使用 .net 提供的类,即 System.Security.Cryp
关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。 想改善这个问题吗?更新问题,使其成为 on-topic对于堆栈溢出。 7年前关闭。 Improve thi
我有 ssh-keygen 生成的 id_rsa.pub key 。 如何以编程方式将 id_rsa.pub 文件转换为 RSA DER 格式的 key ? 最佳答案 如果使用 ssh-keygen
我在 JWT(JSON Web Token)方案的帮助下实现了一个登录系统。基本上,在用户登录/登录后,服务器对 JWT 进行签名并将其传递给客户端。 然后客户端在每个请求中返回 token ,服务器
我使用的是 WAS 6.1,我的服务器过去可以正常启动,但突然间无法正常工作.. 当我尝试在我的本地 RSA 中启动我的服务器时。我收到以下错误 我已经重新启动了系统,RSA,杀死了所有 Java 进
我正在开发一个支付网关,他们有一个正在运行的 Java 演示,但我想用 php 来实现它。 支付网关使用 3DES 和随机生成的 key 来加密有效负载。该 key 使用支付网关的公钥通过 RSA 进
这是此处未回答问题的副本:Using an RSA Public Key to decrypt a string that was encrypted using RSA Private Key 您可
我一直无法将 RSA 加密字节编码为字符串,然后在另一端(远程主机)将它们恢复为字节,另一端抛出“错误数据”异常。 我试过谷歌,没有运气。 到目前为止我的代码: 客户: array^Test=Enco
我需要一些帮助来解决我的问题。 问题:我想用 Android 平台的公共(public) RSA key 加密一个数字 (A),然后用私钥在 PHP 服务器上解密它。在每个平台上,我都可以加密和解密数
当我尝试将参数传递给函数时出现以下错误。 error[E0243]: wrong number of type arguments: expected 1, found 0 --> src/mai
我尝试将公共(public) RSA key 加载到我的程序中。我在 C 中使用 openssl 库。 key 在 header crypt.h 文件中定义: #define PUBLIC_KEY
Bouncy CaSTLe 加密库中有两种不同的密码可以传递给 PKCS1Encoding:NativeRSAEngine 和 RSAEngine。这两个变体之间有区别吗? 编辑: 正如 Maarte
我是一名优秀的程序员,十分优秀!