解析P12证书
1.從磁盤上的證書文件中讀取證書數據
unsigned char* pbP12Data; // 證書數據
unsigned long ulP12DataLen; // 證書數據長度
2.讓用戶輸入證書密碼
char* szPwd; // 證書密碼
3.將證書密碼轉換成UNICODE格式(最好采用二次調用方式)
LPWSTR pWideChar = NULL;
int nWideChar = 0;
nWideChar = MultiByteToWideChar(CP_ACP, 0, szPwd, -1, pWideChar, nWideChar);
pWideChar = new WCHAR[nWideChar];
memset(pWideChar, 0, sizeof(WCHAR)*nWideChar);
MultiByteToWideChar(CP_ACP, 0, szPwd, -1, pWideChar, nWideChar);
4.將證書數據導入臨時store
CRYPT_DATA_BLOB blob;
memset(&blob, 0, sizeof(blob));
blob.pbData = pbP12Data;
blob.cbData = ulP12DataLen;
HCERTSTORE hCertStore = NULL;
hCertStore = PFXImportCertStore(&blob, pWideChar, CRYPT_EXPORTABLE);
5.在store中查找證書,獲取CertContext
PCCERT_CONTEXT pCertContext = CertFindCertificateInStore(hCertStore, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL);
6.獲取證書信息
CRYPT_INTEGER_BLOB snBlob = pCertContext->pCertInfo->SerialNumber; // 證書SN
pCertContext->pbCertEncoded; // X509格式證書數據
pCertContext->cbCertEncoded; // X509格式證書數據長度
7.獲取CSP句柄
HCRYPTPROV hProv = NULL;
DWORD dwKeySpec = 0;
BOOL bCallerFreeProv = FALSE;
CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL, &hProv, &dwKeySpec, &bCallerFreeProv);
8.獲取密鑰句柄
HCRYPTKEY hKey = NULL;
CryptGetUserKey(hProv, dwKeySpec, &hKey);
9.導出私鑰(最好采用二次調用方式)
BYTE* pbData = NULL;
DWORD dwDataLen = 0;
CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, pbData, &dwDataLen);
pbData = new BYTE[dwDataLen];
memset(pbData, 0, dwDataLen);
CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, pbData, &dwDataLen);
10.獲取公私鑰信息
BYTE *p = pbData+ sizeof(PUBLICKEYSTRUC);?
(*(RSAPUBKEY*)p).bitlen; // 公私鑰模長(以bit為單位)
(*(RSAPUBKEY*)p).pubexp; // 公鑰的e(注意字節(jié)順序)
p += sizeof(RSAPUBKEY); // 公私鑰的n(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/8; // 私鑰的p(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的q(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的dp(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的dq(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的qu(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的d(注意字節(jié)順序)
11.清理工作
delete[] pbData;
pbData = NULL;
CryptDestroyKey(hKey);
CryptReleaseContext(hProv, 0);
CertFreeCertificateContext(pCertContext);
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
delete[] pWideChar;
pWideChar = NULL;
unsigned char* pbP12Data; // 證書數據
unsigned long ulP12DataLen; // 證書數據長度
2.讓用戶輸入證書密碼
char* szPwd; // 證書密碼
3.將證書密碼轉換成UNICODE格式(最好采用二次調用方式)
LPWSTR pWideChar = NULL;
int nWideChar = 0;
nWideChar = MultiByteToWideChar(CP_ACP, 0, szPwd, -1, pWideChar, nWideChar);
pWideChar = new WCHAR[nWideChar];
memset(pWideChar, 0, sizeof(WCHAR)*nWideChar);
MultiByteToWideChar(CP_ACP, 0, szPwd, -1, pWideChar, nWideChar);
4.將證書數據導入臨時store
CRYPT_DATA_BLOB blob;
memset(&blob, 0, sizeof(blob));
blob.pbData = pbP12Data;
blob.cbData = ulP12DataLen;
HCERTSTORE hCertStore = NULL;
hCertStore = PFXImportCertStore(&blob, pWideChar, CRYPT_EXPORTABLE);
5.在store中查找證書,獲取CertContext
PCCERT_CONTEXT pCertContext = CertFindCertificateInStore(hCertStore, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL);
6.獲取證書信息
CRYPT_INTEGER_BLOB snBlob = pCertContext->pCertInfo->SerialNumber; // 證書SN
pCertContext->pbCertEncoded; // X509格式證書數據
pCertContext->cbCertEncoded; // X509格式證書數據長度
7.獲取CSP句柄
HCRYPTPROV hProv = NULL;
DWORD dwKeySpec = 0;
BOOL bCallerFreeProv = FALSE;
CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL, &hProv, &dwKeySpec, &bCallerFreeProv);
8.獲取密鑰句柄
HCRYPTKEY hKey = NULL;
CryptGetUserKey(hProv, dwKeySpec, &hKey);
9.導出私鑰(最好采用二次調用方式)
BYTE* pbData = NULL;
DWORD dwDataLen = 0;
CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, pbData, &dwDataLen);
pbData = new BYTE[dwDataLen];
memset(pbData, 0, dwDataLen);
CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, pbData, &dwDataLen);
10.獲取公私鑰信息
BYTE *p = pbData+ sizeof(PUBLICKEYSTRUC);?
(*(RSAPUBKEY*)p).bitlen; // 公私鑰模長(以bit為單位)
(*(RSAPUBKEY*)p).pubexp; // 公鑰的e(注意字節(jié)順序)
p += sizeof(RSAPUBKEY); // 公私鑰的n(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/8; // 私鑰的p(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的q(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的dp(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的dq(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的qu(注意字節(jié)順序)
p += ((*(RSAPUBKEY*)p).bitlen)/16; // 私鑰的d(注意字節(jié)順序)
11.清理工作
delete[] pbData;
pbData = NULL;
CryptDestroyKey(hKey);
CryptReleaseContext(hProv, 0);
CertFreeCertificateContext(pCertContext);
CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
delete[] pWideChar;
pWideChar = NULL;
總結
- 上一篇: 解析X509证书
- 下一篇: Unicode与UTF-8互转(C语言实