I'm pretty new to openssl. So far I've gone through tutorials offered by IBM and HP and got some practices about how to use openssl APIs.
My project is about using a USB security memory token loaded with a digitial certificate 开发者_StackOverflow中文版to verify the identity of a client via an ActiveX control on the client's browser. Now the problem is that the vendor-provided library for the token only support reading and writing strings from and to the token. However, I only know how to load a certificate from a file with SSL_CTX_load_verify_locations()
or SSL_CTX_use_certificate_file()
functions.
The only thing I can think of is writing the large chunk of encrypted stuff between BEGIN X509 CERTIFICATE
and END X509 CERTIFICATE
to the token and read it out as a string. Now I really need some help to load this string into SSL_CTX
object ctx
in openssl.
BTW, does the long stuff between BEGIN X509 CERTIFICATE
and END X509 CERTIFICATE
contain the so-called public key and other info (such as expiration date) except private key? Please correct me if I'm wrong :)
Any help will be much appreciated!
Z.Zen
If you can read and write arbitrary binary blobs to the token, then you can just store the certificate and private key in ASN1 format, then load them with SSL_CTX_use_certificate_ASN1()
and SSL_CTX_use_PrivateKey_ASN1()
(in that order). Note that you need to do both, because a certificate does not store the private key; it must be stored separately.
精彩评论