问题
I'm trying to sign a CSR file in PEM format using OpenSSL API.
I can't use X509_sign() method because I need to sign the request using a third party API. This API requires my application to send the data that needs signing and it will return me a signature.
I need to send it the char* to sign to the 3rd party API, but I don't understand how the signing process works:
Do I need to construct this
char*with only the data from the CSR, for example the subject, the exponent and modulus of the public key:Char* = "DN=test,O=something...123456(this is the exponent)a2:43:65(this is the modulus)...Or do I need to build my buffer with all the elements that appear when I use the
-textcommand in OpenSSL:Certificate: Data: Subject: dn=test, O=something Public key info: Exponent: 123456 Modulus: A2:43:65 ....
To summarize: What elements of the request does a CA actually use when performing signature of an X509 certificate, and in what format should this data be presented?
回答1:
Your title and body don't agree; openssl X509_sign() signs a certificate, not a CSR. A CSR is not a cert, a cert is not a CSR, and issuing a cert is NOT 'signing a CSR' as many uninformed or lazy people say. (Normal) CSRs are actually signed by the requester, NOT the CA. openssl uses type X509_REQ for a CSR and X509_REQ_sign signs a CSR.
But the answer is basically the same. Either an X.509 cert or a PKCS#10 CSR is a SEQUENCE of three things: a body containing the data to be signed, an AlgorithmIdentifier, and the signature (as a BITSTRING). These are defined using http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One and encoded using Distinguished Encoding Rules or DER. The text form you enter or see displayed by openssl req -text or openssl x509 -text or other programs represents the same data but is in general not sufficient to reproduce the exact bits, and you must have the exact bits for digital signature to work. (That's what 'Distinguished' in DER means; it modifies Basic Encoding Rules or BER by specifying the exact octets and bits to use for certain otherwise ambiguous cases.) For CSR see my answer in https://security.stackexchange.com/questions/58717/what-part-of-the-csr-is-hashed-in-order-to-create-its-signature/58735 ; for cert the 'wrapper' is the same but the body is significantly different, and contains quite a bit more than DN and publickey.
TL;DR For X509* cert you sign the DER-encoding of cert->cert_info, which has type X509_CINF and can be encoded using i2d_X509_CINF(). For X509_REQ* csr you sign the DER-encoding of csr->req_info with type X509_REQ_INFO using i2d_X509_REQ_INFO().
Alternative: openssl has the concept of engine, which is an external library and/or hardware unit that handles some cryptographic operations. If your third-party API is or can be 'wrapped' as an openssl engine, you can use (nearly all) normal openssl routines by configuring and specifying that engine. If that engine doesn't already exist, doing it solely for your project is likely too much work, but if you foresee other (future) uses it might be worth it.
来源:https://stackoverflow.com/questions/24609310/how-does-csr-signing-work