Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C++) Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csrDemonstrates how to duplicate this OpenSSL command: openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr This command creates 2 files:
The second file is needed to pair with the certificate that will later be received from the CA.
#include <CkRsaW.h> #include <CkPrivateKeyW.h> #include <CkXmlW.h> #include <CkAsnW.h> #include <CkBinDataW.h> void ChilkatSample(void) { // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. CkRsaW rsa; // Generate a 2048-bit key. Chilkat RSA supports // key sizes ranging from 512 bits to 8192 bits. bool success = rsa.GenerateKey(2048); if (success != true) { wprintf(L"%s\n",rsa.lastErrorText()); return; } CkPrivateKeyW *privKey = rsa.ExportPrivateKeyObj(); // Save the private key to unencrypted PKCS8 PEM success = privKey->SavePkcs8PemFile(L"mydomain.pem"); // (alternatively) Save the private key to encrypted PKCS8 PEM success = privKey->SavePkcs8EncryptedPemFile(L"myPassword",L"mydomain_enc.pem"); // We'll need the private key's modulus for the CSR. // The modulus is not something that needs to be protected. Most people don't realize // that a public key is actually just a subset of the private key. The public parts of // an RSA private key are the modulus and exponent. The exponent is always 65537. CkXmlW privKeyXml; success = privKeyXml.LoadXml(privKey->getXml()); // Get the modulus in base64 format: const wchar_t *keyModulus = privKeyXml.getChildContent(L"Modulus"); // -------------------------------------------------------------------------------- // Now build the CSR using Chilkat's ASN.1 API. // The keyModulus will be embedded within the ASN.1. // A new ASN.1 object is automatically a SEQUENCE. // Given that the CSR's root item is a SEQUENCE, we can use // this as the root of our CSR. CkAsnW asnRoot; // Beneath the root, we have a SEQUENCE (the certificate request info), // another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data) success = asnRoot.AppendSequence(); success = asnRoot.AppendSequence(); // ---------------------------------- // Build the Certificate Request Info // ---------------------------------- CkAsnW *asnCertReqInfo = asnRoot.GetSubItem(0); success = asnCertReqInfo->AppendInt(0); // Build the Subject part of the Certificate Request Info CkAsnW *asnCertSubject = asnCertReqInfo->AppendSequenceR(); // Add each subject part.. CkAsnW *asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); // AppendSequence2 updates the internal reference to the newly appended SEQUENCE. // The OID and printable string are added to the SEQUENCE. success = asnTemp->AppendOid(L"2.5.4.6"); success = asnTemp->AppendString(L"printable",L"US"); delete asnTemp; asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); success = asnTemp->AppendOid(L"2.5.4.8"); success = asnTemp->AppendString(L"utf8",L"Utah"); delete asnTemp; asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); success = asnTemp->AppendOid(L"2.5.4.7"); success = asnTemp->AppendString(L"utf8",L"Lindon"); delete asnTemp; asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); success = asnTemp->AppendOid(L"2.5.4.10"); success = asnTemp->AppendString(L"utf8",L"DigiCert Inc."); delete asnTemp; asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); success = asnTemp->AppendOid(L"2.5.4.11"); success = asnTemp->AppendString(L"utf8",L"DigiCert"); delete asnTemp; asnTemp = asnCertSubject->AppendSetR(); success = asnTemp->AppendSequence2(); success = asnTemp->AppendOid(L"2.5.4.3"); success = asnTemp->AppendString(L"utf8",L"example.digicert.com"); delete asnTemp; delete asnCertSubject; // Build the Public Key Info part of the Certificate Request Info CkAsnW *asnPubKeyInfo = asnCertReqInfo->AppendSequenceR(); CkAsnW *asnPubKeyAlgId = asnPubKeyInfo->AppendSequenceR(); success = asnPubKeyAlgId->AppendOid(L"1.2.840.113549.1.1.1"); success = asnPubKeyAlgId->AppendNull(); delete asnPubKeyAlgId; // The public key itself is a BIT STRING, but the bit string is composed of ASN.1 // for the RSA public key. We'll first build the RSA ASN.1 for the public key // (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add // the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo) // This is already a SEQUENCE.. CkAsnW asnRsaKey; // The RSA modulus is a big integer. success = asnRsaKey.AppendBigInt(keyModulus,L"base64"); success = asnRsaKey.AppendInt(65537); const wchar_t *rsaKeyDerBase64 = asnRsaKey.getEncodedDer(L"base64"); // Now add the RSA key DER as a BIT STRING. success = asnPubKeyInfo->AppendBits(rsaKeyDerBase64,L"base64"); delete asnPubKeyInfo; // The last part of the certificate request info is an empty context-specific constructed item // with a tag equal to 0. success = asnCertReqInfo->AppendContextConstructed(0); // Get the DER of the asnCertReqInfo. // This will be signed using the RSA private key. CkBinDataW bdDer; success = asnCertReqInfo->WriteBd(bdDer); // Add the signature to the ASN.1 CkBinDataW bdSig; success = rsa.SignBd(bdDer,L"SHA1",bdSig); success = asnRoot.AppendBits(bdSig.getEncoded(L"base64"),L"base64"); delete asnCertReqInfo; // ---------------------------------- // Finally, add the algorithm identifier, which is the 2nd sub-item under the root. // ---------------------------------- CkAsnW *asnAlgId = asnRoot.GetSubItem(1); success = asnAlgId->AppendOid(L"1.2.840.113549.1.1.5"); success = asnAlgId->AppendNull(); delete asnAlgId; // Write the CSR to a DER encoded binary file: success = asnRoot.WriteBinaryDer(L"qa_output/mydomain.csr"); if (success != true) { wprintf(L"%s\n",asnRoot.lastErrorText()); return; } // It is also possible to get the CSR in base64 format: const wchar_t *csrBase64 = asnRoot.getEncodedDer(L"base64"); wprintf(L"Base64 CSR:\n"); wprintf(L"%s\n",csrBase64); delete privKey; } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.