21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

ut it requires you to pass in the length so that it may ensure that it doesn’t read or<br />

write past the bounds of your buffer.<br />

Table 7-3 lists the most prominent things you can convert to DER and back. The last<br />

two rows enumerate calls that are intended for people implementing actual infrastructure<br />

for a PKI, and they will not generally be of interest to the average developer<br />

applying cryptography. *<br />

Table 7-3. Objects that can be converted to and from DER format<br />

Kind of object<br />

OpenSSL<br />

object type Base encoding function Base decoding function Header File<br />

RSA public key RSA i2d_RSAPublicKey() d2i_RSAPublicKey() openssl/rsa.h<br />

RSA private key RSA i2d_RSAPrivateKey() d2i_RSAPrivateKey() openssl/rsa.h<br />

Diffie-Hellman<br />

parameters<br />

DH i2d_DHparams() d2i_DHparams() openssl/dh.h<br />

DSA parameters DSA i2d_DSAparams() d2i_DSAparams() openssl/dsa.h<br />

DSA public key DSA i2d_DSAPublicKey() d2i_DSAPublicKey() openssl/dsa.h<br />

DSA private key DSA i2d_DSAPrivateKey() d2i_DSAPrivateKey() openssl/dsa.h<br />

X.509 certificate X509 i2d_X509() d2i_X509() openssl/x509.h<br />

X.509 CRL X509_CRL i2d_X509_CRL() d2i_X509_CRL() openssl/x509.h<br />

PKCS #10 certificate<br />

signing request<br />

X509_REQ i2d_X509_REQ() d2i_X509_REQ() openssl/x509.h<br />

PKCS #7 container PKCS7 i2d_PCKS7() d2i_PKCS7() openssl/x509.h<br />

See Also<br />

• Enhanced SNACC ASN.1 compiler: http://www.getronicsgov.com/hot/snacc_lib.htm<br />

• Certificate Management Library: http://www.getronicsgov.com/hot/cml_home.htm<br />

• Recipe 4.10<br />

7.17 Representing Keys and Certificates in<br />

Plaintext (PEM Encoding)<br />

<strong>Problem</strong><br />

You want to represent cryptographic data such as public keys or certificates in a<br />

plaintext format, so that you can use it in protocols that don’t accept arbitrary binary<br />

data. This may include storing an encrypted version of a private key.<br />

* However, PKCS #7 can be used to store multiple certificates in one data object, which may be appealing to<br />

some, instead of DER-encoding multiple X.509 objects separately.<br />

Representing Keys and Certificates in Plaintext (PEM Encoding) | 355<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!