21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

ut it requires you to pass in the length so that it may ensure that it doesn’t read or<br />

write past the bounds of your buffer.<br />

Table 7-3 lists the most prominent things you can convert to DER and back. The last<br />

two rows enumerate calls that are intended for people implementing actual infrastructure<br />

for a PKI, and they will not generally be of interest to the average developer<br />

applying cryptography. *<br />

Table 7-3. Objects that can be converted to and from DER format<br />

Kind of object<br />

OpenSSL<br />

object type Base encoding function Base decoding function Header File<br />

RSA public key RSA i2d_RSAPublicKey() d2i_RSAPublicKey() openssl/rsa.h<br />

RSA private key RSA i2d_RSAPrivateKey() d2i_RSAPrivateKey() openssl/rsa.h<br />

Diffie-Hellman<br />

parameters<br />

DH i2d_DHparams() d2i_DHparams() openssl/dh.h<br />

DSA parameters DSA i2d_DSAparams() d2i_DSAparams() openssl/dsa.h<br />

DSA public key DSA i2d_DSAPublicKey() d2i_DSAPublicKey() openssl/dsa.h<br />

DSA private key DSA i2d_DSAPrivateKey() d2i_DSAPrivateKey() openssl/dsa.h<br />

X.509 certificate X509 i2d_X509() d2i_X509() openssl/x509.h<br />

X.509 CRL X509_CRL i2d_X509_CRL() d2i_X509_CRL() openssl/x509.h<br />

PKCS #10 certificate<br />

signing request<br />

X509_REQ i2d_X509_REQ() d2i_X509_REQ() openssl/x509.h<br />

PKCS #7 container PKCS7 i2d_PCKS7() d2i_PKCS7() openssl/x509.h<br />

See Also<br />

• Enhanced SNACC ASN.1 compiler: http://www.getronicsgov.com/hot/snacc_lib.htm<br />

• Certificate Management Library: http://www.getronicsgov.com/hot/cml_home.htm<br />

• Recipe 4.10<br />

7.17 Representing Keys and Certificates in<br />

Plaintext (PEM Encoding)<br />

<strong>Problem</strong><br />

You want to represent cryptographic data such as public keys or certificates in a<br />

plaintext format, so that you can use it in protocols that don’t accept arbitrary binary<br />

data. This may include storing an encrypted version of a private key.<br />

* However, PKCS #7 can be used to store multiple certificates in one data object, which may be appealing to<br />

some, instead of DER-encoding multiple X.509 objects separately.<br />

Representing Keys and Certificates in Plaintext (PEM Encoding) | 355<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!