Converting Windows PRIVATEKEYBLOB to Qt's QSsl

2019-05-21 14:14发布

站内问答 / 前沿技术
425 1 5

I am working on an Qt application(Windows Service) which uses SSL encryption.

I need to access the certificate and associated private key from the Windows Certificate Store and pass it to my QSslSocket using setLocalCertificate and setPrivateKey which accepts QSslCertificate and QSslKey respectively.

I am able to get the certificate from the store and set it to QsslSocket using the Windows API '(CertOpenStore, CertFindCertificateInStore). Now as I have the certificate I need to extract its private key and set to ssl socket. I am using CryptAcquireCertificatePrivateKey, CryptGetUserKey and CryptExportKey Windows API in the same order, which gives me a Microsoft PRIVATEKEYBLOB and now I need to convert it to a format that QSslKey understands.

How do i do that?

1条回答
Summer. ? 凉城
2楼-- · 2019-05-21 15:01

Solved it!! Thought of sharing teh solution here, it might be helpful to someone.

// Open the certificate store to be searched.
HCERTSTORE hSystemStore = CertOpenStore((LPCSTR)(CERT_STORE_PROV_SYSTEM),  0, NULL,
                             CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");

CRYPT_DATA_BLOB dataBlob = {0};
QString password("password"); // your password for the cretificate and private key goes here

if(PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
                            EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
{
    if (dataBlob.cbData > 0)
    {
        dataBlob.pbData = (BYTE*)malloc(dataBlob.cbData);
        if (PFXExportCertStoreEx(hSystemStore, &dataBlob, password.toStdWString().c_str(), NULL,
                                    EXPORT_PRIVATE_KEYS | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY | REPORT_NO_PRIVATE_KEY))
        {
            EVP_PKEY *pkey;
            X509 *cert;
            STACK_OF(X509) *ca = NULL;
            PKCS12 *p12;
            int i;
            CRYPTO_malloc_init();
            OpenSSL_add_all_algorithms();
            SSLeay_add_all_algorithms();
            ERR_load_crypto_strings();

            BIO* input = BIO_new_mem_buf((void*)dataBlob.pbData, dataBlob.cbData);
            p12 = d2i_PKCS12_bio(input, NULL);

            PKCS12_parse(p12, password.toStdString().c_str(), &pkey, &cert, &ca);
            PKCS12_free(p12);

            if (cert)
            {
                BIO *boCert = BIO_new( BIO_s_mem() );

                PEM_write_bio_X509(boCert, cert);
                if (ca && sk_X509_num(ca))
                {
                    for (i = 0; i < sk_X509_num(ca); i++)
                    {
                        PEM_write_bio_X509(boCert, sk_X509_value(ca, i));
                    }
                }
                char *certStr;
                long len = BIO_get_mem_data(boCert, &certStr);

                QSslCertificate localCertificate(QByteArray::fromRawData(certStr, len));
                mySslSocket->setLocalCertificate(localCertificate);

                BIO_free_all(boCert);
            }

            if (pkey)
            {
                BIO *bo = BIO_new( BIO_s_mem() );
                PEM_write_bio_PrivateKey(bo, pkey, NULL, (unsigned char*)(password.toStdString().c_str()), password.length(), NULL, (char*)(password.toStdString().c_str()));

                char *p;
                long len = BIO_get_mem_data(bo, &p);

                QSslKey key(QByteArray::fromRawData(p, len), QSsl::Rsa);
                mySslSocket->setPrivateKey(key);
                BIO_free_all(bo);
            }
           free(dataBlob.pbData);
        }
    }
}

if(hSystemStore)
    CertCloseStore(hSystemStore, 0);
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)