使用CryptoApi将扩展名添加到证书中

Add extension to certificate using CryptoApi

本文关键字:证书 添加 扩展名 CryptoApi 使用      更新时间:2023-10-16

我正在尝试使用CryptoApi向证书请求添加扩展名。这是我使用的代码:

char extensionValue[] = "testValue";

_CRYPTOAPI_BLOB myBlob = {
    (DWORD)strlen(extensionValue),
    (BYTE*)extensionValue
};
wchar_t pszString[1000];
DWORD dwLength = 1000;
bool checkEncodingToBase64Test = CryptBinaryToStringW(myBlob.pbData, myBlob.cbData, CRYPT_STRING_BASE64, (LPWSTR)pszString, &dwLength);

BSTR bstrValue = pszString;
BSTR bstrName = SysAllocString(L"1.2.643.100.111");
HRESULT checkAddingExtention = pEnroll->addExtensionToRequest(0, bstrName, bstrValue);

要检查请求,我使用https://certlogik.com/decoder/在此处查看此结果时:

Requested Extensions:
        X509v3 Extended Key Usage: 
            TLS Web Client Authentication, E-mail Protection, 1.2.643.2.2.34.6
        X509v3 Key Usage: 
            Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
        1.2.643.100.111: 
            testValue
SEQUENCE {:
   OBJECT IDENTIFIER '1 2 643 100 111'
   OCTET STRING 74 65 73 74 56 61 6C 75 65
}

,但我需要获得这种类型的结构:

SEQUENCE {
  OBJECT IDENTIFIER '1 2 643 100 111'
  OCTET STRING, encapsulates {
  UTF8String
  'testValue'
  }
}

如何实现这一目标?如何将UTF8弦放在扩展中?

尝试这样做

WCHAR *id = L"testValue";
CERT_NAME_VALUE otherNameValue = { CERT_RDN_UTF8_STRING, (DWORD)wcslen(id) * sizeof(wchar_t), (PBYTE)id };
BYTE *buf;
DWORD size = 0;
CryptEncodeObjectEx(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, X509_ANY_STRING, &otherNameValue, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
CERT_EXTENSION CertExtension[] = { {"1.2.643.100.111", FALSE, size, buf} };
...
LocalFree(buf);
相关文章: