For example, the code listing below creates a PKCS #10 PDU by calling cdk::Key::asn1sign() and that method requires a random cdk::num input (for non-deterministic signature schemes). To obtain this input, it is simplest to apply the convenient cast to the output of cdk::getrand2():
// generate a new RSA key pair cdk::Key k; k.hashtype = hSHA1; k.RSAkeygen(cdk::getrand2(80)); // extract the algorithm ID and public key cdk::str algID = k.asn1parameters(1,0); cdk::str pubkey = k.asn1public(); // create an unsigned PKCS #10 certificate request cdk::DName dn; dn.cname = "John Doe"; cdk::str tbsP10 = makep10raw(dn.toasn1(), algID, pubkey, ""); // sign the PKCS #10 request cdk::str p10; int i = k.asn1sign(tbsP10, num(cdk::getrand2(80)), p10); // i > 0 indicates an error
Conversely, to convert a cdk::num object into one of type cdk::str, one can simply apply the cdk::num::tostr() method.
cdk::str hexStr = binStr.tohex(1);
To hex-encode a binary string (without a leading '0x'):
To decode (or parse) a hex-encoded string to binary:
To decode a base64-encoded string to binary
To base64-encode an octet string according to RFC 1113 and RFC 1421:
b64Str = binStr.tobase64(1);
This method, known as "PEM encoding" or "printable encoding," is the most popular form of encapsulating a base64-encoded octet string and is recommended for most applications.
To base64-encode an octet string without the RFC 1113 padding:
b64Str = binStr.tobase64(0);
The next topic is Processing X.509v3 Certificates and CRLs.
| ISC Cryptographic Development Kit - User's Guide |
|
| Questions? E-mail ISC technical support | |
| Copyright© 2002-2006 Information Security Corp. All rights reserved. |