📋 Radikant-Cert-C 

Device Screen

A small library for handling x509, pem and consorting standards in a  certificate context. It builds on top of Radikant Crypto and Radikant ASN1. It can generate self-signed P256 and RSA certificates however it can also import and export certificates. Currently lacks proper PKI validation.

⚠️ Currently PKI and root Certificate mechanism lack implementation

Generate P256 Certificate

FileEditViewProject
CertTool — P256 Generation
cert_error_t err = rc_generate_self_signed_p256_cert(
"Radikant Professional Cert",
"US",
"Radikant Labs",
365,
output_cert_path,
output_key_path
);
Build Succeeded
RunBuildDebug Ln 8, Col 2
-----BEGIN CERTIFICATE----- MIIB9zCCAZ2gAwIBAgIUNvvBJ3mTmJ2ARtD3An0i0m8tLmUwCgYIKoZIzj0EAwIw SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDVJhZGlrYW50IExhYnMxIzAhBgNVBAMT GlJhZGlrYW50IFByb2Zlc3Npb25hbCBDZXJ0MB4XDTI2MDIwNDE3MTcyOFoXDTI3 MDIwNDE3MTcyOFowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDVJhZGlrYW50IExh YnMxIzAhBgNVBAMTGlJhZGlrYW50IFByb2Zlc3Npb25hbCBDZXJ0MFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAERBj9B3N95KFjHhkNOH34BIrAnUXtfcpyelSXPjdu 3CtneEH5NcFPZUbXNtzjhQzjXB40K15b4E3IQlDfbc1bMaNhMF8wHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQtG8X4toihDqw1Z+LELlLx H+D3hzAfBgNVHSMEGDAWgBQtG8X4toihDqw1Z+LELlLxH+D3hzAKBggqhkjOPQQD AgNIADBFAiAi9zH6bo7qTGQZ1Q/8LYI6hFETLuVVIyFJnp9xQiYWKwIhAOFg5Q1k N7X0Ks7CcuNQ5EPLmo/rVEX3kqXkR0kIn/m/ -----END CERTIFICATE-----

This library is able to generate a P256 Certificate with SHA256. Since Radikant Crypto supports P384, P521 and SHA384 and SHA512 it can easily be extended to support many common certificate formats. When generating a certificate you can keep it in memory or export it to a file. 

Generate RSA Certificate

FileEditViewProject
CertTool — RSA Generation
cert_error_t err = rc_generate_self_signed_rsa_cert(
"Radikant RSA Test",
"NL",
"Radikant Labs",
365,
output_cert_path,
output_key_path
);
Build Succeeded
RunBuildDebug Ln 8, Col 2
-----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIUEMxf3RbEYI7fraMn2RJD2f0sAOwwDQYJKoZIhvcNAQEL BQAwQTELMAkGA1UEBhMCTkwxFjAUBgNVBAoTDVJhZGlrYW50IExhYnMxGjAYBgNV BAMTEVJhZGlrYW50IFJTQSBUZXN0MB4XDTI2MDIwNDE3MzcwMloXDTI3MDIwNDE3 MzcwMlowQTELMAkGA1UEBhMCTkwxFjAUBgNVBAoTDVJhZGlrYW50IExhYnMxGjAY BgNVBAMTEVJhZGlrYW50IFJTQSBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAzpl34YuXI6Yrstc8WLptbEhzIo+Qe1+LKGsWMOoi8FK/OIEHRp30 GJG6PvBu//MQcm2hlWcuTKN6ZkESO2HYjZzJROutCLTCj1AXJrmUoh6CuPjXAW9K DIaijlwDQZOhcFEC8g7eRu+5jszajfgFZQHNQda3N613QbCxcCnwuF0n7nFZzZD+ yWzbyxo35MFyosMQF58CXVeDnTslPWyEr9Lbe3nH4MDrbtqLtDH0pssIy8mfHHxr 3VaFOb8RUrJ18F5pOusWYlXb15IwDvPVMD7WYNnAhvklG2dr3HXAeBVpuQYpHLEv AtFTYB6iqjzvBRlWeP+vqvwBWkckupT8PQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB AQDFbswdcYNR+WTWKXWfan6jsk2fCP7KJYEo621TIyoxVqdm3/f7Lc62iUBKwuka TTb6us9pvS+zMkv3LKU26kgIilIAm4F9GaLlgoJI26RcXa5ioCkP/dxazATmNVz/ dQrwdJOQU12fUZnRw8cgg7xgHNCL/6pKjF1KBDsgWAsmPudhUa4XSnVc7yD0GO5D rEJTBj63NSQ+jkYQAzykJYD8NL9PETt/SlvV7IrywbzI8+VAr4WFB2DRcAzqatFu 06CPM0XweOaOXRZeX5l7Eoyc/4X84cs1Mh88bCj1ZjqRZOh1inKiRkfTmzeNgwkX 1jw1hTrChu8O5UN0SIlA+WCy -----END CERTIFICATE-----

This library is able to generate a RSA2048 Certificate with SHA256. Currently there is no support for RSA4096 in Radikant Crypto because the Big Num lib needs to be rewritten to support this. 

Extract key

Key Length: 2048 bits Modulus (n) (256 bytes): DB29967347219CA9D4E117B915704304E8CDCC190E4E5B7A974DB668C7D37379 3B294E5D2E8F4E57F5D50235A2193EFF2F818770808040FFE23BE0C133B4053C 39BA1193DA110B14446917F8139909DFE0E41AE35B5CC7A9A8F677C90ABCF0AD 30D02252BBF58F578D596358B91F260FD1970C66C93EBA3E4097BA5CFF87E404 A5C50C84F116A0EFC5385A4DD1B255E2F022604019AFCD02D631CDE22EA4E78E D889F95639D1C2DDA4C6F965B485C3F07B7AD544F2E6BC3690D46566F75BEEEE 7B75FAFE5572DFADD79365F2C92E546D1D4D0D7A2CA9BF67973C68F8EAA8C3B9 7F44C088F3B6C1598797D465ADBF86795CE72F4E147799DB6D47B1E5FF375065 Exponent (e): 65537 (0x10001)
[TEST] Import P-256 Public Key from Memory ✅ P-256 Public Key Import passed (65 bytes) Type: Uncompressed P-256 Point X: F8:DA:34:36:84:4E:E3:E8:BF:C9:EE:48:4D:4B:32:AA: 14:C9:DB:0B:41:A6:C6:4B:D0:E7:F6:A8:A8:EC:8D:6B Y: 67:2E:CC:06:77:3E:97:33:D1:75:BA:E4:CD:F6:E5:42: 37:BC:76:49:70:62:08:2E:20:07:87:3C:E2:B7:BF:7D [TEST] Import P-256 Public Key from File: temp_p256_pub.pem ✅ P-256 Public Key File Import passed (65 bytes) Type: Uncompressed P-256 Point X: F8:DA:34:36:84:4E:E3:E8:BF:C9:EE:48:4D:4B:32:AA: 14:C9:DB:0B:41:A6:C6:4B:D0:E7:F6:A8:A8:EC:8D:6B Y: 67:2E:CC:06:77:3E:97:33:D1:75:BA:E4:CD:F6:E5:42: 37:BC:76:49:70:62:08:2E:20:07:87:3C:E2:B7:BF:7D

This library is able to extract RSA and ECC Nist keys from the certificates. Which is is required for a live encrypted connection. For example Radikant Crypto extracts private and public keys from a pre-generated certificates. The Key extraction API now is very flaky and not fool proof, its needs to be 

Parse Cert

File Edit View Find Navigate
MySecurityApp — iPhone 15 Pro Max
// Import the P256 certificate for processing
pem_import_from_file(p256_cert_path, &loaded_data, &loaded_len);
// Debug output to terminal
x509_parse_and_print_certificate(loaded_data, loaded_len, 0);
Build Succeeded
Run Build Debug Ln 14, Col 5
✅ RSA Cert Import passed (700 bytes) --- Decoded Certificate --- Certificate (SEQUENCE): TBSCertificate (SEQUENCE): Version: [0] EXPLICIT Value: 2 (v3) Serial Number: 2F:CC:82:3B:95:F9:66:D7:53:A2:F1:AB:0C:7E:D7:9B: 61:0F:9F:22 Algorithm: ecdsa-with-SHA256 (1.2.840.10045.4.3.2) Issuer: countryName (2.5.4.6) Value: 'NL' stateOrProvinceName (2.5.4.8) Value: 'Noord Holland' localityName (2.5.4.7) Value: 'Amsterdam' organizationName (2.5.4.10) Value: 'Radikant-OpenSSL' organizationalUnitName (2.5.4.11) Value: 'Radikant Research' commonName (2.5.4.3) Value: 'Radikant Server' emailAddress (1.2.840.113549.1.9.1) Value: 'him@charlie-elbakry.nl' Validity: Not Before: '260110235403Z' Not After : '270110235403Z' Subject: countryName (2.5.4.6) Value: 'NL' stateOrProvinceName (2.5.4.8) Value: 'Noord Holland' localityName (2.5.4.7) Value: 'Amsterdam' organizationName (2.5.4.10) Value: 'Radikant-OpenSSL' organizationalUnitName (2.5.4.11) Value: 'Radikant Research' commonName (2.5.4.3) Value: 'Radikant Server' emailAddress (1.2.840.113549.1.9.1) Value: 'him@charlie-elbakry.nl' Subject Public Key Info: Algorithm: ecPublicKey (1.2.840.10045.2.1) Parameters: (Skipped) Public Key (Unused Bits: 0): 04:77:D0:C9:44:BD:BB:2E:5E:D1:C8:5F:26:AE:7D:85: 35:82:57:37:F1:E7:DA:DF:1B:C2:1B:23:5C:3D:8D:26: C6:90:51:CB:68:66:24:80:5B:C2:77:CD:8A:FA:14:6D: B7:F0:3C:50:7D:19:7B:66:D3:84:B8:31:C9:16:EF:1A: 43 Extensions: [3] EXPLICIT Extension OID: subjectKeyIdentifier (2.5.29.14) Value (OCTET STRING): 04:14:B3:A8:37:65:00:8A:38:F2:A3:D9:57:BC:53:7B: ED:6A:87:54:21:44 Extension OID: authorityKeyIdentifier (2.5.29.35) Value (OCTET STRING): 30:16:80:14:B3:A8:37:65:00:8A:38:F2:A3:D9:57:BC: 53:7B:ED:6A:87:54:21:44 Extension OID: basicConstraints (2.5.29.19) Critical: TRUE Value (OCTET STRING): 30:03:01:01:FF Algorithm: ecdsa-with-SHA256 (1.2.840.10045.4.3.2) Signature Value (Unused Bits: 0): 30:44:02:20:56:30:E5:50:50:C4:38:D9:20:12:80:2C: 12:B0:A9:A3:37:53:BB:3D:A3:AC:6D:0C:46:17:0C:3B: 98:DF:AD:DE:02:20:32:88:B0:07:AF:3C:34:67:44:D8: 47:8E:C2:E7:37:3C:44:4E:B7:B7:E9:7D:10:07:3A:4F: 2C:A7:9C:88:F5:A1 ---------------------------

This library is able to generate a RSA2048 Certificate with SHA256. Currently there is no support for RSA4096 in Radikant Crypto because the Big Num lib needs to be rewritten to support this.