24,854
社区成员
发帖
与我相关
我的任务
分享有没有用过openssl与证书加密解密的高人
是这样的,本地有一个cer文件,base64编码.里面包含公钥.
现目前应怎样提取证书公钥,对指定字符串进行加解密.
以下是本人的一段代码,但有问题
这ret总是返回-1, 网上又查不到相关资料,用RSA_public_decrypt解密同样也返回-1,不知道哪里出了问题.
现目前应怎样提取证书公钥,对指定字符串进行加解密.
以下是本人的一段代码,但有问题
RSA* rsa = RSA_new();
BIO *b = BIO_new_file("ms.cer", "r");
X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL);
EVP_PKEY *k = X509_get_pubkey(x);
rsa = EVP_PKEY_get1_RSA(k);
//int verson = X509_get_version(x);
int nLen = RSA_size(rsa);
char* pDecode = new char[nLen + 1];
int ret = RSA_public_encrypt(strData.length(), (const unsigned char*)strData.c_str(), (unsigned char*)pDecode, rsa, RSA_PKCS1_PADDING);
if (ret >= 0)
{
strRet = std::string((char*)pDecode, ret);
}
else
{
// printf("%s\n",ERR_error_string(ERR_get_error(),NULL));
}
这ret总是返回-1, 网上又查不到相关资料,用RSA_public_decrypt解密同样也返回-1,不知道哪里出了问题.
...全文
请发表友善的回复…
发表回复
slmax1 2017-01-17
- 打赏
- 举报
赵4老师 2017-01-16
- 打赏
- 举报
仅供参考:
#pragma comment(lib, "crypt32.lib")
#pragma comment(lib, "advapi32.lib")
#define _WIN32_WINNT 0x0400
#include <stdio.h>
#include <windows.h>
#include <wincrypt.h>
#define KEYLENGTH 0x00800000
void HandleError(char *s);
//--------------------------------------------------------------------
// These additional #define statements are required.
#define ENCRYPT_ALGORITHM CALG_RC4
#define ENCRYPT_BLOCK_SIZE 8
// Declare the function EncryptFile. The function definition
// follows main.
BOOL EncryptFile(
PCHAR szSource,
PCHAR szDestination,
PCHAR szPassword);
//--------------------------------------------------------------------
// Begin main.
void main(void) {
CHAR szSource[100];
CHAR szDestination[100];
CHAR szPassword[100];
printf("Encrypt a file. \n\n");
printf("Enter the name of the file to be encrypted: ");
scanf("%s",szSource);
printf("Enter the name of the output file: ");
scanf("%s",szDestination);
printf("Enter the password:");
scanf("%s",szPassword);
//--------------------------------------------------------------------
// Call EncryptFile to do the actual encryption.
if(EncryptFile(szSource, szDestination, szPassword)) {
printf("Encryption of the file %s was a success. \n", szSource);
printf("The encrypted data is in file %s.\n",szDestination);
} else {
HandleError("Error encrypting file!");
}
} // End of main
//--------------------------------------------------------------------
// Code for the function EncryptFile called by main.
static BOOL EncryptFile(
PCHAR szSource,
PCHAR szDestination,
PCHAR szPassword)
//--------------------------------------------------------------------
// Parameters passed are:
// szSource, the name of the input, a plaintext file.
// szDestination, the name of the output, an encrypted file to be
// created.
// szPassword, the password.
{
//--------------------------------------------------------------------
// Declare and initialize local variables.
FILE *hSource;
FILE *hDestination;
HCRYPTPROV hCryptProv;
HCRYPTKEY hKey;
HCRYPTHASH hHash;
PBYTE pbBuffer;
DWORD dwBlockLen;
DWORD dwBufferLen;
DWORD dwCount;
//--------------------------------------------------------------------
// Open source file.
if(hSource = fopen(szSource,"rb")) {
printf("The source plaintext file, %s, is open. \n", szSource);
} else {
HandleError("Error opening source plaintext file!");
}
//--------------------------------------------------------------------
// Open destination file.
if(hDestination = fopen(szDestination,"wb")) {
printf("Destination file %s is open. \n", szDestination);
} else {
HandleError("Error opening destination ciphertext file!");
}
//以下获得一个CSP句柄
if(CryptAcquireContext(
&hCryptProv,
NULL, //NULL表示使用默认密钥容器,默认密钥容器名
//为用户登陆名
NULL,
PROV_RSA_FULL,
0)) {
printf("A cryptographic provider has been acquired. \n");
} else {
if(CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))//创建密钥容器
{
//创建密钥容器成功,并得到CSP句柄
printf("A new key container has been created.\n");
} else {
HandleError("Could not create a new key container.\n");
}
}
//--------------------------------------------------------------------
// 创建一个会话密钥(session key)
// 会话密钥也叫对称密钥,用于对称加密算法。
// (注: 一个Session是指从调用函数CryptAcquireContext到调用函数
// CryptReleaseContext 期间的阶段。会话密钥只能存在于一个会话过程)
//--------------------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash)) {
printf("A hash object has been created. \n");
} else {
HandleError("Error during CryptCreateHash!\n");
}
//--------------------------------------------------------------------
// 用输入的密码产生一个散列
if(CryptHashData(
hHash,
(BYTE *)szPassword,
strlen(szPassword),
0)) {
printf("The password has been added to the hash. \n");
} else {
HandleError("Error during CryptHashData. \n");
}
//--------------------------------------------------------------------
// 通过散列生成会话密钥
if(CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
KEYLENGTH,
&hKey)) {
printf("An encryption key is derived from the password hash. \n");
} else {
HandleError("Error during CryptDeriveKey!\n");
}
//--------------------------------------------------------------------
// Destroy the hash object.
CryptDestroyHash(hHash);
hHash = NULL;
//--------------------------------------------------------------------
// The session key is now ready.
//--------------------------------------------------------------------
// 因为加密算法是按ENCRYPT_BLOCK_SIZE 大小的块加密的,所以被加密的
// 数据长度必须是ENCRYPT_BLOCK_SIZE 的整数倍。下面计算一次加密的
// 数据长度。
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
//--------------------------------------------------------------------
// Determine the block size. If a block cipher is used,
// it must have room for an extra block.
if(ENCRYPT_BLOCK_SIZE > 1)
dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
else
dwBufferLen = dwBlockLen;
//--------------------------------------------------------------------
// Allocate memory.
if(pbBuffer = (BYTE *)malloc(dwBufferLen)) {
printf("Memory has been allocated for the buffer. \n");
} else {
HandleError("Out of memory. \n");
}
//--------------------------------------------------------------------
// In a do loop, encrypt the source file and write to the destination file.
do {
//--------------------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
dwCount = fread(pbBuffer, 1, dwBlockLen, hSource);
if(ferror(hSource)) {
HandleError("Error reading plaintext!\n");
}
//--------------------------------------------------------------------
// 加密数据
if(!CryptEncrypt(
hKey, //密钥
0, //如果数据同时进行散列和加密,这里传入一个
//散列对象
feof(hSource), //如果是最后一个被加密的块,输入TRUE.如果不是输.
//入FALSE这里通过判断是否到文件尾来决定是否为
//最后一块。
0, //保留
pbBuffer, //输入被加密数据,输出加密后的数据
&dwCount, //输入被加密数据实际长度,输出加密后数据长度
dwBufferLen)) //pbBuffer的大小。
{
HandleError("Error during CryptEncrypt. \n");
}
//--------------------------------------------------------------------
// Write data to the destination file.
fwrite(pbBuffer, 1, dwCount, hDestination);
if(ferror(hDestination)) {
HandleError("Error writing ciphertext.");
}
} while(!feof(hSource));
//--------------------------------------------------------------------
// End the do loop when the last block of the source file has been
// read, encrypted, and written to the destination file.
//--------------------------------------------------------------------
// Close files.
if(hSource)
fclose(hSource);
if(hDestination)
fclose(hDestination);
//--------------------------------------------------------------------
// Free memory.
if(pbBuffer)
free(pbBuffer);
//--------------------------------------------------------------------
// Destroy session key.
if(hKey)
CryptDestroyKey(hKey);
//--------------------------------------------------------------------
// Destroy hash object.
if(hHash)
CryptDestroyHash(hHash);
//--------------------------------------------------------------------
// Release provider handle.
if(hCryptProv)
CryptReleaseContext(hCryptProv, 0);
return(TRUE);
} // End of Encryptfile
//--------------------------------------------------------------------
// This example uses the function HandleError, a simple error
// handling function, to print an error message to the standard error
// (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void HandleError(char *s) {
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of HandleError
slmax1 2017-01-16
- 打赏
- 举报
我需要加密的字符串刚好20个字节
前面这个问题解决了.我在上面也说了,感谢,能否再请教下.
当执行了PKCS7_sign签名后,如何获得签名后的字符串.记得在java源码中最后获得的是256个字节的字节数组.用openssl库如何能够像JAVA那样也获取256个字节的数据.
mLee79 2017-01-16
- 打赏
- 举报
strData 的长度是多少, 这个长度不能超过 RSA 公钥长度 / 8 - 6 字节(大概也许应该是这么多, 2字节的padding 头, 2字节长度, 2字节随机数好像是), 也就是 512位的 RSA 只能加密 48 字节的 key, 2048 位的只能加密 250 字节.
你应该用 RSA 加密对称加密密钥, 然后对称加密 strData.
赵4老师 2017-01-16
- 打赏
- 举报
电脑内存或文件内容或传输内容只是一个一维二进制字节数组及其对应的二进制地址;
人脑才将电脑内存或文件内容或传输内容中的这个一维二进制字节数组及其对应的二进制地址的某些部分看成是整数、有符号数/无符号数、浮点数、复数、英文字母、阿拉伯数字、中文/韩文/法文……字符/字符串、汇编指令、函数、函数参数、堆、栈、数组、指针、数组指针、指针数组、数组的数组、指针的指针、二维数组、字符点阵、字符笔画的坐标、黑白二值图片、灰度图片、彩色图片、录音、视频、指纹信息、身份证信息……
赵4老师 2017-01-16
- 打赏
- 举报
亲自领教到半人半机器回复的魅力了吧。
赵4老师 2017-01-16
- 打赏
- 举报
不知道。
仅供参考:
void HexDump(char *buf,int len,int addr) {
int i,j,k;
char binstr[80];
for (i=0;i<len;i++) {
if (0==(i%16)) {
sprintf(binstr,"%08x -",i+addr);
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
} else if (15==(i%16)) {
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
sprintf(binstr,"%s ",binstr);
for (j=i-15;j<=i;j++) {
sprintf(binstr,"%s%c",binstr,('!'<buf[j]&&buf[j]<='~')?buf[j]:'.');
}
printf("%s\n",binstr);
} else {
sprintf(binstr,"%s %02x",binstr,(unsigned char)buf[i]);
}
}
if (0!=(i%16)) {
k=16-(i%16);
for (j=0;j<k;j++) {
sprintf(binstr,"%s ",binstr);
}
sprintf(binstr,"%s ",binstr);
k=16-k;
for (j=i-k;j<i;j++) {
sprintf(binstr,"%s%c",binstr,('!'<buf[j]&&buf[j]<='~')?buf[j]:'.');
}
printf("%s\n",binstr);
}
}
slmax1 2017-01-16
- 打赏
- 举报
你这个根本就没有涉及到openssl库的使用.
上面的问题自己弄懂了.
想问一下.对hash过的字符串进行签名,签名后的长度为什么很大? 1700+
