我正在尝试使用 OpenSSL 和与我共享的公钥在 C 中执行字符串数据加密。我在网上搜索过,但没有成功找到有用的信息。
我的加密应使用 RSA PKCS1 填充和 SHA1 OAEP 哈希。
我创建了这个函数来加密
int rsaEvpEncrypt(EVP_PKEY* pkey, const char * data){
EVP_PKEY_CTX * ctx = NULL;
//EVP_PKEY * pkey = NULL;
unsigned char * encrypted = NULL;
size_t outlen = 0;
const size_t inlen = strlen(data);
tappa_printf("Print %d", 1);
ctx = EVP_PKEY_CTX_new(pkey, NULL);
tappa_printf("Print %d", 2);
if (!ctx) {
cleanup(ctx, NULL, NULL, NULL);
return 1000;
}
// Init encryption context.
if (EVP_PKEY_encrypt_init(ctx) <= 0) { // <-SEGFAULT LINE
cleanup(ctx, pkey, encrypted, NULL);
return 5;
}
tappa_printf("Print %d", 3);
// Defines padding
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) {
cleanup(ctx, pkey, encrypted, NULL);
return 6;
}
// Evaluating size for encrypted buffer and encrypting
if (EVP_PKEY_encrypt(ctx, NULL, &outlen, (const unsigned char *) data, inlen) <= 0) {
cleanup(ctx, pkey, encrypted, NULL);
return 7;
}
encrypted = (unsigned char *)OPENSSL_malloc(outlen);
tappa_printf("Print %d", 5);
if (!encrypted) {
cleanup(ctx, pkey, encrypted, NULL);
return 8;
}
tappa_printf("Print %d", 6);
if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, (const unsigned char *)data, inlen) <= 0) {
cleanup(ctx, pkey, encrypted, NULL);
return 9;
}
tappa_print("\"ENCRYPTED: %s", (char *)encrypted);
}
这个函数可以生成随机密钥
int rsaEvpKeyGen(EVP_PKEY **outPK){
EVP_PKEY_CTX * ctx = NULL;
EVP_PKEY * pkey = NULL;
EVP_PKEY * rkey = NULL;
// const size_t inlen = strlen(argv[1]);
size_t outlen = 0;
size_t doutlen = 0;
unsigned char * encrypted = NULL;
unsigned char * decrypted = NULL;
// Create context
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx) {
cleanup(ctx, pkey, encrypted, decrypted);
return 1;
}
// Init key generator
if (EVP_PKEY_keygen_init(ctx) <= 0) {
cleanup(ctx, pkey, encrypted, decrypted);
return 2;
}
int KEY_BITS = 2048;
// Configure key generation
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KEY_BITS) <= 0) {
cleanup(ctx, pkey, encrypted, decrypted);
return 3;
}
// Create keys
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
cleanup(ctx, pkey, encrypted, decrypted);
return 4;
}
*outPK =pkey;
return 0;
}
代码按预期工作并按预期加密数据。然而,为了让我的应用程序正常工作,我需要能够使用外部生成的公钥。
在下面的代码中,我尝试使用 EVP_PKEY_new_raw_public_key 从 pub_key_str 创建 EVP_PKEY 但它返回 NULL
int rsaEvpKeyGen(EVP_PKEY **outPK){
EVP_PKEY_CTX * ctx = NULL;
EVP_PKEY * pkey = NULL;
EVP_PKEY * rkey = NULL;
// const size_t inlen = strlen(argv[1]);
size_t outlen = 0;
size_t doutlen = 0;
unsigned char * encrypted = NULL;
unsigned char * decrypted = NULL;
const char *pub_key_str = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WRkqlsZbmaNWbOZr/M4\n"
"ddwXKjmHUJ8zn9hy0WE15A8T4xjNuzJ/ATKbz20/2wVgFEGTWPNCUjkUvFzr3mhN\n"
"v/YJXo5iXQDP3M6rVv/w3SXaiR9C8yhDxWUz7WX/clmj7vDvk5Iydgq07gVScx+\n"
"5DBVbGAx10jHSDSa7f/NXMn9yNHad4hN0i1l+tsTB39CFsNeVFr349y4R8HA5Zma\n"
"EKseLc8iKzkwEQcuyMn4znaFpnOL0CmSrYB5K1E9zmmtDhMvDs540ZotcH/xpJiV\n"
"XEdQOWGFN6rryeAKP8y+sMRfQLxoiTg37YfsxTscf0gzKBizoamTF3TjRUNM55aE\n"
"BwIDAQAB\n"
"-----END PUBLIC KEY-----";
pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_RSA,NULL, (const unsigned char *) pub_key_str,
strlen(pub_key_str) );
tappa_printf("PKEY is null %d",pkey == NULL);
*outPK =pkey;
return 0;
}
发布的公钥似乎无效。检查复制/粘贴错误或将密钥与另一面进行比较。
EVP_PKEY_new_raw_public_key()
用于导入原始密钥,例如使用它们在 Ed25519 或 X25519 的上下文中。
可以导入公共 PEM 密钥,例如如下:
const char* spkiPem = "-----BEGIN PUBLIC KEY-----\r\n\
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunF5aDa6HCfLMMI/MZLT\r\n\
5hDk304CU+ypFMFiBjowQdUMQKYHZ+fklB7GpLxCatxYJ/hZ7rjfHH3Klq20/Y1E\r\n\
bYDRopyTSfkrTzPzwsX4Ur/l25CtdQldhHCTMgwf/Ev/buBNobfzdZE+Dhdv5lQw\r\n\
KtjI43lDKvAi5kEet2TFwfJcJrBiRJeEcLfVgWTXGRQn7gngWKykUu5rS83eAU1x\r\n\
H9FLojQfyia89/EykiOO7/3UWwd+MATZ9HLjSx2/Lf3g2jr81eifEmYDlri/OZp4\r\n\
OhZu+0Bo1LXloCTe+vmIQ2YCX7EatUOuyQMt2Vwx4uV+d/A3DP6PtMGBKpF8St4i\r\n\
GwIDAQAB\r\n\
-----END PUBLIC KEY-----";
const unsigned char* key = (const unsigned char*)spkiPem;
size_t keylen = strlen(spkiPem);
OSSL_DECODER_CTX* dctx;
EVP_PKEY* pkey = NULL;
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "RSA", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, NULL, NULL);
if (dctx == NULL) {
// Error handling
}
if (!OSSL_DECODER_from_data(dctx, &key, &keylen)) {
// Error handling
}
// Use pkey
...