使用pkcs12文件的OpenSSL RSA公共/私有加密/解密

我正在将服务从C＃移植到C - 这涉及RSA加密 . 使用OpenSSL 1.0.2 . （两周前我写了我的第一行C - 所以请耐心等待 . ）

我正在尝试使用RSA加密/解密数据 . 加密使用通过HTTPS调用服务器检索的公钥（使用SSL证书的公钥） .

解密发生在服务器上 - 从PFX文件（PKCS12）加载私钥 .

我遇到解密问题 - error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error

我究竟做错了什么？

Encryption - getting public key from server (HTTPS)

int MyUtil::EncryptWithPublicKeyRetrievedFromServer(int length, unsigned char*     bytesToEncrypt, unsigned char* output){
    //Get Certificate from server
    boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
    boost::asio::io_service io_service;
    ctx.set_default_verify_paths();
    client myClient = client(io_service, ctx);
    auto cert = myClient.GetX509Certificate("www.myHttpsDomain.com");

    //Get public key
    auto key = X509_get_pubkey(cert);
    auto rsa = EVP_PKEY_get1_RSA(key);

    //Encrypt
    return RSA_public_encrypt(length, bytesToEncrypt, output, rsa,  RSA_PKCS1_PADDING);
}

Decryption - using private key

int MyUtil::DecryptWithPrivateKey(int length, unsigned char* bytesToDecrypt, unsigned char *output){
    auto filePath = "C:\\myCertificateWithPrivateAndPublicKey.pfx";
    auto pass = "MySecretPassword";

    FILE *fp;
    EVP_PKEY *pkey;
    X509 *cert;
    STACK_OF(X509) *ca = NULL;
    PKCS12 *p12;

    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    #pragma warning (disable : 4996) //MS complains about fopen
    if (!(fp = fopen(filePath, "rb"))) {
        fprintf(stderr, "Error opening file %s\n", filePath);
        exit(1);
    }
    p12 = d2i_PKCS12_fp(fp, NULL);
    fclose(fp);
    if (!p12) {
        fprintf(stderr, "Error reading PKCS#12 file\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }
    //Parse PKCS12 (PFX) file in order to get private key
    if (!PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
        fprintf(stderr, "Error parsing PKCS#12 file\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }
    PKCS12_free(p12);

    //Decrypt
    auto rsa = EVP_PKEY_get1_RSA(pkey);
    int sizeOfDecryptedData;
    if (sizeOfDecryptedData = RSA_private_decrypt(length, bytesToDecrypt, output, rsa, RSA_PKCS1_PADDING) == -1)
    {
        auto err = new char;
        ERR_load_crypto_strings();
        ERR_error_string(ERR_get_error(), err);
        fprintf(stderr, "Error encrypting message: %s\n", err);
        //--> error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
        delete err;
    }


    sk_X509_pop_free(ca, X509_free);
    X509_free(cert);
    EVP_PKEY_free(pkey);
    fclose(fp);

    return sizeOfDecryptedData;
}

我也尝试通过 PEM 格式加载私钥然后解密

int MyUtil::DecryptWithPrivateKey(int length, unsigned char* bytesToDecrypt, unsigned char *output){

    char *private_key_file_name = "C:\\privatekey.cer";

    #pragma warning (disable : 4996) //MS complains about fopen
    FILE *fp = fopen(private_key_file_name, "r");
    RSA *rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
    fclose(fp);

    if (sizeOfDecryptedData = RSA_private_decrypt(length, bytesToDecrypt, output, rsa, RSA_PKCS1_PADDING) == -1)
    {
        auto err = new char;
        ERR_load_crypto_strings();
        ERR_error_string(ERR_get_error(), err);
        fprintf(stderr, "Error encrypting message: %s\n", err);
        //--> error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
        delete err;
    }

    return decryptedBytes;
}