我正在将服务从C#移植到C - 这涉及RSA加密 . 使用OpenSSL 1.0.2 . (两周前我写了我的第一行C - 所以请耐心等待 . )
我正在尝试使用RSA加密/解密数据 . 加密使用通过HTTPS调用服务器检索的公钥(使用SSL证书的公钥) .
解密发生在服务器上 - 从PFX文件(PKCS12)加载私钥 .
我遇到解密问题 - error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
我究竟做错了什么?
Encryption - getting public key from server (HTTPS)
int MyUtil::EncryptWithPublicKeyRetrievedFromServer(int length, unsigned char* bytesToEncrypt, unsigned char* output){
//Get Certificate from server
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
boost::asio::io_service io_service;
ctx.set_default_verify_paths();
client myClient = client(io_service, ctx);
auto cert = myClient.GetX509Certificate("www.myHttpsDomain.com");
//Get public key
auto key = X509_get_pubkey(cert);
auto rsa = EVP_PKEY_get1_RSA(key);
//Encrypt
return RSA_public_encrypt(length, bytesToEncrypt, output, rsa, RSA_PKCS1_PADDING);
}
Decryption - using private key
int MyUtil::DecryptWithPrivateKey(int length, unsigned char* bytesToDecrypt, unsigned char *output){
auto filePath = "C:\\myCertificateWithPrivateAndPublicKey.pfx";
auto pass = "MySecretPassword";
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
#pragma warning (disable : 4996) //MS complains about fopen
if (!(fp = fopen(filePath, "rb"))) {
fprintf(stderr, "Error opening file %s\n", filePath);
exit(1);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (!p12) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
//Parse PKCS12 (PFX) file in order to get private key
if (!PKCS12_parse(p12, pass, &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
PKCS12_free(p12);
//Decrypt
auto rsa = EVP_PKEY_get1_RSA(pkey);
int sizeOfDecryptedData;
if (sizeOfDecryptedData = RSA_private_decrypt(length, bytesToDecrypt, output, rsa, RSA_PKCS1_PADDING) == -1)
{
auto err = new char;
ERR_load_crypto_strings();
ERR_error_string(ERR_get_error(), err);
fprintf(stderr, "Error encrypting message: %s\n", err);
//--> error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
delete err;
}
sk_X509_pop_free(ca, X509_free);
X509_free(cert);
EVP_PKEY_free(pkey);
fclose(fp);
return sizeOfDecryptedData;
}
我也尝试通过 PEM 格式加载私钥然后解密
int MyUtil::DecryptWithPrivateKey(int length, unsigned char* bytesToDecrypt, unsigned char *output){
char *private_key_file_name = "C:\\privatekey.cer";
#pragma warning (disable : 4996) //MS complains about fopen
FILE *fp = fopen(private_key_file_name, "r");
RSA *rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if (sizeOfDecryptedData = RSA_private_decrypt(length, bytesToDecrypt, output, rsa, RSA_PKCS1_PADDING) == -1)
{
auto err = new char;
ERR_load_crypto_strings();
ERR_error_string(ERR_get_error(), err);
fprintf(stderr, "Error encrypting message: %s\n", err);
//--> error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
delete err;
}
return decryptedBytes;
}