OpenSSL文档阅读笔记-RSA Encryption & Decryption Example with OpenSSL in C

x33g5p2x  于2022-07-10 转载在 其他  
字(8.3k)|赞(0)|评价(0)|浏览(676)

这篇博文有点老了是2014年3月19日的。但效果还是杠杆的。

这篇博文说明如何调用OpenSSL进行RSA加解密。编程语言用的是C。

本博文小节:

①使用OpenSSL生成RSA密钥;

②使用公钥加密,私钥解密;

③使用私钥加密,公钥解密;

④加解密示例代码。

使用OpenSSL生成RSA密钥

使用下面的命令试生产2048位的RSA私钥

openssl genrsa -out private.pem 2048

从私钥中提取公钥:

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

注意生成的证书都是pem格式,这个是用ASCII存的,Base64编码的格式。

使用公钥加密,私钥解密

对应的API函数分别为:

int RSA_public_encrypt(int flen, unsigned char *from,
   unsigned char *to, RSA *rsa, int padding);
 
int RSA_private_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);

这里的编程逻辑是先构造一个RSA结构体:

RSA * createRSA(unsigned char * key,int public)
{
    RSA *rsa= NULL;
    BIO *keybio ;
    keybio = BIO_new_mem_buf(key, -1);
    if (keybio==NULL)
    {
        printf( "Failed to create key BIO");
        return 0;
    }
    if(public)
    {
        rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
    }
    else
    {
        rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
    }
 
    return rsa;
}

这样就能直接创建公钥和私钥了

createRSA(“PUBLIC_KEY_BUFFER”,1);
createRSA(“PRIVATE_KEY_BUFFER”,0);

如果需要保存密钥为文件可以用如下代码:

RSA * createRSAWithFilename(char * filename,int public)
{
    FILE * fp = fopen(filename,"rb");
 
    if(fp == NULL)
    {
        printf("Unable to open file %s \n",filename);
        return NULL;    
    }
    RSA *rsa= RSA_new() ;
 
    if(public)
    {
        rsa = PEM_read_RSA_PUBKEY(fp, &rsa,NULL, NULL);
    }
    else
    {
        rsa = PEM_read_RSAPrivateKey(fp, &rsa,NULL, NULL);
    }
 
    return rsa;
}

公钥加密有如下几种填充方式:

RSA_PKCS1_PADDING:当下最流行的填充方式。

RSA_PKCS1_OAEP_PADDING:推荐目前开发的应用都使用这种加密方式。

RSA_SSLV23_PADDING:与第一种类似,但多出代表服务器支持SSL3.

RSA_NO_PADDING:别用这种,不好。

下面是使用密钥来加密数据:

int padding = RSA_PKCS1_PADDING;
 
int public_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted)
{
    RSA * rsa = createRSA(key,1);
    int result = RSA_public_encrypt(data_len,data,encrypted,rsa,padding);
    return result;
}

私钥解密

使用如下代码进行解密:

int private_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted)
{
    RSA * rsa = createRSA(key,0);
    int  result = RSA_private_decrypt(data_len,enc_data,decrypted,rsa,padding);
    return result;
}

使用私钥加密,公钥解密

私钥加密其实就是签名的过程,下面分别对应私钥加密,公钥解密的API。

int RSA_private_encrypt(int flen, unsigned char *from,
   unsigned char *to, RSA *rsa, int padding);
 
int RSA_public_decrypt(int flen, unsigned char *from,
   unsigned char *to, RSA *rsa, int padding);

私钥加密只支持两种模式:RSA_PKCS1_PADDIN和RSA_NO_PADDING。

私钥加密:

int private_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted)
{
    RSA * rsa = createRSA(key,0);
    int result = RSA_private_encrypt(data_len,data,encrypted,rsa,padding);
    return result;
}

公钥解密:

int public_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted)
{
    RSA * rsa = createRSA(key,1);
    int  result = RSA_public_decrypt(data_len,enc_data,decrypted,rsa,padding);
    return result;
}

加解密示例代码

下面是一个完整的代码:

RSAEncryptionAndDecryption.pro

QT += core
QT -= gui

TARGET = RSAEncryptionAndDecryption
CONFIG += console
CONFIG -= app_bundle

QMAKE_CFLAGS = -fpermissive
QMAKE_CXXFLAGS = -fpermissive
QMAKE_LFLAGS = -fpermissive

INCLUDEPATH += /usr/local/ssl/include
LIBS += -L /usr/local/ssl/lib/ -lssl -lcrypto

TEMPLATE = app

SOURCES += main.cpp

main.cpp

#include <QCoreApplication>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>

int padding = RSA_PKCS1_PADDING;

RSA * createRSA(unsigned char * key,int isPublic)
{
    RSA *rsa= NULL;
    BIO *keybio ;
    keybio = BIO_new_mem_buf(key, -1);
    if (keybio==NULL){

        printf( "Failed to create key BIO");
        return 0;
    }
    if(isPublic){

        rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
    }
    else{

        rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
    }
    if(rsa == NULL){

        printf( "Failed to create RSA");
        return NULL;
    }

    return rsa;
}

int public_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted)
{
    RSA * rsa = createRSA(key,1);
    int result = RSA_public_encrypt(data_len,data,encrypted,rsa,padding);
    return result;
}
int private_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted)
{
    RSA * rsa = createRSA(key,0);
    int  result = RSA_private_decrypt(data_len,enc_data,decrypted,rsa,padding);
    return result;
}

int private_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted)
{
    RSA * rsa = createRSA(key,0);
    int result = RSA_private_encrypt(data_len,data,encrypted,rsa,padding);
    return result;
}
int public_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted)
{
    RSA * rsa = createRSA(key,1);
    int  result = RSA_public_decrypt(data_len,enc_data,decrypted,rsa,padding);
    return result;
}

void printLastError(char *msg)
{
     rchar * err = malloc(130);;
    ERR_load_crypto_strings();
    ERR_error_string(ERR_get_error(), err);
    printf("%s ERROR: %s\n",msg, err);
    free(err);
}

int main(int argc, char *argv[])
{
    char plainText[2048/8] = "Hello this is Ravi"; //key length : 2048

   char publicKey[]="-----BEGIN PUBLIC KEY-----\n"\
  "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8Dbv8prpJ/0kKhlGeJY\n"\
  "ozo2t60EG8L0561g13R29LvMR5hyvGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+\n"\
  "vw1HocOAZtWK0z3r26uA8kQYOKX9Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQAp\n"\
  "fc9jB9nTzphOgM4JiEYvlV8FLhg9yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68\n"\
  "i6T4nNq7NWC+UNVjQHxNQMQMzU6lWCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoV\n"\
  "PpY72+eVthKzpMeyHkBn7ciumk5qgLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUy\n"\
  "wQIDAQAB\n"\
  "-----END PUBLIC KEY-----\n";

   char privateKey[]="-----BEGIN RSA PRIVATE KEY-----\n"\
  "MIIEowIBAAKCAQEAy8Dbv8prpJ/0kKhlGeJYozo2t60EG8L0561g13R29LvMR5hy\n"\
  "vGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+vw1HocOAZtWK0z3r26uA8kQYOKX9\n"\
  "Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQApfc9jB9nTzphOgM4JiEYvlV8FLhg9\n"\
  "yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68i6T4nNq7NWC+UNVjQHxNQMQMzU6l\n"\
  "WCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoVPpY72+eVthKzpMeyHkBn7ciumk5q\n"\
  "gLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUywQIDAQABAoIBADhg1u1Mv1hAAlX8\n"\
  "omz1Gn2f4AAW2aos2cM5UDCNw1SYmj+9SRIkaxjRsE/C4o9sw1oxrg1/z6kajV0e\n"\
  "N/t008FdlVKHXAIYWF93JMoVvIpMmT8jft6AN/y3NMpivgt2inmmEJZYNioFJKZG\n"\
  "X+/vKYvsVISZm2fw8NfnKvAQK55yu+GRWBZGOeS9K+LbYvOwcrjKhHz66m4bedKd\n"\
  "gVAix6NE5iwmjNXktSQlJMCjbtdNXg/xo1/G4kG2p/MO1HLcKfe1N5FgBiXj3Qjl\n"\
  "vgvjJZkh1as2KTgaPOBqZaP03738VnYg23ISyvfT/teArVGtxrmFP7939EvJFKpF\n"\
  "1wTxuDkCgYEA7t0DR37zt+dEJy+5vm7zSmN97VenwQJFWMiulkHGa0yU3lLasxxu\n"\
  "m0oUtndIjenIvSx6t3Y+agK2F3EPbb0AZ5wZ1p1IXs4vktgeQwSSBdqcM8LZFDvZ\n"\
  "uPboQnJoRdIkd62XnP5ekIEIBAfOp8v2wFpSfE7nNH2u4CpAXNSF9HsCgYEA2l8D\n"\
  "JrDE5m9Kkn+J4l+AdGfeBL1igPF3DnuPoV67BpgiaAgI4h25UJzXiDKKoa706S0D\n"\
  "4XB74zOLX11MaGPMIdhlG+SgeQfNoC5lE4ZWXNyESJH1SVgRGT9nBC2vtL6bxCVV\n"\
  "WBkTeC5D6c/QXcai6yw6OYyNNdp0uznKURe1xvMCgYBVYYcEjWqMuAvyferFGV+5\n"\
  "nWqr5gM+yJMFM2bEqupD/HHSLoeiMm2O8KIKvwSeRYzNohKTdZ7FwgZYxr8fGMoG\n"\
  "PxQ1VK9DxCvZL4tRpVaU5Rmknud9hg9DQG6xIbgIDR+f79sb8QjYWmcFGc1SyWOA\n"\
  "SkjlykZ2yt4xnqi3BfiD9QKBgGqLgRYXmXp1QoVIBRaWUi55nzHg1XbkWZqPXvz1\n"\
  "I3uMLv1jLjJlHk3euKqTPmC05HoApKwSHeA0/gOBmg404xyAYJTDcCidTg6hlF96\n"\
  "ZBja3xApZuxqM62F6dV4FQqzFX0WWhWp5n301N33r0qR6FumMKJzmVJ1TA8tmzEF\n"\
  "yINRAoGBAJqioYs8rK6eXzA8ywYLjqTLu/yQSLBn/4ta36K8DyCoLNlNxSuox+A5\n"\
  "w6z2vEfRVQDq4Hm4vBzjdi3QfYLNkTiTqLcvgWZ+eX44ogXtdTDO7c+GeMKWz4XX\n"\
  "uJSUVL5+CVjKLjZEJ6Qc2WZLl94xSwL71E41H4YciVnSCQxVc4Jw\n"\
  "-----END RSA PRIVATE KEY-----\n";

  unsigned char  encrypted[4098]={};
  unsigned char decrypted[4098]={};

  int encrypted_length= public_encrypt(plainText,strlen(plainText),publicKey,encrypted);
  if(encrypted_length == -1)
  {
      printLastError("Public Encrypt failed ");
      exit(0);
  }
  printf("Encrypted length =%d\n",encrypted_length);

  int decrypted_length = private_decrypt(encrypted,encrypted_length,privateKey, decrypted);
  if(decrypted_length == -1)
  {
      printLastError("Private Decrypt failed ");
      exit(0);
  }
  printf("Decrypted Text =%s\n",decrypted);
  printf("Decrypted Length =%d\n",decrypted_length);

  encrypted_length= private_encrypt(plainText,strlen(plainText),privateKey,encrypted);
  if(encrypted_length == -1)
  {
      printLastError("Private Encrypt failed");
      exit(0);
  }
  printf("Encrypted length =%d\n",encrypted_length);

  decrypted_length = public_decrypt(encrypted,encrypted_length,publicKey, decrypted);
  if(decrypted_length == -1)
  {
      printLastError("Public Decrypt failed");
      exit(0);
  }
  printf("Decrypted Text =%s\n",decrypted);
  printf("Decrypted Length =%d\n",decrypted_length);
}

程序运行截图如下:

源码打包下载地址:

Qt/RSAEncryptionAndDecryption at master · fengfanchen/Qt · GitHub

相关文章