我编写了一个简单的程序来加载openssl生成的公钥,以解密由公钥的私钥加密的字符串。但是我不知道为什么我失败了
b = CryptDecrypt(hKey,NULL,FALSE,0,pbEncrypt,&cbEncrypt);
而且我收到错误消息“ 8009000D
NTE_NO_KEY
密钥不存在。”。有人可以向我解释吗?
void DecodeString()
{
CHAR* publicKey =
"-----BEGIN PUBLIC KEY-----"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+yyzdZaqcE7qOOZ8pyN"
"o1n3PS2U/ewT2gGSQeixP+VixQGrxnssT3zlbeUND8CVX+tZGwkcIZZD09Rkx9vh"
"z7vLUFD7dngupo/aL6pfehb95citD31DUswc9BTJjQySpSSG6zWDSBJMELDYaCa4"
"MIU7odoCg2EbQBwRWX7upWiR+shyxnPYklY8ZUpVCtIdHXmPO5eMaI1elftqNw1N"
"n/Id4pFFif11Lmny3s3ADfItuyMfTwU6jwgsPaoqrX5FCnurlAVl/mcfpMVpsPju"
"XWw2IlvZP5SkTW4G6V+Bt+xDI6SW3dvMi6gJngHLUKekbhZxcFWuv3hus8ojpo+I"
"mwIDAQAB"
"-----END PUBLIC KEY-----";
BYTE* derPubKey;
DWORD derPubKeyLen;
BOOL b = CryptStringToBinaryA(publicKey, 0, CRYPT_STRING_BASE64HEADER, NULL, &derPubKeyLen, NULL, NULL);
DWORD error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
derPubKey = new BYTE[derPubKeyLen];
b = CryptStringToBinaryA(publicKey, 0, CRYPT_STRING_BASE64HEADER, derPubKey, &derPubKeyLen, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
CERT_PUBLIC_KEY_INFO *publicKeyInfo;
DWORD publicKeyInfoLen;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
b = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, derPubKey, derPubKeyLen, CRYPT_ENCODE_ALLOC_FLAG, NULL, &publicKeyInfo, &publicKeyInfoLen);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
b = CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
b = CryptImportPublicKeyInfo(hProv, X509_ASN_ENCODING, publicKeyInfo, &hKey);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
//same test decrypt
CHAR* sameTest = "nJZ6MN6MIrpbLQiRvfLFIHHzneQBe2rucaKSykXeHgf8Zth5FNPZPdiPhWcHq0/K"
"KgRHv2ON+gPyFbjsdDl2cixPgNGXs1FfI/RvkH+Icn+6rYq5uPBM5oQVriyiWI9/"
"QiC56LP0ooouqLg9e2U5zJmC/ftCODkFyL748Fx3godXzDl1mNB7bx/Ua6Z93KeB"
"OgNvYZH3tcZZYlgoX4GVf4ocO0aZ8pQjEB8p9hMWfIDRCIckDAncy21tHDmWDqZ4"
"H7CZjbdNyaiWe5Cr6+CYs25+r3AdIlXOKWuphgbckKDHh4r7nMX0AX+iHXGjCgkM"
"iwi4yz7wF+Ow/CcGHkAMTQ==";
BYTE* pbEncrypt = 0;
DWORD cbEncrypt = 0;
b = CryptStringToBinaryA(sameTest, 0, CRYPT_STRING_BASE64, NULL, &cbEncrypt, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
pbEncrypt = new BYTE[cbEncrypt];
printf("%s\n",(CHAR*)pbEncrypt);
b = CryptStringToBinaryA(sameTest, 0, CRYPT_STRING_BASE64, pbEncrypt, &cbEncrypt, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
printf("%s\n",(CHAR*)pbEncrypt);
b = CryptDecrypt(hKey,NULL,FALSE,0,pbEncrypt,&cbEncrypt);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
printf("%s\n",(CHAR*)pbEncrypt);
}
最佳答案
您不能使用公钥来解密使用私钥加密的内容。公钥仅用于加密,而私钥仅可用于解密。
从Wikipedia:
[...]公钥加密中使用的区别技术是
使用非对称密钥算法,其中密钥用于加密
消息与用于解密它的密钥不同。每个用户都有一个
一对加密密钥-一个公共加密密钥和一个私有密钥
解密密钥。公开的加密密钥广泛
分布式,而专用解密密钥仅对
接受者。邮件使用收件人的公共密钥加密,并且
只能使用相应的私钥解密。[...]
关于c++ - CryptDecrypt winapi函数出错?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/8272822/