问题描述
我正在尝试用C ++签名文本,然后在命令行中进行验证.我正在使用OpenSSL库.这是我生成密钥的命令行:
I'm trying to sign a text in C++ and then verify it in the command line. I'm using OpenSSL libraries. This is my command line for key generation:
openssl genrsa -out key.pem 1024
现在我有了我的私钥.然后,这就是我登录命令行的方式:
Now I have my private key. Then this is how I do to sign in command line:
echo "hola" | openssl rsautl -pkcs -sign -inkey key.pem > sign.txt
这时似乎一切正常,现在我在sign.txt中登录了.现在,我试图在C中做同样的事情.这是我的代码:
At this point all works like it seems to be, now I have a sign in sign.txt.Now I'm trying to do the same in C... This is my code:
RSA * rsaPrivKey;
RSA * createRSAWithFilename (const char * filename, int publicKey)
{
FILE * fp = fopen (filename, "rb");
if (fp == NULL)
{
printf ("Unable to open file %s \n", filename);
return NULL;
}
RSA *rsa = RSA_new ();
if (publicKey)
rsa = PEM_read_RSA_PUBKEY (fp, &rsa, NULL, NULL);
else
rsa = PEM_read_RSAPrivateKey (fp, &rsa, NULL, NULL);
return rsa;
}
void initRSA (void)
{
rsaPrivKey = createRSAWithFilename ("key.pem", 0);
unsigned char text[] = {"hola"};
unsigned char encrypted[4098] = {};
unsigned int outlen;
unsigned char hash[20];
if (!SHA1 (text, sizeof(text), hash)){
printf ("SHA1 failed\n");
exit (0);
}
if (!RSA_sign (NID_sha1, hash, 20, encrypted, &outlen, rsaPrivKey)){
printf ("RSA_sign failed\n");
exit (0);
}
printf ("Result:\n");
for (int a = 0; a < outlen; a++)
printf ("%c", encrypted[a]);
exit (1);
}
当我调用initRSA()时,它会打印生成的签名.....与在命令行中生成的签名不同.
When I call initRSA() it prints the generated signature.. but.. is not the same as in generated in command line.
因为不确定我的sizeof是否使用的是"text"的真实长度,所以我尝试使用length = 4(hola有4个字符)和5(也许计算\ 0),结果不是预期的.
Because not sure about if the sizeof is taking the real length of "text" I tried with length = 4 (hola have 4 chars) and 5 (perhaps computing \0) and the results are not the expected.
我对密码学的知识非常有限.不知道问题出在哪里.
My knowledge in cryptography is very limited.. don't know where is the problem.
推荐答案
显然是因为您使用了错误的命令行.您需要以下命令行,该命令行可计算输入摘要并使用私钥对其进行签名:
Apparently it's because you're using the wrong command line. You want this command line, which computes a digest of your input and signs it using the private key:
echo -n "hola" | openssl dgst -sha1 -binary -sign key.pem >sign.txt
使用pkeyutl还会执行其他一些额外的操作,如下所述:
Using pkeyutl does some other extra stuff as described here: Different signatures when using C routines and openssl dgst, rsautl commands
因此,如果使用我提供的命令行(使用echo -n
以避免添加换行符)并将代码更改为sizeof(text)-1
以跳过空终止符,则应该获得相同的输出.
So if you use the command line I provided (use echo -n
to avoid adding a newline) and change your code to sizeof(text)-1
to skip the null terminator, you should get the same output.
这篇关于OpenSSL C ++ RSA标志与命令行标志不同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!