openssl 提供了丰富的RSA 非对称秘钥生成,加密解密相关API与命令行。以下主要介绍到RSA private key与public key的生成。
RSA基础请看:http://www.qmailer.net/archives/216.html
#include <stdio.h>
#include <stdlib.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
/*************************************************************************************
* RSA密钥生成函数
* 1.PEM_write_RSA_PUBKEY() //生成----BEGIN RSA PRIVATE KEY----格式的公钥pem文件
* PEM_write_RSAPublicKey() //生成----BEGIN PUBLIC KEY----格式的公钥pem文件
*
* 2.----BEGIN PUBLIC KEY----格式的公钥pem文件才可以用
**************************************************************************************/
int main()
{
FILE *Private_key_file;
FILE *Public_key_file;
Private_key_file = fopen("./prikey.pem", "w+");
Public_key_file = fopen("./pubkey.pem", "w+");
RSA *rsa = RSA_generate_key(2048, 65537, NULL, NULL);
PEM_write_RSAPrivateKey(Private_key_file, rsa, NULL, NULL, 0, NULL, NULL);
PEM_write_RSA_PUBKEY(Public_key_file,rsa);
RSA_free(rsa);
fclose(Private_key_file);
fclose(Public_key_file);
return 0;
用PEM_write_RSAPrivateKey()生成的2048位private key以.pem文件(base64编码文件)存放并且文件的开头为-----BEGIN RSA PRIVATE KEY-----。
keyu0915@keyu0915:~/CAR/ASE$ vi RSA_genkey.c
keyu0915@keyu0915:~/CAR/ASE$ gcc RSA_genkey.c -o RSA_genkey -lcrypto
keyu0915@keyu0915:~/CAR/ASE$ ./RSA_genkey
keyu0915@keyu0915:~/CAR/ASE$ cat prikey.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtGSju9+6EiaIHUzk0rNmeu97pePYcV+JTvRsa+L+WxloEUeX
cs2bo5gXo04hy3L8Xo1yL+hxHx5drMYymbrEpig3VFd/wv7/J0PYKvmzjaw6mqwP
aNjIsNSAqZRpBtXxK5OY5e4/Sf0v3wYSV3T/2UVS3LBCj6MByfoGyLmBHz2iPgqQ
oulkBTe0MaE/3ApS8GaSW4ySwkg1UNdpRoYsMtZhDsADBuPQ6178UVl6+7uX9nc2
6mAQ21NlInGgM4b2NShysCk5AakVUyGhrIJgxiq9qJPS4Obx49ohuA9YrkGFNk/x
MhedDi29dacpZXLM2AIykEFAbIn/7cSSg+TiHwIDAQABAoIBAHdzsOxmYKtGMpnc
YiWXwEOls2YNMzUXwy+yMN1cCXw/nabbllDiD67LttNfmIdFFBJ0bWmF7OpjTDpt
X/JmN3Oja8gAzMxN2J2iklEa2if1JTVovCd8baCShsRETyvEnZdyfCu9kNEow/tV
5O1ev1CbVBxo5xqAIV4inz1pgTQymcC0TXgNBcAfJsit9Qsh0viHslC1IaD6urR0
eK6/LUaeX/tJpteHhQzzIzRCZV9c5g82c2azIue6vr4c0b6AOBGUiWFBMSuIVqJA
ZWFmJpMQAIgOetOvJgERfFTuLGbhmbSsfSAhtR2zquQj/1iRskIP4BxuNMMiVuOC
etMpxaECgYEA5PcE35Tewf4PM2YWAkpV3CBDzV10qkT6PYfCPF0JtjAwb/sG8BON
IyIidgDfq1nC8SbxU3TqO2r7oACCk+pdM9HXqlfQhglnQFGUVt4n/Qn3uSrJlwJF
LqQ1Ia8piz1QR8+1vw3Q8ELKPhKjQhhe2pv6iv/lDykfVfwa/WAt/vECgYEAybFt
s8QtS/jdjnnWiYxO4Fs2lE+4sickK1YCZ2fPCQ/861bbI9+v0k3edruRr8SAqbZZ
TlMeb6VjkjsPcL0IMMWN6hg7hR/IlR891aKLNcfOH32o/lkGZuLkKh8xaIm8Zhi3
YqtY168TGikfdHqnTg3jDlQ6v+3kWUsc8qWmEg8CgYEA4BLi4RAnJIDHTYzlkx4+
gqvMzwlb6FqS726R51NB8tucO6rWclMf97crNILMYjv5LNnoqL0tkjKzyDVXlPxy
dAkz35ALEXHYazirTIwjZF7B4aP/H1roa6nmGW374TmC/JRJEI2r4cXreO3yefex
tI2blzaxa7HZ6eNMYpUiznECgYEAr7ZiszUanVA/fOuKSySwZucwIn9dkd9ltFdn
Gr0mcme6WTC/E37Bxz7Nq7T3VCCmUrQpE4J4Rp3YpEHNztLwesTxQNtBp1WsQrYI
AcFs9DqQyYCJJKVcXXAXhNbODZvJRU0NHunWKXk99BGVdL2SWf7hK8+XqzPONzio
DIDhsGMCgYEAhzS2o44GOqaiXevWqACoCZkVRhxY2iX1UAdZ5/TQP++YgXF1MK+Z
Teq3H2sppwMXwnfkM4u3fx2QE+GfwS/a9mgvRKierf5v28+CMvXqh5/wD2L98868
d+6JjNR1njom4b4VIBQdV45sMHVVoxnRlwA+/LDHvMeR4IOpWZxrLo4=
-----END RSA PRIVATE KEY-----
生成的----BEGIN PUBLIC KEY----开头的公钥.pem文件
keyu0915@keyu0915:~/CAR/ASE$ cat pubkey.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGSju9+6EiaIHUzk0rNm
eu97pePYcV+JTvRsa+L+WxloEUeXcs2bo5gXo04hy3L8Xo1yL+hxHx5drMYymbrE
pig3VFd/wv7/J0PYKvmzjaw6mqwPaNjIsNSAqZRpBtXxK5OY5e4/Sf0v3wYSV3T/
2UVS3LBCj6MByfoGyLmBHz2iPgqQoulkBTe0MaE/3ApS8GaSW4ySwkg1UNdpRoYs
MtZhDsADBuPQ6178UVl6+7uX9nc26mAQ21NlInGgM4b2NShysCk5AakVUyGhrIJg
xiq9qJPS4Obx49ohuA9YrkGFNk/xMhedDi29dacpZXLM2AIykEFAbIn/7cSSg+Ti
HwIDAQAB
-----END PUBLIC KEY-----
注意:使用PEM_write_RSAPublicKey()生成的公钥.pem文件是以----BEGIN RSA PUBLIC KEY---开头,但是用它来加密文件时会出现
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -encrypt -in input.file -inkey pubkey.pem -pubin -out output.file
unable to load Public Key
但是以 PEM_write_RSA_PUBKEY()生成的 ----BEGIN PUBLIC KEY----开头的公钥.pem文件或通过命令行转化成的
----BEGIN RSA PUBLIC KEY---开头
.pem文件都可以正常加密,所以为了避免问题,自己只好使用PEM_write_RSA_PUBKEY()。
加解密:
明文:
keyu0915@keyu0915:~/CAR/ASE$ cat input.file
hellow !I have use RSA encrypto.
公钥加密:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -encrypt -in input.file -inkey pubkey.pem -pubin -out output.file
解密:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -decrypt -in output.file -inkey prikey.pem -out decrypt.file
解密后的文件:
keyu0915@keyu0915:~/CAR/ASE$ cat decrypt.file
hellow !I have use RSA encrypto.
同理以上 ----BEGIN PUBLIC KEY----开头的公钥.pem文件或通过命令行转化成的 ----BEGIN RSA PUBLIC KEY---开头
.pem文件都可以正常加密input.file,并且用同样的私钥(-----BEGIN RSA PRIVATE KEY----开头)来解密。
以上的公钥转化命令行为:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsa -in prikey.pem -RSAPublicKey_out -out pubkey.pem
writing RSA key
keyu0915@keyu0915:~/CAR/ASE$ cat pubkey.pem
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzjluUAqJrBwb3xZhxcCqQxTMLsvFAI0diLugAzPdFRhdLSsX5JuS
y1ec0Qt09s8/C8eM30MJ/jgg/TRtX8xc0s3HdDy5zojTFuGbHeuqn/XyBnk8Z+4s
fPm2V0jk7FpUoUta9x3CQW778604S6uUmnuk2rvDaloxL6/lpK2dHgncir+7J/8A
g2maRFidTGP96NMvT1EuILqQHqUKaXREu91fVKoOT8+MGDus4atj6Z6pJ/yh3c8U
xfsQor/m0GgrpsfIPoQTo/F33j1MIN2puGJsCvMC0eZOxzACtum8FvS03HH3g6fQ
TKq95YcVyz7sdyYZZPM9q3lIevt8ozYiZwIDAQAB
-----END RSA PUBLIC KEY-----