openssl rsa加密签名

from http://blog.csdn.net/cheng0603/article/details/44491983

要使用rsa加密，本来准备在网上找rsa加密算法，但是找到的c源码都不太好用，后来搜索到openssl库有实现rsa算法的函数，就根据网上搜索的内容，自己封装了几个rsa加密API.

rsa算法原理说明网上有很多，大家可以自行搜索。

下面重点介绍openssl 下rsa加密的实现

参考文章：

http://blog.csdn.net/small_qch/article/details/19330211?utm_source=tuicool

http://www.cnblogs.com/aLittleBitCool/archive/2011/09/22/2185418.html

http://www.cppblog.com/sleepwom/archive/2010/01/11/105418.html

http://bbs.csdn.net/topics/360083130

http://blog.csdn.net/huyiyang2010/article/details/38066273

http://wenku.baidu.com/link?url=y-KjF6NakXZHVGYdjjcM6nRyyjLGZM43B7TbQRAMv2wMLNbdwSlXrrPGZ-RJEFCPNt5qMMtgIupK6qmB7rWZtJ6PhSZfF7i28vHYZohhCSO

http://bbs.csdn.net/topics/290034327

http://blog.csdn.net/sagely/article/details/367125

根据网上搜索及自己亲自代码调试，完成rsa加解密签名

1：输入命令，生成公钥和私钥（1024位）

openssl genrsa -out prikey.pem 1024
openssl rsa -in privkey.pem -pubout -out pubkey.pem

2.  c代码实现

/* rsa.h openssl genrsa -out prikey.pem 1024 openssl rsa -in prikey.pem -pubout -out pubkey.pem */ #include <stdio.h> /*my_rsa_public_encrypt公钥加密与my_rsa_public_encrypt公钥解密配对 公钥加密,读取pubkey.pem来做加密 入参filename,保存公钥的文件名称，src待加密数据，加密数据长度 出参des加密后数据，deslen加密数据长度 src长度大于公钥长度时（RSA_size）,会分段加密。 加密结果des比src长度大,所以需要给des分配比src更大的空间 例如密钥长度（RSA_size）为128，src长度为1~117,加密结果为128个字节。src长度为118~234,加密结果为256字节 */ int my_rsa_public_encrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /*私钥解密,读取prikey.pem来做解密 入参filename,保存公钥的文件名称，src待解密数据，srclen解密数据长度 出参des解密后数据，deslen解密数据长度*/ int my_rsa_prikey_decrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /*my_rsa_prikey_encrypt私钥加密与my_rsa_public_decrypt公钥解密配对 私钥加密,读取prikey.pem来做加密。 入参filename,保存公钥的文件名称，src待加密数据，加密数据长度 出参des加密后数据，deslen加密数据长度 src长度大于公钥长度时（RSA_size）,会分段加密。 加密结果des比src长度大,所以需要给des分配比src更大的空间 例如密钥长度（RSA_size）为128，src长度为1~117,加密结果为128个字节。src长度为118~234,加密结果为256字节 因此des的长度，应该比 RSA_size*（strlen(src)/(RSA_size-11)+1）大才行。 */ int my_rsa_prikey_encrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /* 公钥解密,读取public.pem来做解密 入参filename,保存公钥的文件名称，src待解密数据，srclen解密数据长度 出参des解密后数据，deslen解密数据长度 */ int my_rsa_public_decrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /* my_rsa_prikey_sign私钥签名 入参filename,私钥文件名称； src待签名数据； srclen待签名数据长度 出参des签名结果,返回结果长度为秘钥长度值,需分配比秘钥长度更大的空间，以免内存越界 deslen签名结果长度，初始化为des数组大小 */ int my_rsa_prikey_sign ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /* my_rsa_public_verify公钥签名验证 入参filename,公钥文件名称 src待验数据； srclen待验数据长度 sign签名 signlen签名长度 */ int my_rsa_public_verify ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int signlen ); /* my_EVP_rsa_prikey_sign私钥签名,使用EVP 入参filename,私钥文件名称； src待签名数据； srclen待签名数据长度 出参des签名结果,返回结果长度为秘钥长度值,需分配比秘钥长度更大的空间，以免内存越界 deslen签名数据长度，初始化为des数组大小 */ int my_EVP_rsa_prikey_sign ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ); /* my_EVP_rsa_public_verify公钥签名验证,使用EVP 入参filename,公钥文件名称 src待验数据； srclen待验数据长度 sign签名 signlen签名长度 */ int my_EVP_rsa_public_verify ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int signlen );

 来自CODE的代码片

rsa.h

/*rsa.c*/ #include <openssl/rsa.h> #include <openssl/err.h> #include <openssl/pem.h> #include<stdio.h> #include<string.h> #include"rsa.h" //公钥加密 int my_rsa_public_encrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || des == NULL ) return - 1 ; RSA * r = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { printf ( "fopen [%s] error \n " , filename ); return - 2 ; } if ( PEM_read_RSA_PUBKEY ( fp , & r , 0 , 0 ) == NULL ) { fclose ( fp ); printf ( "PEM_read_RSA_PUBKEY error \n " ); return - 3 ; } fclose ( fp ); //RSA_print_fp(stdout, r, 5); //加密数据最大长度，是秘钥长度-11,加密结果，是RSA_size的返回值。 rsalen = RSA_size ( r ) - 11 ; unsigned char * out = ( unsigned char * ) malloc ( rsalen + 12 ); n = srclen / rsalen ; for ( i = 0 ; i <= n ; i ++ ) { ienclen = ( i != n ? rsalen : srclen % ( rsalen )); if ( ienclen == 0 ) break ; memset ( out , 0 , rsalen + 12 ); ret = RSA_public_encrypt ( ienclen , src + isrclen , out , r , RSA_PKCS1_PADDING ); if ( ret < 0 ) { printf ( "RSA_public_encrypt failed,ret is [%d] \n " , ret ); return - 4 ; } isrclen += ienclen ; memcpy ( des + ideslen , out , ret ); ideslen += ret ; } des [ ideslen ] = 0 ; * deslen = ideslen ; free ( out ); RSA_free ( r ); CRYPTO_cleanup_all_ex_data (); return 0 ; } //私钥解密 int my_rsa_prikey_decrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || des == NULL ) return - 1 ; RSA * r = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { printf ( "fopen [%s] error \n " , filename ); return - 2 ; } if ( PEM_read_RSAPrivateKey ( fp , & r , 0 , 0 ) == NULL ) { fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return - 3 ; } fclose ( fp ); //RSA_print_fp(stdout, r, 5); rsalen = RSA_size ( r ); unsigned char * out = ( unsigned char * ) malloc ( rsalen + 1 ); n = srclen / rsalen ; for ( i = 0 ; i <= n ; i ++ ) { ienclen = ( i != n ? rsalen : srclen % ( rsalen )); if ( ienclen == 0 ) break ; memset ( out , 0 , rsalen + 1 ); ret = RSA_private_decrypt ( ienclen , src + isrclen , out , r , RSA_PKCS1_PADDING ); if ( ret < 0 ) { printf ( "RSA_private_decrypt failed,ret is [%d] \n " , ret ); return - 4 ; } isrclen += ienclen ; memcpy ( des + ideslen , out , ret ); ideslen += ret ; } des [ ideslen ] = 0 ; * deslen = ideslen ; free ( out ); RSA_free ( r ); CRYPTO_cleanup_all_ex_data (); return 0 ; } //私钥加密 int my_rsa_prikey_encrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || des == NULL ) return - 1 ; RSA * r = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { RSA_free ( r ); printf ( "fopen [%s] error \n " , filename ); return - 2 ; } if ( PEM_read_RSAPrivateKey ( fp , & r , 0 , 0 ) == NULL ) { RSA_free ( r ); fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return - 3 ; } fclose ( fp ); //RSA_print_fp(stdout, r, 5); //加密数据最大长度，是秘钥长度-11,加密结果，是RSA_size的返回值。 rsalen = RSA_size ( r ) - 11 ; unsigned char * out = ( unsigned char * ) malloc ( rsalen + 12 ); n = srclen / rsalen ; for ( i = 0 ; i <= n ; i ++ ) { ienclen = ( i != n ? rsalen : srclen % ( rsalen )); if ( ienclen == 0 ) break ; memset ( out , 0 , rsalen + 12 ); ret = RSA_private_encrypt ( ienclen , src + isrclen , out , r , RSA_PKCS1_PADDING ); if ( ret < 0 ) { free ( out ); RSA_free ( r ); printf ( "RSA_private_encrypt failed,ret is [%d] \n " , ret ); return - 4 ; } isrclen += ienclen ; memcpy ( des + ideslen , out , ret ); ideslen += ret ; } des [ ideslen ] = 0 ; * deslen = ideslen ; free ( out ); RSA_free ( r ); CRYPTO_cleanup_all_ex_data (); return 0 ; } //公钥解密 int my_rsa_public_decrypt ( char * filename , unsigned char * src , int srclen , unsigned char * des , int * deslen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || des == NULL ) return - 1 ; RSA * r = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { RSA_free ( r ); printf ( "fopen [%s] error \n " , filename ); return - 2 ; } if ( PEM_read_RSA_PUBKEY ( fp , & r , 0 , 0 ) == NULL ) { RSA_free ( r ); fclose ( fp ); printf ( "PEM_read_RSA_PUBKEY error \n " ); return - 3 ; } fclose ( fp ); //RSA_print_fp(stdout, r, 5); rsalen = RSA_size ( r ); unsigned char * out = ( unsigned char * ) malloc ( rsalen + 1 ); n = srclen / rsalen ; for ( i = 0 ; i <= n ; i ++ ) { ienclen = ( i != n ? rsalen : srclen % ( rsalen )); if ( ienclen == 0 ) break ; memset ( out , 0 , rsalen + 1 ); ret = RSA_public_decrypt ( ienclen , src + isrclen , out , r , RSA_PKCS1_PADDING ); if ( ret < 0 ) { free ( out ); RSA_free ( r ); printf ( "RSA_public_decrypt failed,ret is [%d] \n " , ret ); return - 4 ; } isrclen += ienclen ; memcpy ( des + ideslen , out , ret ); ideslen += ret ; } des [ ideslen ] = 0 ; * deslen = ideslen ; free ( out ); RSA_free ( r ); CRYPTO_cleanup_all_ex_data (); return 0 ; } //私钥签名 int my_rsa_prikey_sign ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int * signlen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || sign == NULL ) return - 1 ; unsigned char hash [ SHA_DIGEST_LENGTH ] = "" ; //unsigned sign_len = sizeof( sign ); RSA * rsa_pri_key = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { RSA_free ( rsa_pri_key ); printf ( "fopen [%s] error \n " , filename ); return - 2 ; } if ( PEM_read_RSAPrivateKey ( fp , & rsa_pri_key , 0 , 0 ) == NULL ) { RSA_free ( rsa_pri_key ); fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return - 3 ; } fclose ( fp ); SHA1 ( src , srclen , hash ); ret = RSA_sign ( NID_sha1 , hash , SHA_DIGEST_LENGTH , sign , signlen , rsa_pri_key ); if ( 1 != ret ) { RSA_free ( rsa_pri_key ); printf ( "RSA_sign err,r is [%d],sign_len is [%d] \n " , ret , signlen ); return - 4 ; } RSA_free ( rsa_pri_key ); return 0 ; } //公钥签名验证 int my_rsa_public_verify ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int signlen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || sign == NULL ) return - 1 ; unsigned char hash [ SHA_DIGEST_LENGTH ] = "" ; RSA * rsa_pub_key = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { RSA_free ( rsa_pub_key ); printf ( "fopen [rsa_private_key] error \n " ); return - 2 ; } if ( ! PEM_read_RSA_PUBKEY ( fp , & rsa_pub_key , 0 , 0 )) { RSA_free ( rsa_pub_key ); fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return - 3 ; } fclose ( fp ); SHA1 ( src , srclen , hash ); ret = RSA_verify ( NID_sha1 , hash , SHA_DIGEST_LENGTH , sign , signlen , rsa_pub_key ); if ( 1 != ret ) { RSA_free ( rsa_pub_key ); printf ( "RSA_verify err,ret is [%d],sign_len is [%d] \n " , ret , signlen ); return - 4 ; } printf ( "RSA_verify ok \n " ); RSA_free ( rsa_pub_key ); return 0 ; } //私钥签名EVP int my_EVP_rsa_prikey_sign ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int * signlen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || sign == NULL ) return - 1 ; //RSA结构体变量 RSA * rsa_pri_key = RSA_new (); FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { printf ( "fopen [rsa_private_key] error \n " ); return ; } if ( ! PEM_read_RSAPrivateKey ( fp , & rsa_pri_key , 0 , 0 )) { fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return ; } fclose ( fp ); //新建一个EVP_PKEY变量 EVP_PKEY * evpKey = EVP_PKEY_new (); if ( evpKey == NULL ) { printf ( "EVP_PKEY_new err \n " ); RSA_free ( rsa_pri_key ); return ; } if ( EVP_PKEY_set1_RSA ( evpKey , rsa_pri_key ) != 1 ) //保存RSA结构体到EVP_PKEY结构体 { printf ( "EVP_PKEY_set1_RSA err \n " ); RSA_free ( rsa_pri_key ); EVP_PKEY_free ( evpKey ); return ; } //摘要算法上下文变量 EVP_MD_CTX mdctx ; //以下是计算签名代码 EVP_MD_CTX_init ( & mdctx ); //初始化摘要上下文 if ( ! EVP_SignInit_ex ( & mdctx , EVP_sha1 (), NULL )) //签名初始化，设置摘要算法，本例为sha1 { printf ( "err \n " ); EVP_PKEY_free ( evpKey ); RSA_free ( rsa_pri_key ); return ; } if ( ! EVP_SignUpdate ( & mdctx , src , srclen )) //计算签名（摘要）Update { printf ( "err \n " ); EVP_PKEY_free ( evpKey ); RSA_free ( rsa_pri_key ); return ; } if ( ! EVP_SignFinal ( & mdctx , sign , signlen , evpKey )) //签名输出 { printf ( "err \n " ); EVP_PKEY_free ( evpKey ); RSA_free ( rsa_pri_key ); return ; } /*printf("消息\"%s\"的签名值是: \n",src); for(i = 0; i < *signlen; i++) { if(i%16==0) printf("\n%08xH: ",i); printf("%02x ", sign[i]); } printf("\n"); */ //释放内存 EVP_PKEY_free ( evpKey ); RSA_free ( rsa_pri_key ); EVP_MD_CTX_cleanup ( & mdctx ); } //公钥签名EVP验证 int my_EVP_rsa_public_verify ( char * filename , unsigned char * src , int srclen , unsigned char * sign , int signlen ) { int ret = 0 , isrclen = 0 , ideslen = 0 , i = 0 , n = 0 , ienclen = 0 , rsalen = 0 ; if ( filename == NULL || src == NULL || sign == NULL ) return - 1 ; //摘要算法上下文变量 EVP_MD_CTX mdctx ; RSA * rsa_pub_key = RSA_new (); //rsa_public_key测试 FILE * fp = NULL ; fp = fopen ( filename , "rt" ); if ( fp == NULL ) { printf ( "fopen [rsa_private_key] error \n " ); return - 2 ; } if ( ! PEM_read_RSA_PUBKEY ( fp , & rsa_pub_key , 0 , 0 )) { fclose ( fp ); printf ( "PEM_read_RSAPrivateKey error \n " ); return - 3 ; } fclose ( fp ); EVP_PKEY * pubKey = EVP_PKEY_new (); //新建一个EVP_PKEY变量 if ( pubKey == NULL ) { printf ( "EVP_PKEY_new err \n " ); RSA_free ( rsa_pub_key ); return - 4 ; } if ( EVP_PKEY_set1_RSA ( pubKey , rsa_pub_key ) != 1 ) //保存RSA结构体到EVP_PKEY结构体 { printf ( "EVP_PKEY_set1_RSA err \n " ); RSA_free ( rsa_pub_key ); EVP_PKEY_free ( pubKey ); return - 5 ; } // printf("\n正在验证签名...\n"); //以下是验证签名代码 EVP_MD_CTX_init ( & mdctx ); //初始化摘要上下文 if ( ! EVP_VerifyInit_ex ( & mdctx , EVP_sha1 (), NULL )) //验证初始化，设置摘要算法，一定要和签名一致。 { printf ( "EVP_VerifyInit_ex err \n " ); EVP_PKEY_free ( pubKey ); RSA_free ( rsa_pub_key ); return - 6 ; } if ( ! EVP_VerifyUpdate ( & mdctx , src , srclen )) //验证签名（摘要）Update { printf ( "err \n " ); EVP_PKEY_free ( pubKey ); RSA_free ( rsa_pub_key ); return - 7 ; } if ( ! EVP_VerifyFinal ( & mdctx , sign , signlen , pubKey )) //验证签名 { printf ( "verify err \n " ); EVP_PKEY_free ( pubKey ); RSA_free ( rsa_pub_key ); return - 8 ; } //else //{ // printf("验证签名正确.\n"); //} EVP_PKEY_free ( pubKey ); RSA_free ( rsa_pub_key ); EVP_MD_CTX_cleanup ( & mdctx ); return 0 ; }

 来自CODE的代码片

rsa.c

/*main.c*/ #include<stdio.h> #include<string.h> #include"rsa.h" int main ( char agrc , char * argv ) { char out [ 1024 ] = "abcdefghigklmnopqrstuvwsyz" ; char rsa [ 1024 ] = "" ; int outlen = 0 , rsalen = 0 ; int ret = 0 ; printf ( "out [%s] \n " , out ); /* ret=my_rsa_prikey_encrypt("prikey.pem",out,strlen(out),rsa,&rsalen); if(ret<0) { printf("my_rsa_prikey_encrypt err [%d]\n",ret); return -1; } printf("my_rsa_prikey_encrypt ok,rsalen is [%d]\n",rsalen); memset(out,0,sizeof(out)); ret=my_rsa_public_decrypt("pubkey.pem",rsa,rsalen,out,&outlen); if(ret<0) { printf("my_rsa_public_decrypt err [%d]\n",ret); return -2; } */ ret = my_rsa_public_encrypt ( "pubkey.pem" , out , strlen ( out ), rsa , & rsalen ); if ( ret < 0 ) { printf ( "my_rsa_public_encrypt err [%d] \n " , ret ); return - 1 ; } printf ( "my_rsa_prikey_encrypt ok,rsalen is [%d] \n " , rsalen ); memset ( out , 0 , sizeof ( out )); ret = my_rsa_prikey_decrypt ( "prikey.pem" , rsa , rsalen , out , & outlen ); if ( ret < 0 ) { printf ( "my_rsa_prikey_decrypt err [%d] \n " , ret ); return - 2 ; } printf ( "out [%s] \n " , out ); return 0 ; }

 来自CODE的代码片

main.c

3.开发过程遇到的问题

  3.1 读取公钥时，使用函数PEM_read_RSA_PUBKEY才能读取成功，使用PEM_read_RSAPublicKey是无法读取的。

 3.2 待加密的数据过长时，需要分段加密。在第一步时生成的密钥长度时1024，1024位=1024bit=128byte，用RSA_size函数得出的是128，

而待加密的数据需要比128小11个字节，所以是117.