PKCS7签名代码

最新推荐文章于 2024-02-25 16:20:08 发布
最新推荐文章于 2024-02-25 16:20:08 发布
阅读量502 收藏 1
点赞数
分类专栏: 源码学习 C/C++ 文章标签: c++
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u013688006/article/details/105299227
版权 
#include <stdlib.h>
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/pkcs7.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#define DATA_LEN 1024

int PKCS7_sign_Me(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, BIO *data, int flags, char*Base64Sign);
int PKCS7_sign_Me(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, BIO *data, int flags, char*Base64Sign)
{
	PKCS7 *P7_sign;
    int i;

    if ((P7_sign = PKCS7_new()) == NULL)
    {
        //ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE);
        return -1;
    }

    if (!PKCS7_set_type(P7_sign, NID_pkcs7_signed))
        goto err;

    if (!PKCS7_content_new(P7_sign, NID_pkcs7_data))
        goto err;

    if (private_key && !PKCS7_sign_add_signer(P7_sign, signcert, private_key, NULL, flags))
    {
        printf("ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNER_ERROR");
        goto err;
    }

    if (!(flags & PKCS7_NOCERTS))
    {
        for (i = 0; i < sk_X509_num(certs); i++)
        {
            if (!PKCS7_add_certificate(P7_sign, sk_X509_value(certs, i)))
                goto err;
        }
    }

    if (flags & PKCS7_DETACHED)
        PKCS7_set_detached(P7_sign, 1);

    if (PKCS7_final(P7_sign, data, flags))
	{
		int li_len = 0;
		char *p_str = NULL;

    	//ASNI转DER编码	
    	if (Asni2Der(P7_sign, &li_len, &p_str) == -1)
    	{
        	return -1;
    	}

    	//Base64编码操作 字符可见
    	unsigned char *per = NULL;
    	EVP_EncodeBlock(Base64Sign, (unsigned char*)*per, li_len);
    	printf("签名完成,Base64 Data =[%s] len = [%d]\n",Base64Sign, li_len);

	}

err:
	PKCS7_free(P7_sign);
	return -1;

}

//签名校验
int PKCS7_SignVerify_Me(char *Base64Sign);
int PKCS7_SignVerify_Me(char *Base64Sign)
{
	//Base64解码操作
    unsigned char lc_Sign_Der[DATA_LEN];
	int li_signB64_len=strlen(Base64Sign);
	int li_len=EVP_DecodeBlock (lc_Sign_Der, Base64Sign, li_signB64_len);
	printf("befor len=%d\n",li_signB64_len);
	while(Base64Sign[--li_signB64_len]== '=')
	li_len--;

	printf("after len=%d\n",li_len);

    //Der2Asni
    PKCS7*p7_Decode_Sign = d2i_PKCS7(NULL, &lc_Sign_Der, li_len);
    if(!p7_Decode_Sign)
    {
        printf("build p7 sign object failed \n");
        return -1;
    }

	//验签
    int li_code = PKCS7_signatureVerify_Me(p7_Decode_Sign);
    if(li_code == -1)
    {
        printf("signatureVerify failed \n");
        return -1;
    }

}

//签名校验
int PKCS7_signatureVerify_Me(PKCS7 *p7_res_sign);
int PKCS7_signatureVerify_Me(PKCS7 *p7_res_sign)
{
	BIO * p7bio_AA = PKCS7_dataDecode(p7_res_sign, NULL,NULL,NULL);
	int len=BIO_ctrl_pending(p7bio_AA);
	if(len <= 0)
	{
		printf("get data length failed\n");
		return -1;
	}
	else
	{
		char decode_data_2[10240]={0};
		int write_len=BIO_read(p7bio_AA, decode_data_2,len);
		printf( "buffer data is %s /n",decode_data_2);
		//获得签名者信息stack
		STACK_OF(PKCS7_SIGNER_INFO) *sk = PKCS7_get_signer_info(p7_res_sign);
		int signCount=sk_PKCS7_SIGNER_INFO_num(sk);
		int li_num=0;
		for(li_num; li_num < sk_PKCS7_SIGNER_INFO_num(sk); li_num++)
		{
			//获得签名者信息
			PKCS7_SIGNER_INFO *signInfo = sk_PKCS7_SIGNER_INFO_value(sk,li_num);
			
			//获得签名者证书
			X509 *cert= PKCS7_cert_from_signer_info(p7_res_sign,signInfo);
			//验证签名
			if(PKCS7_signatureVerify(p7bio_AA, p7_res_sign, signInfo, cert) != 1)
			{
				printf("usignatureVerify Erri/n");
				return -1;
			}
		}
	}
	
	BIO_free(p7bio_AA);
	return 1;
}

//ASNI转DER编码
int Asni2Der(PKCS7* p7, int *li_len, unsigned char**p_str);
int Asni2Der(PKCS7* p7, int *li_len, unsigned char**p_str)
{   
    unsigned char*der = NULL;
    unsigned char*derTmp;
    int len = i2d_PKCS7(p7,NULL);
	der=(unsigned char*)malloc(len);
    if(der == NULL) return -1;
	printf("der code length=%d\n",len);
	memset(der,0,len);
	derTmp=der;
	i2d_PKCS7(p7,(unsigned char **)&derTmp);
    *p_str = der;
    *li_len = len;
    return 0;
}

//测试加签延签流程
int Sign_SignVerify(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, int flags);
int Sign_SignVerify(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, int flags)
{
    char src_data[DATA_LEN];
    memset(src_data, 0x00, DATA_LEN);
    memcpy(src_data, "this is a secret", 16);

	unsigned char Base64Sign[DATA_LEN * 2];
    memset(Base64Sign, 0x00, sizeof(Base64Sign));
    BIO*sign_data=BIO_new(BIO_s_mem());
    BIO_puts(sign_data, src_data);

    //加签
    if (PKCS7_sign_Me(signcert, private_key, certs, sign_data, flags, Base64Sign) == -1)
	{
		return -1;
	}

	if (PKCS7_SignVerify_Me(Base64Sign) == -1)
	{
		return -1;
	}

	return 0;
}

//
//测试签名+数字信封
//int Sign_Enveloped();


int main(int argc, char*argv[])
{
	if(argc < 2)
	{
		printf("low argument\n");
		return -1;
	}
	
    int li_chose = argv[0];

    //读取证书和私钥
    char certfile[256];
	memset(certfile,0x00,sizeof(certfile));
	sprintf(certfile,"/home/wdy/CC/test.pem");

    BIO *infile, *p7bio;
	STACK_OF(X509) *certs = NULL;
	X509 *signcert=NULL;
	const EVP_CIPHER *cipher = NULL;
	if(!(infile=BIO_new_file(certfile,"r")))
		printf("BIO_new_file-ERROR/n");
	if(!(signcert=PEM_read_bio_X509(infile,NULL,NULL,NULL)))
		printf("PEM_read_bio_X509-ERROR/n");
	if(!certs) certs=sk_X509_new_null();
	sk_X509_push(certs,signcert);
	BIO_free(infile);

    EVP_PKEY* private_key = NULL;
    FILE* fp = fopen(certfile, "r");
	if (fp == NULL) 
		return -1;
    else
    {
        private_key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
	    fclose (fp);
    }

	int li_code = 0;
	if(li_chose == 1)
	{
		li_code= Sign_SignVerify(signcert, private_key, certs, PKCS7_NOSMIMECAP | PKCS7_BINARY);
	}
	else if(li_chose == 2)
	{

	}
	else if(li_chose == 3)
	{

	}
	else if(li_chose == 4)
	{

	}
	else
	{
		printf("ERROR!!!!!!\n");
	}
	
    
}
#if 0
int main()
{
	OpenSSL_add_all_algorithms();
	ERR_load_crypto_strings();  
	
	char certfile[256];
	memset(certfile,0x00,sizeof(certfile));
	sprintf(certfile,"/home/wdy/CC/test.pem");
	char src_data[10240];
	memset(src_data, 0x00,sizeof(src_data));
	memcpy(src_data, "AAAAAAAAAAAAAAAAA", 17);
	char Base64Enevloped[10240]={0};
	BIO *infile, *p7bio;
	STACK_OF(X509) *certs = NULL;
	X509 *signcert=NULL;
	const EVP_CIPHER *cipher = NULL;
	if(!(infile=BIO_new_file(certfile,"r")))
		printf("BIO_new_file-ERROR/n");
	if(!(signcert=PEM_read_bio_X509(infile,NULL,NULL,NULL)))
		printf("PEM_read_bio_X509-ERROR/n");
	if(!certs) certs=sk_X509_new_null();
	sk_X509_push(certs,signcert);
	BIO_free(infile);
	if(!cipher) 
	{
	#ifndef OPENSSL_NO_DES
		cipher=EVP_des_ede3_cbc();
	#else
		printf("No cipher selected\n");
	#endif
	}
	
	BIO*p7_data_sign=BIO_new(BIO_s_mem());
	BIO_puts(p7_data_sign, src_data);
	
	FILE* fp = fopen (certfile, "r");
	if (fp == NULL) 
		return -1;
 
	/* Read private key */
	EVP_PKEY* private_key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
	fclose (fp);

	//构造签名
	PKCS7* P7_sign =  PKCS7_sign_Me(signcert, private_key, certs, p7_data_sign, PKCS7_DETACHED | PKCS7_NOSMIMECAP | 0x80);
	if(!P7_sign)
    {
		return -1;
	}		
	
	//ASN1转DER编码
	int len = i2d_PKCS7(P7_sign,NULL);
	unsigned char*der_sign = (unsigned char*)malloc(len);
	printf("sign der code length=%d\n",len);
	memset(der_sign,0,len);
	unsigned char*derTmp = der_sign;
	i2d_PKCS7(P7_sign,(unsigned char **)&derTmp);
	
	/*----测试打印sign----------------------begin-*/
	//转Base64编码(可见字符)
	char Base64encode[10240];
	memset(Base64encode, 0x00, sizeof(Base64encode));
	EVP_EncodeBlock(Base64encode, der_sign, len);
	printf("base lenth =%d, base der[%s]\n",strlen(Base64encode), Base64encode);
	/*----测试打印sign------------------------end-*/
	
	//DER签名数据作为信封的内容,再次加密
	
	BIO*p7_data_enc = BIO_new(BIO_s_mem());
	BIO_write(p7_data_enc, Base64encode, strlen(Base64encode));
	
	//释放空间
	BIO_free(p7_data_sign);
	PKCS7_free(P7_sign);
	free(der_sign);

	
	//数字信封加密
	PKCS7* p7_enveloped=PKCS7_encrypt(certs, p7_data_enc, cipher, 0X80);   
	if(!p7_enveloped)
	{
		printf("PKCS7 encrypt failed\n");
		return-1;
	}
	
	
	//ASN1转DER编码
	len = i2d_PKCS7(p7_enveloped,NULL);
	unsigned char*der=(unsigned char*)malloc(len);
	printf("der code length=%d\n",len);
	memset(der,0,len);
	derTmp=der;
	i2d_PKCS7(p7_enveloped,(unsigned char **)&derTmp);
	//转Base64编码(可见字符)
	EVP_EncodeBlock(Base64Enevloped,der,len);
	
	printf("base lenth =%d,base der[%s]\n",strlen(Base64Enevloped), Base64Enevloped);
	printf("PKCS7 签名+数字信封successed\n");
	
	//需要释放空间
	free(der);
	PKCS7_free(p7_enveloped);
	BIO_free(p7_data_enc);
	
	
	//从Base64编码的密文开始解密--------------------------------------------
	//base64编码转换->DER编码
	char enevlop_dec[10240]={0};
	int len_tmp=strlen(Base64Enevloped);
	len=EVP_DecodeBlock (enevlop_dec,Base64Enevloped,len_tmp);
	printf("befor len=%d\n",len);
	while(Base64Enevloped[--len_tmp]== '=')
	len--;
	
	printf("after len=%d\n",len);
	const unsigned char*p;
	p=enevlop_dec;
	
	//由DER编码的数据解析PKCS7信封
	PKCS7*p7=d2i_PKCS7(NULL,&p,len);
	if(!p7)
	{
		printf("Could not build PKCS7 struct\n");return -1;
	}

    FILE* fd=NULL;
    EVP_PKEY *rsa_privk=NULL;
	if((fd=fopen (certfile,"r")))
	{
	   rsa_privk = PEM_read_PrivateKey (fd,NULL,NULL,NULL);
	   if(!rsa_privk)
	   {
	   	   printf("Could not read private RSA key\n");
		   fclose(fd);
		   return-1;
	   }
	}
	
	//PKCS7_decrypt解密信封
	BIO*out_data=BIO_new(BIO_s_mem());
	
	if(PKCS7_decrypt(p7, rsa_privk, signcert, out_data, 0X80)>0)
		printf("prcs7_decrypt enevlod successed\n");
	
	int	len_l=BIO_ctrl_pending(out_data);
	char *out = NULL;
	out=(char *)OPENSSL_malloc(len_l);
	if(out == NULL)
	{
		printf("Could not malloc memory\n");
		return -1;
	}
	int len_ll=BIO_read(out_data,out,len_l);
	printf("解析签名BASE64数据:[%s], lenth = %d\n",out,len_l);
	
	//base64编码转换->DER编码
	char sign_dec[10240];
	len_tmp=strlen(out);
	len=EVP_DecodeBlock (sign_dec,out,len_tmp);
	printf("decode sign befor len=%d\n",len);
	while(out[--len_tmp]== '=')
	len--;
	
	printf("decode sign after len=%d\n",len);
	p=sign_dec;
	
	//从信封中解密出来签名数据,
	PKCS7*p7_res_sign=d2i_PKCS7(NULL, &sign_dec, len_ll);
	//解Base64再去验签
	
	//OPENSSL_free(out);
	//BIO_free(out_data);
	
	if(!p7_res_sign)
	{
		printf("Could not build PKCS7 sign struct\n");
		return -1;
	}
	int li_code = PKCS7_signatureVerify_Me(p7_res_sign);
	if(li_code == -1)
	{
		return -1;
	}
	return 1;
}
#endif





#include <stdlib.h>
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/pkcs7.h>
#include <openssl/objects.h>
#include <openssl/x509.h>

#define DATA_LEN 1024

int PKCS7_sign_Me(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, BIO *data, int flags, char*Base64Sign);
int PKCS7_sign_Me(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, BIO *data, int flags, char*Base64Sign)
{
	PKCS7 *P7_sign;
    int i;

    if ((P7_sign = PKCS7_new()) == NULL)
    {
        //ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE);
        return -1;
    }

    if (!PKCS7_set_type(P7_sign, NID_pkcs7_signed))
        goto err;

    if (!PKCS7_content_new(P7_sign, NID_pkcs7_data))
        goto err;

    if (private_key && !PKCS7_sign_add_signer(P7_sign, signcert, private_key, NULL, flags))
    {
        printf("ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNER_ERROR");
        goto err;
    }

    if (!(flags & PKCS7_NOCERTS))
    {
        for (i = 0; i < sk_X509_num(certs); i++)
        {
            if (!PKCS7_add_certificate(P7_sign, sk_X509_value(certs, i)))
                goto err;
        }
    }

    if (flags & PKCS7_DETACHED)
        PKCS7_set_detached(P7_sign, 1);

    if (PKCS7_final(P7_sign, data, flags))
	{
		int li_len = 0;
		char *p_str = NULL;

    	//ASNI转DER编码	
    	if (Asni2Der(P7_sign, &li_len, &p_str) == -1)
    	{
        	return -1;
    	}

    	//Base64编码操作 字符可见
    	unsigned char *per = NULL;
    	EVP_EncodeBlock(Base64Sign, (unsigned char*)*per, li_len);
    	printf("签名完成,Base64 Data =[%s] len = [%d]\n",Base64Sign, li_len);

	}

err:
	PKCS7_free(P7_sign);
	return -1;

}

//签名校验
int PKCS7_SignVerify_Me(char *Base64Sign);
int PKCS7_SignVerify_Me(char *Base64Sign)
{
	//Base64解码操作
    unsigned char lc_Sign_Der[DATA_LEN];
	int li_signB64_len=strlen(Base64Sign);
	int li_len=EVP_DecodeBlock (lc_Sign_Der, Base64Sign, li_signB64_len);
	printf("befor len=%d\n",li_signB64_len);
	while(Base64Sign[--li_signB64_len]== '=')
	li_len--;

	printf("after len=%d\n",li_len);

    //Der2Asni
    PKCS7*p7_Decode_Sign = d2i_PKCS7(NULL, &lc_Sign_Der, li_len);
    if(!p7_Decode_Sign)
    {
        printf("build p7 sign object failed \n");
        return -1;
    }

	//验签
    int li_code = PKCS7_signatureVerify_Me(p7_Decode_Sign);
    if(li_code == -1)
    {
        printf("signatureVerify failed \n");
        return -1;
    }

}

//签名校验
int PKCS7_signatureVerify_Me(PKCS7 *p7_res_sign);
int PKCS7_signatureVerify_Me(PKCS7 *p7_res_sign)
{
	BIO * p7bio_AA = PKCS7_dataDecode(p7_res_sign, NULL,NULL,NULL);
	int len=BIO_ctrl_pending(p7bio_AA);
	if(len <= 0)
	{
		printf("get data length failed\n");
		return -1;
	}
	else
	{
		char decode_data_2[10240]={0};
		int write_len=BIO_read(p7bio_AA, decode_data_2,len);
		printf( "buffer data is %s /n",decode_data_2);
		//获得签名者信息stack
		STACK_OF(PKCS7_SIGNER_INFO) *sk = PKCS7_get_signer_info(p7_res_sign);
		int signCount=sk_PKCS7_SIGNER_INFO_num(sk);
		int li_num=0;
		for(li_num; li_num < sk_PKCS7_SIGNER_INFO_num(sk); li_num++)
		{
			//获得签名者信息
			PKCS7_SIGNER_INFO *signInfo = sk_PKCS7_SIGNER_INFO_value(sk,li_num);
			
			//获得签名者证书
			X509 *cert= PKCS7_cert_from_signer_info(p7_res_sign,signInfo);
			//验证签名
			if(PKCS7_signatureVerify(p7bio_AA, p7_res_sign, signInfo, cert) != 1)
			{
				printf("usignatureVerify Erri/n");
				return -1;
			}
		}
	}
	
	BIO_free(p7bio_AA);
	return 1;
}

//ASNI转DER编码
int Asni2Der(PKCS7* p7, int *li_len, unsigned char**p_str);
int Asni2Der(PKCS7* p7, int *li_len, unsigned char**p_str)
{   
    unsigned char*der = NULL;
    unsigned char*derTmp;
    int len = i2d_PKCS7(p7,NULL);
	der=(unsigned char*)malloc(len);
    if(der == NULL) return -1;
	printf("der code length=%d\n",len);
	memset(der,0,len);
	derTmp=der;
	i2d_PKCS7(p7,(unsigned char **)&derTmp);
    *p_str = der;
    *li_len = len;
    return 0;
}

//测试加签延签流程
int Sign_SignVerify(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, int flags);
int Sign_SignVerify(X509 *signcert, EVP_PKEY *private_key, STACK_OF(X509) *certs, int flags)
{
    char src_data[DATA_LEN];
    memset(src_data, 0x00, DATA_LEN);
    memcpy(src_data, "this is a secret", 16);

	unsigned char Base64Sign[DATA_LEN * 2];
    memset(Base64Sign, 0x00, sizeof(Base64Sign));
    BIO*sign_data=BIO_new(BIO_s_mem());
    BIO_puts(sign_data, src_data);

    //加签
    if (PKCS7_sign_Me(signcert, private_key, certs, sign_data, flags, Base64Sign) == -1)
	{
		return -1;
	}

	if (PKCS7_SignVerify_Me(Base64Sign) == -1)
	{
		return -1;
	}

	return 0;
}

//
//测试签名+数字信封
//int Sign_Enveloped();


int main(int argc, char*argv[])
{
	if(argc < 2)
	{
		printf("low argument\n");
		return -1;
	}
	
    int li_chose = argv[0];

    //读取证书和私钥
    char certfile[256];
	memset(certfile,0x00,sizeof(certfile));
	sprintf(certfile,"/home/wdy/CC/test.pem");

    BIO *infile, *p7bio;
	STACK_OF(X509) *certs = NULL;
	X509 *signcert=NULL;
	const EVP_CIPHER *cipher = NULL;
	if(!(infile=BIO_new_file(certfile,"r")))
		printf("BIO_new_file-ERROR/n");
	if(!(signcert=PEM_read_bio_X509(infile,NULL,NULL,NULL)))
		printf("PEM_read_bio_X509-ERROR/n");
	if(!certs) certs=sk_X509_new_null();
	sk_X509_push(certs,signcert);
	BIO_free(infile);

    EVP_PKEY* private_key = NULL;
    FILE* fp = fopen(certfile, "r");
	if (fp == NULL) 
		return -1;
    else
    {
        private_key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
	    fclose (fp);
    }

	int li_code = 0;
	if(li_chose == 1)
	{
		li_code= Sign_SignVerify(signcert, private_key, certs, PKCS7_NOSMIMECAP | PKCS7_BINARY);
	}
	else if(li_chose == 2)
	{

	}
	else if(li_chose == 3)
	{

	}
	else if(li_chose == 4)
	{

	}
	else
	{
		printf("ERROR!!!!!!\n");
	}
	
    
}
#if 0
int main()
{
	OpenSSL_add_all_algorithms();
	ERR_load_crypto_strings();  
	
	char certfile[256];
	memset(certfile,0x00,sizeof(certfile));
	sprintf(certfile,"/home/wdy/CC/test.pem");
	char src_data[10240];
	memset(src_data, 0x00,sizeof(src_data));
	memcpy(src_data, "AAAAAAAAAAAAAAAAA", 17);
	char Base64Enevloped[10240]={0};
	BIO *infile, *p7bio;
	STACK_OF(X509) *certs = NULL;
	X509 *signcert=NULL;
	const EVP_CIPHER *cipher = NULL;
	if(!(infile=BIO_new_file(certfile,"r")))
		printf("BIO_new_file-ERROR/n");
	if(!(signcert=PEM_read_bio_X509(infile,NULL,NULL,NULL)))
		printf("PEM_read_bio_X509-ERROR/n");
	if(!certs) certs=sk_X509_new_null();
	sk_X509_push(certs,signcert);
	BIO_free(infile);
	if(!cipher) 
	{
	#ifndef OPENSSL_NO_DES
		cipher=EVP_des_ede3_cbc();
	#else
		printf("No cipher selected\n");
	#endif
	}
	
	BIO*p7_data_sign=BIO_new(BIO_s_mem());
	BIO_puts(p7_data_sign, src_data);
	
	FILE* fp = fopen (certfile, "r");
	if (fp == NULL) 
		return -1;
 
	/* Read private key */
	EVP_PKEY* private_key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
	fclose (fp);

	//构造签名
	PKCS7* P7_sign =  PKCS7_sign_Me(signcert, private_key, certs, p7_data_sign, PKCS7_DETACHED | PKCS7_NOSMIMECAP | 0x80);
	if(!P7_sign)
    {
		return -1;
	}		
	
	//ASN1转DER编码
	int len = i2d_PKCS7(P7_sign,NULL);
	unsigned char*der_sign = (unsigned char*)malloc(len);
	printf("sign der code length=%d\n",len);
	memset(der_sign,0,len);
	unsigned char*derTmp = der_sign;
	i2d_PKCS7(P7_sign,(unsigned char **)&derTmp);
	
	/*----测试打印sign----------------------begin-*/
	//转Base64编码(可见字符)
	char Base64encode[10240];
	memset(Base64encode, 0x00, sizeof(Base64encode));
	EVP_EncodeBlock(Base64encode, der_sign, len);
	printf("base lenth =%d, base der[%s]\n",strlen(Base64encode), Base64encode);
	/*----测试打印sign------------------------end-*/
	
	//DER签名数据作为信封的内容,再次加密
	
	BIO*p7_data_enc = BIO_new(BIO_s_mem());
	BIO_write(p7_data_enc, Base64encode, strlen(Base64encode));
	
	//释放空间
	BIO_free(p7_data_sign);
	PKCS7_free(P7_sign);
	free(der_sign);

	
	//数字信封加密
	PKCS7* p7_enveloped=PKCS7_encrypt(certs, p7_data_enc, cipher, 0X80);   
	if(!p7_enveloped)
	{
		printf("PKCS7 encrypt failed\n");
		return-1;
	}
	
	
	//ASN1转DER编码
	len = i2d_PKCS7(p7_enveloped,NULL);
	unsigned char*der=(unsigned char*)malloc(len);
	printf("der code length=%d\n",len);
	memset(der,0,len);
	derTmp=der;
	i2d_PKCS7(p7_enveloped,(unsigned char **)&derTmp);
	//转Base64编码(可见字符)
	EVP_EncodeBlock(Base64Enevloped,der,len);
	
	printf("base lenth =%d,base der[%s]\n",strlen(Base64Enevloped), Base64Enevloped);
	printf("PKCS7 签名+数字信封successed\n");
	
	//需要释放空间
	free(der);
	PKCS7_free(p7_enveloped);
	BIO_free(p7_data_enc);
	
	
	//从Base64编码的密文开始解密--------------------------------------------
	//base64编码转换->DER编码
	char enevlop_dec[10240]={0};
	int len_tmp=strlen(Base64Enevloped);
	len=EVP_DecodeBlock (enevlop_dec,Base64Enevloped,len_tmp);
	printf("befor len=%d\n",len);
	while(Base64Enevloped[--len_tmp]== '=')
	len--;
	
	printf("after len=%d\n",len);
	const unsigned char*p;
	p=enevlop_dec;
	
	//由DER编码的数据解析PKCS7信封
	PKCS7*p7=d2i_PKCS7(NULL,&p,len);
	if(!p7)
	{
		printf("Could not build PKCS7 struct\n");return -1;
	}

    FILE* fd=NULL;
    EVP_PKEY *rsa_privk=NULL;
	if((fd=fopen (certfile,"r")))
	{
	   rsa_privk = PEM_read_PrivateKey (fd,NULL,NULL,NULL);
	   if(!rsa_privk)
	   {
	   	   printf("Could not read private RSA key\n");
		   fclose(fd);
		   return-1;
	   }
	}
	
	//PKCS7_decrypt解密信封
	BIO*out_data=BIO_new(BIO_s_mem());
	
	if(PKCS7_decrypt(p7, rsa_privk, signcert, out_data, 0X80)>0)
		printf("prcs7_decrypt enevlod successed\n");
	
	int	len_l=BIO_ctrl_pending(out_data);
	char *out = NULL;
	out=(char *)OPENSSL_malloc(len_l);
	if(out == NULL)
	{
		printf("Could not malloc memory\n");
		return -1;
	}
	int len_ll=BIO_read(out_data,out,len_l);
	printf("解析签名BASE64数据:[%s], lenth = %d\n",out,len_l);
	
	//base64编码转换->DER编码
	char sign_dec[10240];
	len_tmp=strlen(out);
	len=EVP_DecodeBlock (sign_dec,out,len_tmp);
	printf("decode sign befor len=%d\n",len);
	while(out[--len_tmp]== '=')
	len--;
	
	printf("decode sign after len=%d\n",len);
	p=sign_dec;
	
	//从信封中解密出来签名数据,
	PKCS7*p7_res_sign=d2i_PKCS7(NULL, &sign_dec, len_ll);
	//解Base64再去验签
	
	//OPENSSL_free(out);
	//BIO_free(out_data);
	
	if(!p7_res_sign)
	{
		printf("Could not build PKCS7 sign struct\n");
		return -1;
	}
	int li_code = PKCS7_signatureVerify_Me(p7_res_sign);
	if(li_code == -1)
	{
		return -1;
	}
	return 1;
}
#endif

心怀梦想
关注
专栏目录
PKCS#7签名介绍与代码实现
new9232的博客
06-23 253
本文章主要介绍了PKCS#7签名PKCS#7签名数据的结构、PKCS#7 Attach 和 Deatch的区别。并通过OpenSSL,用C代码实现了PKCS#7签名和验签,对签名数据进行了分析。
调用OpenSSL实现数字签名功能例程(二)
求索
01-13 6461
// PKCS7Sign.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include     #include   #include #include #include #include #include #include #include
OPENSSL-PKCS7入门知识介绍
最新发布
记录成长的博客
02-25 2064
数据(data):明文打包type为NID_pkcs7_data,ASN1_OCTET_STRING类型,即为简单的ASN1_STRING数据类型。签名数据(sign):把数据以及签名值打包,其中包括签名者的证书,CRL等,目的为确定发送者的身份。type为NID_pkcs7_signed。PKCS7_SIGNED类型的数据,PKCS7_SIGNED定义如下:/* version 1 */ //版本/* md used */ //摘要算法/* [ 0 ] */ //签名证书。
PKCS7Tool 取得签名工具加载证书库, 取得签名证书链和私钥
二八开的博客
06-29 1886
参考:https://www.oschina.net/code/snippet_1434_1503 /** * @(#)PKCS7Tool.java 1.0 2008-9-23 * Copyright (c) 2008 Bank Of China Software Center * All rights reserved. */ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import ja
PKCS7签名的数字信封
weixin_43432215的博客
12-07 2317
PKCS7签名的数字信封两种不同方法进行解密
PKCS7填充标准代码--C语言实现
奋斗的菜鸟博客
03-10 1801
本文转自:https://blog.csdn.net/IOT2017/article/details/84141461 在AES加密算法中,若加密数据不是16bytes的整倍数,则需要按照一定标准对数据进行填充,使其满足 DataSize % 16 = 0。本文是根据PKCS7标准进行数据填充。 PKCS7 填充标准摘要 PKCS5Padding和PKCS7Padding都是密钥的一种填充方式,即当密钥长度不足时的一种密钥填充方式。PKCS5Padding的填充方式为当密钥长度不足时,缺几位补几个0,
PHP上传文件类型
北极光下
05-10 648
* application/octet-stream //应用程序 323 text/h323 acx application/internet-property-stream ai application/postscript aif audio/x-aiff aifc audio/x-aiff aiff audio/x-aiff asf video/x-ms-asf
PKCS7签名的ASN1格式
02-22
可使用此格式,通过ASN1C生成完整的PKCS7签名C语言代码,实现诸如SM2算法数字签名及验证。 注意,CertificateSerialNumber本来在PKCS7标准ASN1结构中定义为INTEGER类型,但由于ASN1C将INTEGER类型翻译成long,不支持...
C# BouncyCastle实现带原文数据PKCS#7 签名、验签
06-12
在IT领域,安全性和可信性是至关重要的,特别是在网络...文件`BouncyCastlePCKS7`可能包含了实现这个过程的示例代码,通过阅读和理解这些代码,你可以更深入地了解如何在C#中操作BouncyCastle库进行签名和验签操作。
C# BouncyCastle实现带原文数据PKCS#7 签名
02-16
本文将详细讲解如何使用C#语言和BouncyCastle库来实现带原文数据的PKCS#7签名PKCS#7(Public-Key Cryptography Standards #7)是由RSA Security提出的一种标准,它定义了证书、证书撤销列表(CRL)的格式以及...
pkcs7.rar_openssl 签名_openssl pkcs7_openssl数字签名_openssl签名_pkcs7
07-14
利用OpenSSL PKCS7进行数字签名的示例代码,仅供参考
使用数字证书进行PKCS#7数字签名
08-02
越来越多的应用需要我们使用USB接口数字证书进行PKCS#7数字签名。本文分别介绍了使用微软CryptoAPI方式和OpenSSL Engine方式进行数字签名。特别地,提出了OpenSSL Engine简化方式,这种方式更为灵活方便易行。
PKCS7标准签名与验签
05-08
PKCS7标准签名与验签,SHA1算法(项目添加引用System.Security)
pkcs7.rar_pkcs7_return
09-24
2. pkcs7.c:同样是一个C语言源代码文件,与标题中的“pkcs7”相符,这可能是实现PKCS#7标准的部分代码,可能包括了处理签名、证书和消息加密等功能。 3. ahb.h:这是一个头文件,通常包含函数声明、常量定义、...
OpenSSL/GMSSL EVP接口说明——3.4 签名验签
云与山的彼端
04-05 5635
OpenSSL/GMSSL EVP接口说明——3.4 签名验签
OpenSSL库验证PKCS7签名
wangsifu2009的专栏
05-12 9175
使用Crypto库签名和验证签名请参考Crypto库实现PKCS7签名签名验证,可以使用OpenSSL库验证Crypto签名,OpenSSL验证签名可使用简单的代码描述如下: //signature_msg为PKCS7签名串int Openssl_Verify(unsigned char* signature_msg,unsigned int length) { unsigned cha
PKCS#7格式数字签名验证
热门推荐
JoShua 的 水库
01-19 1万+
名词解释       数字签名:在ISO7498-2标准中定义为:"附加在数据单元上的一些数据,或是对数据单元所作的密码变换,这种数据和变换允许数据单元的接收者用以确认数据单元来源和数据单元的完整性,并保护数据,防止被人(例如接收者)进行伪造"。       PKCS#7:也叫做加密消息的语法标准,由RSA安全体系在公钥加密系统中交换数字证书产生的一种加密标准。PKCS#7描述数字证书的语法和其他加密消息——尤其是,数据加密和数字签名的方法,也包含了算法。当使用PKCS#7进行数字签名时,结果包含签名证书(
pkcs1 签名pkcs7 签名
07-22
PKCS#1 签名转换为 PKCS#7 签名可以按照以下步骤进行操作: 1. 首先,确保你已经正确引入了Bouncy Castle库。你可以在项目中添加BC库的JAR文件或者使用构建工具(如Maven)来添加依赖。 2. 导入所需的类: ```...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值