openssl aes加解密的使用

快速链接:
.
👉👉👉 个人博客笔记导读目录(全部) 👈👈👈

• 付费专栏-付费课程 【购买须知】:
• ARMv8/ARMv9架构精选系列–目录 👈👈👈
• ARMV8/ARMV9/Trustzone/TEE安全课程👈👈👈

1、先写一个用于生产二进制文件的工具
使用说明：新建main.c，将代码拷贝到main.c中，在linux环境下执行gcc main.c -o x，输出可执行文件x

#include <stdio.h>

int write_the_same_datas(char *name,unsigned int len,char value)
{
	FILE *fp;
	int i;
	
	fp = fopen(name,"w");
	if(NULL == fp)
	{
		printf("fopen %s failed\n",(name));
		return -1;
	}
	for(i=0;i<len;i++)
		fputc(value,fp);
	fclose(fp);
}

int write_the_increase_datas(char *name,unsigned int len,char start,char end)
{
	FILE *fp;
	int i,x;
	
	fp = fopen(name,"w");
	if(NULL == fp)
	{
		printf("fopen %s failed\n",(name));
		return -1;
	}
	
	if(start > end)
	{
		printf("start is smaller end!! error!!\n");
	}
	
	x=start;
	for(i=0;i<len;i++)
	{
		fputc(x,fp);
		if(x == end)
			x = start;
		else
			x++;
	}
	fclose(fp);
}

int write_the_decrease_datas(char *name,unsigned int len,char start,char end)
{
	FILE *fp;
	int i,x;
	
	fp = fopen(name,"w");
	if(NULL == fp)
	{
		printf("fopen %s failed\n",(name));
		return -1;
	}
	
	if(start < end)
	{
		printf("start is bigger end!! error!!\n");
	}
	
	x=start;
	for(i=0;i<len;i++)
	{
		fputc(x,fp);
		if(x == end)
			x = start;
		else
			x--;
	}
	fclose(fp);
}

int main(int argc, char *argv[])
{
	unsigned int len;
	char *cmd,*filename;
	unsigned int value,start,end;
	
	filename = argv[1];
	cmd = argv[2]; // increase decrease same
	sscanf(argv[3],"0x%x",&len);

	if (memcmp(cmd,"increase",8) == 0) {
		sscanf(argv[4],"0x%x",&start);
		sscanf(argv[5],"0x%x",&end);
		write_the_increase_datas(filename,len,(unsigned char)(start & 0xff),(unsigned char)(end & 0xff));
		return 0;
	}
	else if (memcmp(cmd,"decrease",8) == 0) {
		sscanf(argv[4],"0x%x",&start);
		sscanf(argv[5],"0x%x",&end);
		write_the_decrease_datas(filename,len,(unsigned char)(start & 0xff),(unsigned char)(end & 0xff));
		return 0;
	}
	else if (memcmp(cmd,"same",4) == 0) {
		sscanf(argv[4],"0x%x",&value);
		write_the_same_datas(filename,len,(unsigned char)(value & 0xff));
	}
}

2、生产加解密使用的源文件
（1） 生成输入文件
(如生成一个长度为16bytes的文件，文件内容全是0x3)
./x “in-16.data” same 0x10 0x3

（2） 生成输入key文件
(如生成一个长度为16bytes的文件，文件内容全是0x0-0xf递增)
./x “key-16.data” increase 0x10 0x0 0xf

3、使用openssl命令，执行加密操作
（如ECB加密，key-256）
openssl enc -aes-256-ecb -in in-16.data -K 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -out enc.log && md5sum enc.log

enc.log中的内容，就是ECB加密后的内容了，注意该输出文件enc.log在尾端会多产生16bytes，可以使用如下命令去尾端：
name=“enc.log”;a=ls $name -l | awk '{print $5}';b=$[$a-16];head -c $b $name>out.log

这样out.log中的数据，就是加密后的数据了

hash计算：
openssl sha -sha256 filename
SHA256(filename)= e3fdd945d31029a1d0937cd8f0d23407

$ openssl sha -h
unknown option ‘-h’
options are
-c to output the digest with separating colons
-r to output the digest in coreutils format
-d to output debug info
-hex output as hex dump
-binary output in binary form
-hmac arg set the HMAC key to arg
-non-fips-allow allow use of non FIPS digest
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-out filename output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v signature parameter
-hmac key create hashed MAC with key
-mac algorithm create MAC (not neccessarily HMAC)
-macopt nm:v MAC algorithm parameters or key
-engine e use engine e, possibly a hardware device.
-md4 to use the md4 message digest algorithm
-md5 to use the md5 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
-sha to use the sha message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-whirlpool to use the whirlpool message digest algorithm

2、使用RSA密钥进行签名验证操作
https://www.linuxidc.com/Linux/2016-04/130492.htm
/摘要算法选取sha256，密钥RSA密钥，对file.txt进行签名/
linuxidc@linuxidc:~/test$ openssl dgst -sign RSA.pem -sha256 -out sign.txt file.txt
/使用RSA密钥验证签名(prverify参数)，验证成功/
linuxidc@linuxidc:~/test$ openssl dgst -prverify RSA.pem -sha256 -signature sign.txt file.txt
Verified OKt
/从密钥中提取公钥/
linuxidc@linuxidc:~/test$ openssl rsa -in RSA.pem -out pub.pem -pubout
writing RSA key
/使用RSA公钥验证签名(verify参数)，验证成功/
linuxidc@linuxidc:~/test$ openssl dgst -verify pub.pem -sha256 -signature sign.txt file.txt
Verified OK

---

《ARMv8/ARMv9架构学习系列课程》全系列，共计52节课，超16h的视频课程