注:下面的代码中用了Map,Base64,log,Result等都为自定义类型,太长就不一一贴出.
- /*
- *
- *
- * 文件名称:Envelop.cpp
- * 摘 要:
- * 数字信封加密与解密
- * 当前版本:1.0
- * 作 者:周绍禹
- * 创建日期:2012年3月4日
- */
- #include "StdAfx.h"
- #include "Envelop.h"
- #include "base64.h"
- #include "Map.h"
- #include <sstream>
- #include "generic.h"
- Envelop::Envelop():CSP_NAME(FEITIAN_CSP_NAME)
- {
- log = new Log("Envelop");
- certMsg = new CertMsg();
- }
- Envelop::~Envelop()
- {
- delete log;
- delete certMsg;
- }
- //-----------------------------------------------------------
- // 函数名称:
- // envelop
- // 参数:
- // - string recCert_base64 用作非对称加密的公钥所对应的证书base64码
- // - string cipher_key_base64 信封加密的目标base64(在项目中也就是对称密钥)
- // 返回:
- // Result*
- // 说明:
- // 会将目标base64码解码,后对得到的二进制数组进行信封加密
- // 成功返回的为包含加密完成的信封base64码,或者返回异常信息
- //-----------------------------------------------------------
- Result* Envelop::envelop(string recCert_base64, string cipher_key_base64)
- {
- // 公钥加密
- //获取证书
- BYTE* rec_cert;
- int length;
- rec_cert = Base64::base64_decode(recCert_base64,length);
- int cipher_size;
- BYTE* msgContent = Base64::base64_decode(cipher_key_base64,cipher_size);
- PCCERT_CONTEXT pRecverCert = NULL;
- if(!(pRecverCert = CertCreateCertificateContext(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- rec_cert,
- length)))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",42,"创建证书上下文失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 45 CertCreateCertificateContext")->error(errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- return result;
- }
- // 设置加密证书
- PCERT_INFO RecipCertArray[1];
- RecipCertArray[0] = pRecverCert->pCertInfo;
- // 设置加密算法
- CRYPT_ALGORITHM_IDENTIFIER ContentEncryptAlgorithm;
- memset(&ContentEncryptAlgorithm, 0, sizeof(ContentEncryptAlgorithm));
- ContentEncryptAlgorithm.pszObjId = szOID_RSA_RC2CBC;
- // 设置信封参数
- CMSG_ENVELOPED_ENCODE_INFO EnvelopedEncodeInfo;
- memset(&EnvelopedEncodeInfo, 0, sizeof(CMSG_ENVELOPED_ENCODE_INFO));
- EnvelopedEncodeInfo.cbSize = sizeof(CMSG_ENVELOPED_ENCODE_INFO);
- EnvelopedEncodeInfo.hCryptProv = NULL;
- EnvelopedEncodeInfo.ContentEncryptionAlgorithm = ContentEncryptAlgorithm;
- EnvelopedEncodeInfo.pvEncryptionAuxInfo = NULL;
- EnvelopedEncodeInfo.cRecipients = 1;
- EnvelopedEncodeInfo.rgpRecipients = RecipCertArray;
- // 获取消息编码的长度
- CRYPT_DATA_BLOB encBlob;
- memset(&encBlob, 0, sizeof(encBlob));
- encBlob.cbData = CryptMsgCalculateEncodedLength(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CMSG_ENVELOPED,
- &EnvelopedEncodeInfo,
- NULL,
- cipher_size);
- if(encBlob.cbData == 0)
- {
- CertFreeCertificateContext(pRecverCert);
- log->error("Envelop.cpp 85 CryptMsgCalculateEncodedLength")->error(getErrorCode());
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",79,"获取信封块大小失败!",errorcode.length()==0?"{}":errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(pRecverCert) CertFreeCertificateContext(pRecverCert);
- return result;
- }
- // 分配编码空间
- encBlob.pbData = (BYTE *) new char[encBlob.cbData];
- if(encBlob.pbData == NULL)
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",107,"分配编码空间失败!",errorcode.length()==0?"{}":errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(pRecverCert) CertFreeCertificateContext(pRecverCert);
- return result;
- }
- HCRYPTMSG hMsg;
- // 编码加密
- hMsg = CryptMsgOpenToEncode(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CMSG_ENVELOPED,
- &EnvelopedEncodeInfo,
- NULL,
- NULL);
- if(hMsg == NULL)
- {
- string errorcode = getErrorCode();
- log->error("Envelop.cpp 119 CryptMsgOpenToEncode")->error(errorcode);
- Result* result = new Result("Envelop.cpp",117,"获取信封块大小失败!",errorcode.length()==0?"{}":errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(pRecverCert) CertFreeCertificateContext(pRecverCert);
- return result;
- }
- // 添加数据
- if(!CryptMsgUpdate(
- hMsg,
- msgContent,
- cipher_size,
- TRUE))
- {
- string errorcode = getErrorCode();
- log->error("Envelop.cpp 138 CryptMsgUpdate")->error(errorcode);
- Result* result = new Result("Envelop.cpp",141,"添加数据失败!",errorcode.length()==0?"{}":errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(pRecverCert) CertFreeCertificateContext(pRecverCert);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 获取加密结果
- if(!CryptMsgGetParam(
- hMsg,
- CMSG_CONTENT_PARAM,
- 0,
- encBlob.pbData,
- &encBlob.cbData))
- {
- string errorcode = getErrorCode();
- log->error("Envelop.cpp 156 CryptMsgGetParam")->error(errorcode);
- Result* result = new Result("Envelop.cpp",157,"获得加密失败!",errorcode.length()==0?"{}":errorcode);
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(pRecverCert) CertFreeCertificateContext(pRecverCert);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- string baseEnc = Base64::base64_encode(encBlob.pbData,encBlob.cbData);
- // 清理
- if(rec_cert) delete[] rec_cert;
- if(msgContent) delete[] msgContent;
- if(encBlob.pbData) delete [] encBlob.pbData;
- if(hMsg != NULL)
- CryptMsgClose(hMsg);
- if(pRecverCert != NULL)
- CertFreeCertificateContext(pRecverCert);
- Result* result = new Result(baseEnc);
- return result;
- }
- //-----------------------------------------------------------
- // 函数名称:
- // develop
- // 参数:
- // - string env_base64 加密的信封base64码
- // - BYTE* target_SN_blob 用来解密的数字证书序列号字节数组
- // - int cblob 用来解密的数字证书序列号字节数组大小
- // 返回:
- // Result*
- // 说明:
- // 通过序列号查找到用来解密的证书,并获取私钥用作解密信封
- // 成功返回的为包含目标的base64码(即对称密钥的Base64码),或者异常信息
- //-----------------------------------------------------------
- Result* Envelop::develop(string enc_base64,BYTE* target_SN_blob,int cblob)
- {
- int encLen;
- BYTE* encBYTE;
- encBYTE = Base64::base64_decode(enc_base64,encLen);
- HCRYPTPROV hProv;
- if(!CryptAcquireContext(&hProv,
- NULL,
- CSP_NAME,
- PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
- {
- DWORD dwLastErr = GetLastError();
- if(encBYTE) delete[] encBYTE;
- if(NTE_BAD_KEYSET == dwLastErr)
- {
- Result* result = new Result("Envelop.cpp",202,"密钥库不存在,或者访问被拒绝!","{}");
- return result;
- }
- else{
- if(!CryptAcquireContext(&hProv,
- NULL,
- this->CSP_NAME,
- PROV_RSA_FULL,
- CRYPT_NEWKEYSET))
- {
- Map* map = new Map(1);
- map->put("errcode",dwLastErr);
- string errcode = map->toString();
- delete map;
- Result* result = new Result("Envelop.cpp",216,"密钥库已存在,创建密钥库失败!",errcode);
- return result;
- }
- }
- }
- HCRYPTMSG hMsg = NULL;
- hMsg = CryptMsgOpenToDecode(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- 0,
- NULL,
- NULL,
- NULL);
- if(hMsg == NULL)
- {
- string errorcode = getErrorCode();
- log->error("Envelop.cpp 239 CryptMsgOpenToDecode")->error(errorcode);
- Result* result = new Result("Envelop.cpp",239,"获取解码句柄失败!",errorcode.length()==0?"{}":errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- return result;
- }
- if(!CryptMsgUpdate(
- hMsg,
- encBYTE,
- encLen + 1,
- TRUE))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",247,"解码失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 257 CryptMsgUpdate")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 消息类型
- DWORD dwType = 0;
- DWORD dwSize = sizeof(dwType);
- if(!CryptMsgGetParam(
- hMsg,
- CMSG_TYPE_PARAM,
- 0,
- &dwType,
- &dwSize))
- {
- CryptMsgClose(hMsg);
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",263,"解码失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 276 CryptMsgGetParam")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 校验消息类型
- if (dwType != CMSG_ENVELOPED)
- {
- Result* result = new Result("Envelop.cpp",274,"消息类型错误!","{}");
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 消息格式
- char szTypeName[1024];
- dwSize = 1024;
- if(!CryptMsgGetParam(
- hMsg,
- CMSG_INNER_CONTENT_TYPE_PARAM,
- 0,
- szTypeName,
- &dwSize))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",287,"获取消息格式失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 306 CryptMsgGetParam")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 检查消息格式
- if(strcmp(szTypeName, szOID_PKCS_7_DATA) != 0)
- {
- Result* result = new Result("Envelop.cpp",287,"消息格式错误!","{}");
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- // 请求证书私钥服务
- HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hKeyProv = NULL;
- DWORD dwKeyType = 0;
- BOOL bFreeKeyProv = FALSE;
- Result* result_privateKey = certMsg->acquirePrivateKey(hProv,target_SN_blob,cblob,&hKeyProv,&dwKeyType);
- if(!result_privateKey->isSuccess())
- {
- log->error("Envelop.cpp 338 acquirePrivateKey");
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- return result_privateKey;
- }
- if(hKeyProv==NULL)
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",316,"获取私钥服务失败!",errorcode.length()==0?"{}":errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- return result;
- }
- CMSG_CTRL_DECRYPT_PARA para;
- para.cbSize = sizeof (CMSG_CTRL_DECRYPT_PARA);
- para.dwKeySpec = dwKeyType;
- para.hCryptProv = hKeyProv;
- para.dwRecipientIndex = 0;
- if(!CryptMsgControl(
- hMsg,
- 0,
- CMSG_CTRL_DECRYPT,
- ¶))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",335,"解密控制失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 364 CryptMsgControl")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- return result;
- }
- // 获取解密消息大小
- CRYPT_DATA_BLOB sigBlob;
- memset(&sigBlob, 0, sizeof(sigBlob));
- if(!CryptMsgGetParam(
- hMsg,
- CMSG_CONTENT_PARAM,
- 0,
- NULL,
- &sigBlob.cbData))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",351,"获取解密消息大小失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 382 CryptMsgGetParam")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- return result;
- }
- // 分配内存
- sigBlob.pbData = new BYTE[sigBlob.cbData];
- if(sigBlob.pbData == NULL)
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",366,"分配内存空间失败!",errorcode.length()==0?"{}":errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- return result;
- }
- // 获取解码消息
- if(!CryptMsgGetParam(
- hMsg,
- CMSG_CONTENT_PARAM,
- 0,
- sigBlob.pbData,
- &sigBlob.cbData))
- {
- string errorcode = getErrorCode();
- Result* result = new Result("Envelop.cpp",377,"获取解码消息失败!",errorcode.length()==0?"{}":errorcode);
- log->error("Envelop.cpp 411 CryptMsgGetParam")->error(errorcode);
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- return result;
- }
- sigBlob.pbData[sigBlob.cbData]='\0';
- // 清理解密过程数据
- if(encBYTE) delete[] encBYTE;
- if(hProv) CryptReleaseContext(hProv, 0);
- if(hMsg) CryptMsgClose(hMsg);
- if(hKeyProv) CryptReleaseContext(hKeyProv, 0);
- string text = Base64::base64_encode(sigBlob.pbData,sigBlob.cbData);
- Result* result = new Result(text);
- return result;
- }
------------------------------下面为刚接触的版本,上面为修改后的版本--------------------------
代码有待修改
信封加密与解密
- #include "Base.h" //Base64转码
- #include <comdef.h>
- #include <stdio.h>
- #include <conio.h>
- #include <windows.h>
- #include <wincrypt.h>
- #include <iostream>
- using namespace std;
- #define TEST_CSP_NAME "FEITIAN ePassNG RSA Cryptographic Service Provider" //飞天CSP
- //加密信封
- STDMETHODIMP CEnvelop::Envelop(BSTR recCert_base64_bstr, BSTR plainText_bstr, BSTR* envelopedData)
- {
- string recCert_base64 = _bstr_t(recCert_base64_bstr);
- string plainText = _bstr_t(plainText_bstr);
- // TODO: Add your implementation code here
- // 公钥加密
- //获取证书
- BYTE* rec_cert;
- string rec_cstrCert_base64 = recCert_base64;
- string rec_decodeCert = base64_decode(rec_cstrCert_base64);
- int rec_certLen = rec_decodeCert.size();
- rec_cert = new BYTE[rec_certLen] ;
- for(int i = 0; i < rec_certLen; ++i)
- {
- rec_cert[i] = (byte)rec_decodeCert[i];
- }
- rec_cert[rec_certLen] = '\0';
- PCCERT_CONTEXT pRecverCert = NULL;
- if(pRecverCert = CertCreateCertificateContext(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, // The encoding type
- rec_cert, // The encoded data from
- // the certificate retrieved
- rec_certLen)) // The length of the encoded data
- {
- printf("A new certificate has been created.\n");
- // Use the certificate context as needed.
- // ...
- }
- else
- {
- printf("A new certificate could not be created.\n");
- }
- // 设置加密证书
- PCERT_INFO RecipCertArray[1];
- RecipCertArray[0] = pRecverCert->pCertInfo;
- // 设置加密算法
- CRYPT_ALGORITHM_IDENTIFIER ContentEncryptAlgorithm;
- memset(&ContentEncryptAlgorithm, 0, sizeof(ContentEncryptAlgorithm));
- ContentEncryptAlgorithm.pszObjId = szOID_RSA_RC2CBC;
- // 设置信封参数
- CMSG_ENVELOPED_ENCODE_INFO EnvelopedEncodeInfo;
- memset(&EnvelopedEncodeInfo, 0, sizeof(CMSG_ENVELOPED_ENCODE_INFO));
- EnvelopedEncodeInfo.cbSize = sizeof(CMSG_ENVELOPED_ENCODE_INFO);
- EnvelopedEncodeInfo.hCryptProv = NULL;
- EnvelopedEncodeInfo.ContentEncryptionAlgorithm = ContentEncryptAlgorithm;
- EnvelopedEncodeInfo.pvEncryptionAuxInfo = NULL;
- EnvelopedEncodeInfo.cRecipients = 1;
- EnvelopedEncodeInfo.rgpRecipients = RecipCertArray;
- // 获取消息编码的长度
- CRYPT_DATA_BLOB encBlob;
- memset(&encBlob, 0, sizeof(encBlob));
- encBlob.cbData = CryptMsgCalculateEncodedLength(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CMSG_ENVELOPED,
- &EnvelopedEncodeInfo,
- NULL,
- plainText.size());
- if(encBlob.cbData == 0)
- {
- CertFreeCertificateContext(pRecverCert);
- printf("Getting enveloped cbEncodedBlob length failed.");
- }
- printf("Enveloped message size is %d bytes.", encBlob.cbData);
- // 分配编码空间
- encBlob.pbData = (BYTE *) new char[encBlob.cbData];
- if(encBlob.pbData == NULL)
- {
- CertFreeCertificateContext(pRecverCert);
- printf("Memory allocation failed. \n");
- }
- HCRYPTMSG hMsg;
- // 编码加密
- hMsg = CryptMsgOpenToEncode(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, // encoding type
- 0, // flags
- CMSG_ENVELOPED, // message type
- &EnvelopedEncodeInfo, // pointer to structure
- NULL, // szOID_RSA_signedData, // inner content OID
- NULL);
- if(hMsg == NULL)
- {
- delete [] encBlob.pbData;
- CertFreeCertificateContext(pRecverCert);
- printf("The message open to be encode failed. \n");
- }
- BYTE* msgContent;
- int size = plainText.size();
- msgContent = new BYTE[size];
- for(int i=0;i<size;i++){
- msgContent[i]=(BYTE)plainText[i];
- }
- msgContent[size]='\0';
- // 添加数据
- if(!CryptMsgUpdate(
- hMsg, // handle to the message
- msgContent, // pointer to the content
- size, // size of the content
- TRUE)) // last call
- {
- delete [] encBlob.pbData;
- CryptMsgClose(hMsg);
- CertFreeCertificateContext(pRecverCert);
- printf("Enveloped CryptMsgUpdate failed.\n");
- }
- // 获取加密结果
- if(!CryptMsgGetParam(
- hMsg, // handle to the message
- CMSG_CONTENT_PARAM, // parameter type
- 0, // index
- encBlob.pbData, // pointer to the BLOB
- &encBlob.cbData)) // size of the BLOB
- {
- delete [] encBlob.pbData;
- CryptMsgClose(hMsg);
- CertFreeCertificateContext(pRecverCert);
- printf("CryptMsgGetParam enveloped message failed.\n");
- }
- string baseEnc = base64_encode(encBlob.pbData,encBlob.cbData);
- // 清理
- delete [] encBlob.pbData;
- if(hMsg != NULL)
- {
- CryptMsgClose(hMsg);
- hMsg = NULL;
- }
- if(pRecverCert != NULL)
- {
- CertFreeCertificateContext(pRecverCert);
- pRecverCert = NULL;
- }
- CComBSTR bstr(baseEnc.c_str());
- *envelopedData = bstr;
- return S_OK;
- }
- //解密信封
- STDMETHODIMP CEnvelop::Develop(BSTR enc_base64_bstr, BSTR* plainText)
- {
- string enc_base64 = _bstr_t(enc_base64_bstr);
- // TODO: Add your implementation code here
- string enc = base64_decode(enc_base64);
- int encLen = enc.size();
- BYTE* encBYTE;
- encBYTE = new BYTE[encLen];
- for(int i=0;i<encLen;i++){
- encBYTE[i]=enc[i];
- }
- encBYTE[encLen]='\0';
- // 准备数据
- HCRYPTPROV hProv;
- // --------------------------------------------------------------------
- // get the CSP handle
- printf("The following phase of this program is signature.\n\n");
- if(CryptAcquireContext(
- &hProv,
- NULL,
- TEST_CSP_NAME,
- PROV_RSA_FULL,
- 0))
- {
- printf("CSP context acquired.\n");
- }
- else //create if not exist
- {
- if(CryptAcquireContext(
- &hProv,
- NULL,
- TEST_CSP_NAME,
- PROV_RSA_FULL,
- CRYPT_NEWKEYSET))
- {
- printf("A new key container has been created.\n");
- }
- else
- {
- }
- }
- // Open
- HCRYPTMSG hMsg = NULL;
- hMsg = CryptMsgOpenToDecode(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, // Encoding type.
- 0, // Flags.
- 0, // Use the default message type which is listed in the message header.
- NULL, // Cryptographic provider. Use NULL for the default provider.
- NULL, // Recipient information.
- NULL); // Stream information.
- if(hMsg == NULL)
- {
- printf("Failed in CryptMsgOpenToDecode.");
- }
- // Update
- if(!CryptMsgUpdate(
- hMsg, // Handle to the message
- encBYTE, // Pointer to the encoded BLOB
- encLen, // Size of the encoded BLOB
- TRUE))
- {
- CryptMsgClose(hMsg);
- printf("Failed in CryptMsgUpdate.");
- }
- // 开始操作解码后的加密数据 ================================
- // 消息类型
- DWORD dwType = 0;
- DWORD dwSize = sizeof(dwType);
- if(!CryptMsgGetParam(
- hMsg, // Handle to the message
- CMSG_TYPE_PARAM, // Parameter type
- 0, // Index
- &dwType, // Buffer
- &dwSize)) // Size of the returned
- {
- CryptMsgClose(hMsg);
- printf("Failed in CryptMsgGetParam for CMSG_TYPE_PARAM.");
- }
- // 校验消息类型
- if (dwType != CMSG_ENVELOPED)
- {
- CryptMsgClose(hMsg);
- printf("Not an enveloped data.");
- }
- // 消息格式
- char szTypeName[1024];
- dwSize = 1024;
- if(!CryptMsgGetParam(
- hMsg, // Handle to the message
- CMSG_INNER_CONTENT_TYPE_PARAM, // Parameter type
- 0, // Index
- szTypeName, // Buffer
- &dwSize)) // Size of the returned
- {
- CryptMsgClose(hMsg);
- printf("Failed in CryptMsgGetParam for CMSG_INNER_CONTENT_TYPE_PARAM.");
- }
- // 检查消息格式
- if(strcmp(szTypeName, szOID_PKCS_7_DATA) != 0)
- {
- // CryptMsgClose(hMsg);
- // printf("The inner content is not szOID_PKCS_7_DATA.");
- }
- // 打开证书库
- HCERTSTORE hCertStore = CertOpenStore(
- CERT_STORE_PROV_SYSTEM, // The store provider type.
- 0, // The encoding type is not needed.
- hProv, // Use the epassNG HCRYPTPROV.
- CERT_SYSTEM_STORE_CURRENT_USER,
- L"MY"
- );
- if(hCertStore == NULL)
- {
- }
- // 查找证书
- PCCERT_CONTEXT hCert = CertFindCertificateInStore(
- hCertStore,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_STR,
- L"周绍禹",
- NULL);
- if(hCert == NULL)
- {
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- }
- /**//*
- BOOL WINAPI CryptAcquireCertificatePrivateKey(
- __in PCCERT_CONTEXT pCert,
- __in DWORD dwFlags,
- __in void* pvReserved,
- __out HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey,
- __out DWORD* pdwKeySpec,
- __out BOOL* pfCallerFreeProvOrNCryptKey
- );
- */
- // 请求证书私钥服务
- HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hKeyProv = NULL;
- DWORD dwKeyType = 0;
- BOOL bFreeKeyProv = FALSE;
- if(!CryptAcquireCertificatePrivateKey(hCert, 0, 0, &hKeyProv, &dwKeyType, &bFreeKeyProv))
- {
- CertFreeCertificateContext(hCert);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- }
- CMSG_CTRL_DECRYPT_PARA para;
- para.cbSize = sizeof (CMSG_CTRL_DECRYPT_PARA);
- para.dwKeySpec = dwKeyType;
- para.hCryptProv = hProv;
- para.dwRecipientIndex = 0;
- if(!CryptMsgControl(
- hMsg, // Handle to the message
- 0, // Flags
- CMSG_CTRL_DECRYPT, // Control type
- ¶)) // Pointer to the CERT_INFO
- {
- CryptMsgClose(hMsg);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- printf("Failed in CryptMsgControl.");
- }
- // 获取解密消息大小
- CRYPT_DATA_BLOB sigBlob;
- memset(&sigBlob, 0, sizeof(sigBlob));
- if(!CryptMsgGetParam(
- hMsg, // Handle to the message
- CMSG_CONTENT_PARAM, // Parameter type
- 0, // Index
- NULL, //
- &sigBlob.cbData)) // Size of the returned
- {
- CryptMsgClose(hMsg);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- printf("Failed in CryptMsgGetParam for CMSG_CONTENT_PARAM.");
- }
- // 分配内存
- sigBlob.pbData = (BYTE *) new char[sigBlob.cbData];
- if(sigBlob.pbData == NULL)
- {
- CryptMsgClose(hMsg);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- printf("Not enough memory.");
- }
- // 获取解码消息
- if(!CryptMsgGetParam(
- hMsg, // Handle to the message
- CMSG_CONTENT_PARAM, // Parameter type
- 0, // Index
- sigBlob.pbData, //
- &sigBlob.cbData)) // Size of the returned
- {
- delete [] sigBlob.pbData;
- CryptMsgClose(hMsg);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- printf("Failed in CryptMsgGetParam for CMSG_CONTENT_PARAM.");
- }
- sigBlob.pbData[sigBlob.cbData]='\0';
- // 清理解密过程数据
- CryptMsgClose(hMsg);
- CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
- printf("Enveloped message decrypt successfully. \n");
- char* text = (char*)sigBlob.pbData;
- CComBSTR bstr(text);
- *plainText = bstr;
- return S_OK;
- }