EVP接口生成pem格式的RSA密钥
作者:互联网
1、生成pem格式的密钥,并写入文件。
1)创建RSA公钥加密的上下文,id可以指定国密、RSA、椭圆曲线等算法,e为加密对象,可以传NULL,表示默认值
EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
2)对上下文进行初始化
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
3)设置密钥长度
int EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits)
4)生成密钥,密钥放在ppkey中,这个ppkey需要手动释放;
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
5)将公私钥写入文件中
//从EVP_PKEY中获取RSA对象 struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); //将公钥写入文件 int PEM_write_RSAPublicKey(FILE*fp,const RSA*x); //将私钥写入文件 int PEM_write_RSAPrivateKey(FILE*fp, const RSA* x, const EVP_CIPHER*enc//加密上下文, unsigned char*kstr//密钥, int klen//密钥长度, pem_password_cb*cb//加密回调, void*u//回调用的参数);
生成公私钥,并写入文件代码实现
EVP_PKEY*GenerKey()
{
//1、创建RSA公钥加密上下文,参数1为算法类型
EVP_PKEY_CTX *ctx= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
{
ERR_print_errors_fp(stderr);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
//2、初始化密钥对生成上下文
int ret=EVP_PKEY_keygen_init(ctx);
if (!ret)
{
ERR_print_errors_fp(stderr);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
//设置参数,RSA的密钥位数1024位
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 1024) <= 0)
{
ERR_print_errors_fp(stderr);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
//4、密钥生成
EVP_PKEY *pkey=NULL;
//内部有malloc申请的空间
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{
ERR_print_errors_fp(stderr);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
FILE *fp1 = fopen("./public.pem", "w");
if(!fp1)
{
//出错处理
}
PEM_write_RSAPublicKey(fp1, EVP_PKEY_get0_RSA(pkey));
FILE *fp2 = fopen("./private.pem", "w");
if(!fp2)
{
//出错处理
}
//以明文方式存储
PEM_write_RSAPrivateKey(fp2, EVP_PKEY_get0_RSA(pkey),
NULL,//加密的上下文
NULL,//key
0,//密钥长度
NULL,//回调
NULL //回调参数
);
fclose(fp1);
fclose(fp2);
return pkey;
}
2、加密或者解密
1)把文件中公钥写入RSA对象中;
int PEM_read_RSAPublicKey(FILE*fp, RSA**r, pem_password_cb *cb, void *arg);
2)通过EVP_PKEY生成EVP_PKEY_CTX上下文
//产生EVP_PKEY对象 EVP_PKEY *EVP_PKEY_new(void); //给EVP_PKEY设置RSA密钥 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); //生成EVP_PKEY上下文 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
3)加密
int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);//加密初始化
int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
unsigned char *out//输出空间
, size_t *outlen, //传入传出参数,传入预留空间大小,传出实际大小
const unsigned char *in,//输入数据
size_t inlen /*输入数据大小*/);
加密代码实现
int Encrypto(const unsigned char *in, int in_len, unsigned char *out)
{
//1、读取公钥
FILE *fp = fopen("./public.pem", "r");
RSA *r = NULL;
if (NULL == fp)
{
fclose(fp);
return -1;
}
//把文件中公钥写入到RSA结构体中
PEM_read_RSAPublicKey(fp, &r, NULL, NULL);
fclose(fp);
if (!r)
{
ERR_print_errors_fp(stderr);
return -1;
}
//2、
//密钥长度
int key_size = RSA_size(r);
//2通过EVP_PKEY生成EVP_PKEY_CTX上下文
EVP_PKEY *pkey = EVP_PKEY_new();
//设置为RSA的密钥
EVP_PKEY_set1_RSA(pkey, r);
auto ctx = EVP_PKEY_CTX_new(pkey, NULL);
//3加密初始化
EVP_PKEY_encrypt_init(ctx);
//数据块大小
int block_size = key_size - RSA_PKCS1_PADDING_SIZE;
int out_size = 0;
int i;
//4加密,分块加密
for (i = 0; i < in_len; i += block_size)
{
size_t out_len = key_size;
size_t ensize = block_size;
if (in_len - i < block_size)
ensize = in_len - i;
int ret=EVP_PKEY_encrypt(ctx, out+out_size, &out_len, in+i, ensize);
if (ret <= 0)
{
ERR_print_errors_fp(stderr);
break;
}
out_size += out_len;
}
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
RSA_free(r);
return out_size;
}
解密代码实现
int Decrypto(const unsigned char *in, int in_len, unsigned char *out)
{
//打开pem文件获取私钥
FILE *fp = fopen("./private.pem", "r");
if (!fp)
{
fclose(fp);
return -1;
}
RSA *r = NULL;
//拿私钥
PEM_read_RSAPrivateKey(fp, &r, NULL, NULL);
if (!r)
{
fclose(fp);
RSA_free(r);
}
int key_size = RSA_size(r);
//生成PKEY并创建上下文
EVP_PKEY*pkey = EVP_PKEY_new();
EVP_PKEY_set1_RSA(pkey, r);
auto ctx = EVP_PKEY_CTX_new(pkey,NULL);
EVP_PKEY_free(pkey);
RSA_free(r);
fclose(fp);
//解密
int out_size = 0;
EVP_PKEY_decrypt_init(ctx);
int block_size = key_size;
for (int i = 0; i < in_len; i += block_size)
{
size_t outlen = key_size;//设置输出空间大小;
if (EVP_PKEY_decrypt(ctx, out+out_size, &outlen, in + i, block_size) <= 0)
{
ERR_print_errors_fp(stderr);
return -1;
}
out_size += outlen;
}
EVP_PKEY_CTX_free(ctx);
return out_size;
}
测试
int test01()
unsigned char data[] = "how are you?hello world!i am fine and you";
unsigned char out[512] = { 0 };
unsigned char out2[512] = { 0 };
int data_size = sizeof(data);
auto pkey = GenerKey();
EVP_PKEY_free(pkey);
int outsize = Encrypto(data, data_size, out);
cout << "密文长度:" << outsize << endl;
cout << "密文:" << out << endl;
int out2size = Decrypto(out, outsize, out2);
cout << "解密后的数据:" << out2<<endl;
return 0;
}
标签:PKEY,int,CTX,RSA,pem,EVP,size 来源: https://www.cnblogs.com/xiaoxiaolinux/p/15333109.html