How do I set the private key for signing messages when using ECDSA in OpenSSL programmatically? I have the following code:
如何在OpenSSL中以编程方式使用ECDSA时设置签名消息的私钥?我有以下代码:
static int create_signature(unsigned char* hash)
{
EC_KEY *eckey=NULL;
EC_GROUP *ecgroup=NULL;
EVP_PKEY *evpkey=NULL;
unsigned char *signature=NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int signature_size, block_size;
unsigned char * block=NULL;
ecgroup = get_ec_group_192();
EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
EC_GROUP_set_point_conversion_form(ecgroup, form);
eckey=EC_KEY_new();
EC_KEY_set_group(eckey,ecgroup);
EC_KEY_generate_key(eckey);
evpkey=EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(evpkey,eckey);
signature=OPENSSL_malloc(EVP_PKEY_size(evpkey));
ECDSA_sign(0, hash, sizeof(hash), signature, &signature_size, eckey);
printf("%s", signature);
return 0;
}
The function get_ec_group_192() is created by running openssl ecparam -C -name secp192k1 -genkey which also generates some EC PARAMETERS and a EC PRIVATE KEY.
函数get_ec_group_192()是通过运行openssl ecparam -C -name secp192k1 -genkey创建的,它还生成一些EC参数和一个EC私钥。
What I am trying to do is to encrypt the message contained in hash with my private key so that only public key can decrypt it. Is that possible with the above code, or am I doing this completely wrong?
我要做的是用我的私钥加密包含在散列中的消息,这样只有公钥才能解密它。以上代码是否可行,或者我做的完全错误?
1 个解决方案
#1
6
The following verifies successfully for me:
以下为我成功验证:
//compiled with gcc -g -lssl -UOPENSSL_NO_EC SO2228860.c -lcrypto
#include <openssl/ec.h> // for EC_GROUP_new_by_curve_name, EC_GROUP_free, EC_KEY_new, EC_KEY_set_group, EC_KEY_generate_key, EC_KEY_free
#include <openssl/ecdsa.h> // for ECDSA_do_sign, ECDSA_do_verify
#include <openssl/obj_mac.h> // for NID_secp192k1
static int create_signature(unsigned char* hash)
{
int function_status = -1;
EC_KEY *eckey=EC_KEY_new();
if (NULL == eckey)
{
printf("Failed to create new EC Key\n");
function_status = -1;
}
else
{
EC_GROUP *ecgroup= EC_GROUP_new_by_curve_name(NID_secp192k1);
if (NULL == ecgroup)
{
printf("Failed to create new EC Group\n");
function_status = -1;
}
else
{
int set_group_status = EC_KEY_set_group(eckey,ecgroup);
const int set_group_success = 1;
if (set_group_success != set_group_status)
{
printf("Failed to set group for EC Key\n");
function_status = -1;
}
else
{
const int gen_success = 1;
int gen_status = EC_KEY_generate_key(eckey);
if (gen_success != gen_status)
{
printf("Failed to generate EC Key\n");
function_status = -1;
}
else
{
ECDSA_SIG *signature = ECDSA_do_sign(hash, strlen(hash), eckey);
if (NULL == signature)
{
printf("Failed to generate EC Signature\n");
function_status = -1;
}
else
{
int verify_status = ECDSA_do_verify(hash, strlen(hash), signature, eckey);
const int verify_success = 1;
if (verify_success != verify_status)
{
printf("Failed to verify EC Signature\n");
function_status = -1;
}
else
{
printf("Verifed EC Signature\n");
function_status = 1;
}
}
}
}
EC_GROUP_free(ecgroup);
}
EC_KEY_free(eckey);
}
return function_status;
}
int main( int argc , char * argv[] )
{
unsigned char hash[] = "c7fbca202a95a570285e3d700eb04ca2";
int status = create_signature(hash);
return(0) ;
}
#1
6
The following verifies successfully for me:
以下为我成功验证:
//compiled with gcc -g -lssl -UOPENSSL_NO_EC SO2228860.c -lcrypto
#include <openssl/ec.h> // for EC_GROUP_new_by_curve_name, EC_GROUP_free, EC_KEY_new, EC_KEY_set_group, EC_KEY_generate_key, EC_KEY_free
#include <openssl/ecdsa.h> // for ECDSA_do_sign, ECDSA_do_verify
#include <openssl/obj_mac.h> // for NID_secp192k1
static int create_signature(unsigned char* hash)
{
int function_status = -1;
EC_KEY *eckey=EC_KEY_new();
if (NULL == eckey)
{
printf("Failed to create new EC Key\n");
function_status = -1;
}
else
{
EC_GROUP *ecgroup= EC_GROUP_new_by_curve_name(NID_secp192k1);
if (NULL == ecgroup)
{
printf("Failed to create new EC Group\n");
function_status = -1;
}
else
{
int set_group_status = EC_KEY_set_group(eckey,ecgroup);
const int set_group_success = 1;
if (set_group_success != set_group_status)
{
printf("Failed to set group for EC Key\n");
function_status = -1;
}
else
{
const int gen_success = 1;
int gen_status = EC_KEY_generate_key(eckey);
if (gen_success != gen_status)
{
printf("Failed to generate EC Key\n");
function_status = -1;
}
else
{
ECDSA_SIG *signature = ECDSA_do_sign(hash, strlen(hash), eckey);
if (NULL == signature)
{
printf("Failed to generate EC Signature\n");
function_status = -1;
}
else
{
int verify_status = ECDSA_do_verify(hash, strlen(hash), signature, eckey);
const int verify_success = 1;
if (verify_success != verify_status)
{
printf("Failed to verify EC Signature\n");
function_status = -1;
}
else
{
printf("Verifed EC Signature\n");
function_status = 1;
}
}
}
}
EC_GROUP_free(ecgroup);
}
EC_KEY_free(eckey);
}
return function_status;
}
int main( int argc , char * argv[] )
{
unsigned char hash[] = "c7fbca202a95a570285e3d700eb04ca2";
int status = create_signature(hash);
return(0) ;
}