Is there a way to use the RSA keys I've generated with the Crypto++ API in OpenSSL? What I am looking for is a way to store the keys in a format that both Crypto++ and OpenSSL can easily open them.
有没有办法使用我在OpenSSL中使用Crypto++ API生成的RSA密钥?我正在寻找的是一种以加密++和OpenSSL都可以轻松打开的格式存储密钥的方法。
I'm writing a licensing scheme and would want to verify signatures and decrypt files using the Crypto++ API, but to generate the license files I would want to use a web interface (probably using PHP, which only supports OpenSSL) to generate and encrypt/sign the licenses.
我正在编写一个许可方案,并希望使用Crypto++ API验证签名和解密文件,但是为了生成许可文件,我希望使用一个web接口(可能使用只支持OpenSSL的PHP)来生成和加密/签名许可证。
I would write both applications using Crypto++ and call it from the PHP, but since the private key will be stored in a encrypted form, a password must be passed to the application and passing it on the command line doesn't seems to be a good idea to me.
我将使用Crypto++来编写这两个应用程序,并从PHP中调用它,但是由于私钥将以加密的形式存储,所以必须将密码传递给应用程序,并将其传递到命令行,这对我来说似乎不是一个好主意。
3 个解决方案
#1
5
Both Crypto++ and OpenSSL can handle PKCS#8 encoded keys. In crypto++, you can generate keys and convert to PKCS#8 buffer like this,
加密++和OpenSSL都可以处理PKCS#8编码的密钥。在crypto++中,可以生成键并将其转换为PKCS#8缓冲区,
AutoSeededRandomPool rng;
RSAES_OAEP_SHA_Decryptor priv(rng, 2048);
string der;
StringSink der_sink(der);
priv.DEREncode(der_sink);
der_sink.MessageEnd();
// der.data() is the bytes you need
Now you just need to pass the bytes to PHP. You can save it in a file, send in a message.
现在只需将字节传递给PHP。你可以把它保存在一个文件中,发送一条消息。
The only gotcha is that PHP's OpenSSL interface only accepts PEM encoded PKCS#8. You can easily convert DER-encoded buffer into PEM like this in PHP,
唯一的问题是PHP的OpenSSL接口只接受PEM编码的PKCS#8。可以很容易地将der编码的缓冲区转换为PEM,
<?php
function pkcs8_to_pem($der) {
static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
static $END_MARKER = "-----END PRIVATE KEY-----";
$value = base64_encode($der);
$pem = $BEGIN_MARKER . "\n";
$pem .= chunk_split($value, 64, "\n");
$pem .= $END_MARKER . "\n";
return $pem;
}
?>
You can also convert PKCS#8 to PEM in C++ if you prefer. The algorithm is very simple as you can see from the PHP code.
如果您愿意,也可以将PKCS#8转换成c++中的PEM。从PHP代码中可以看出,该算法非常简单。
OpenSSL is so prevalent nowadays. I don't see any reason to use Crypto++ for common crypto applications like this.
OpenSSL现在非常流行。我看不出有什么理由在像这样的普通加密应用程序中使用Crypto++。
#2
1
Is there a way to use the RSA keys I've generated with the Crypto++ API in OpenSSL? What I am looking for is a way to store the keys in a format that both Crypto++ and OpenSSL can easily open them.
有没有办法使用我在OpenSSL中使用Crypto++ API生成的RSA密钥?我正在寻找的是一种以加密++和OpenSSL都可以轻松打开的格式存储密钥的方法。
Yes. In addition to X.509 and PKCS #8 encoded keys (ZZ Coder's answer), you can also use PEM encoded keys including encrypted keys. Support for PEM encoded keys was donated to the project in July, 2014 for OpenSSL interop.
是的。除了X.509和PKCS #8编码密钥(ZZ编码者的答案)之外,您还可以使用包含加密密钥的PEM编码密钥。对PEM编码密钥的支持在2014年7月捐赠给OpenSSL互操作项目。
To use the PEM encoded keys, you need to fetch the Crypto++ PEM Pack and recompile the library. The PEM Pack is not part of the Crypto++ library as provided by Wei Dai at the Crypto++ website.
要使用PEM编码的密钥,您需要获取Crypto++ PEM包并重新编译该库。PEM包不是密码++库的一部分,由密码++网站的魏代提供。
Once you install and recompile, its as simple as:
一旦你安装和重新编译,它的简单如下:
// Load a RSA public key
FileSource fs1("rsa-pub.pem", true);
RSA::PublicKey k1;
PEM_Load(fs1, k1);
// Load a encrypted RSA private key
FileSource fs2("rsa-enc-priv.pem", true);
RSA::PrivateKey k2;
PEM_Load(fs2, k2, "test", 4);
// Save an EC public key
DL_PublicKey_EC<ECP> k16 = ...;
FileSink fs16("ec-pub-xxx.pem", true);
PEM_Save(fs16, k16);
// Save an encrypted EC private key
DL_PrivateKey_EC<ECP> k18 = ...;
FileSink fs18("ec-enc-priv-xxx.pem", true);
PEM_Save(fs18, k18, "AES-128-CBC", "test", 4);
The keys look like so on-disk:
键看起来像磁盘上的:
$ cat rsa-pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg7ovcljEjZCFOdLWENBKE6FSk
Nke6OP79SMJABJw+JoEBpNddK6/v99IvA1qU76V0V4k8qLvhkVUtk9FArhhRsxeF
1fd8UVqgsT8j0YCVFcJ/ZA372ogpXyvc5aK9mZEiKE5TIF8qnDFFZiMWPrad1buk
hg+eFdo78QRLA5plEQIDAQAB
-----END PUBLIC KEY-----
$
$ cat rsa-enc-priv.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E1A759E11CA515CE34B6E8CE5278C919
slMx02TMblahTedEKsfS+qYYo4nZFaqI3PhCRYmE5zUa9clHm7yo36wIk3oo52OB
f4AhOaJwiPQAbLe/kDHeP77iHd/4+hFNq/Haj6ahWRpXilLVOETLtefbzSGO8va3
ORnwQpPThs2V0EetPU3LB3QcA/XRjWDzyNa7+LydOjKwbQdZnF/jND5NCkEkncNM
iQJ1VWubN+Xs3Rx0CfLu5Chl1n7WnmCNMtLL/LtYeaR1SlRJa6BaF7hNHJJJ3+Jc
8curCKlpobs+XnlDfjyqgTXolkiepn95TnT7KSqi3BqVEpq/5LKMnkDJg6nwUR7A
w0jLNr1f8adWyBEj2Dp0D/jy8eDh65eHdJw4s8G5FZfBud1zWbvRQ3Ah70ISUKa3
4q/6z2vervPgoc+rMVYDvRf/mqa4LMXYhuygsyx50OgPldCC2d0cVVFCg/ljdEzO
UV5rSkK1Qczv8Nc1ZdY3fJA+qYIV8JqPPY+dJ2312R+myPi5Av0/69k8lZN5eIJk
SkiiFQmabhc+o6z4RFA52a3lOud3eGM9L5nbFQGc5COzQVZ6y8t06tLIp9Y5zjA4
KTgNncV5eq3Bau+cWXjP6pJRixFVfwIoy95mAur7B2P1iE4FXyZbvCovPL6vilT5
kSqAo7Znu0RpTjE36tWY6tFt+GU7k8EBrjA3Qi+8xxqyYtr57Ns+H/j+hhJTN8L7
IXoevwS81OPiB0Dmg6wLLXATG1+gCNXb8sd5U2eJhy4LOJA3y54CTgRnPXtM38CH
K+JvnDstyUl9IGTsgUz51ZzyJNZGU9Ro3pt/a3Cs5IJumaygZ0LQ44WBw9m/vja9
-----END RSA PRIVATE KEY-----
$
$ cat ec-pub.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVwXjdIb2yy25QbIO0XiIHpySXwSpIAcz
v0Wdyq+fZ6BdJjs2jKvbs9pcRJn8yxlASWoz2R4NoHTZ2YokKsDfEg==
-----END PUBLIC KEY-----
$
$ cat ec-enc-priv.pem
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F1DBC73E26DCD310888932C2762B3512
nikex48SFvtNOIrOEDipwmxaghjn4jtrvwI3d1H/VNq9yp26WqFZxBJCUPFBFLjH
auA+AHeUo3BVkNQPs0VO4FD5xR50mtc2tCJizzhyTTTypLc3lRkxmD1MpeZnWRy2
70foVtNSvLL/QLJqNJGm/G9kl0xPN4zAfOq7Txoscnk=
-----END EC PRIVATE KEY-----
Related: for other useful Crypto++ patches, see the Category:Patch page on the Crypto++ wiki.
相关:对于其他有用的加密++补丁,请参阅Crypto++ wiki上的类别:补丁页面。
#3
0
Try this link: http://www.cryptopp.com/fom-serve/cache/62.html
试试这个链接:http://www.cryptopp.com/fom-serve/cache/62.html
It looks like you'll need to use PKCS#8 and convert from DER to PEM format to be able to use the keys in OpenSSL. I'm not sure if you'll be able to use a single file for both.
看起来您需要使用PKCS#8并将DER转换为PEM格式,以便能够在OpenSSL中使用密钥。我不确定你是否能同时使用一个文件。
I've only used OpenSSL so I'm not sure what options you have with Crypto++. I found the link above by searching Google for these terms: Crypto++ RSA OpenSSL.
我只使用了OpenSSL,所以我不确定加密+有哪些选项。我通过搜索谷歌找到了上面的链接:Crypto+ RSA OpenSSL。
DER is OpenSSL's binary format for keys and certificates.
DER是OpenSSL用于密钥和证书的二进制格式。
PEM is OpenSSL's text format.
PEM是OpenSSL的文本格式。
#1
5
Both Crypto++ and OpenSSL can handle PKCS#8 encoded keys. In crypto++, you can generate keys and convert to PKCS#8 buffer like this,
加密++和OpenSSL都可以处理PKCS#8编码的密钥。在crypto++中,可以生成键并将其转换为PKCS#8缓冲区,
AutoSeededRandomPool rng;
RSAES_OAEP_SHA_Decryptor priv(rng, 2048);
string der;
StringSink der_sink(der);
priv.DEREncode(der_sink);
der_sink.MessageEnd();
// der.data() is the bytes you need
Now you just need to pass the bytes to PHP. You can save it in a file, send in a message.
现在只需将字节传递给PHP。你可以把它保存在一个文件中,发送一条消息。
The only gotcha is that PHP's OpenSSL interface only accepts PEM encoded PKCS#8. You can easily convert DER-encoded buffer into PEM like this in PHP,
唯一的问题是PHP的OpenSSL接口只接受PEM编码的PKCS#8。可以很容易地将der编码的缓冲区转换为PEM,
<?php
function pkcs8_to_pem($der) {
static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
static $END_MARKER = "-----END PRIVATE KEY-----";
$value = base64_encode($der);
$pem = $BEGIN_MARKER . "\n";
$pem .= chunk_split($value, 64, "\n");
$pem .= $END_MARKER . "\n";
return $pem;
}
?>
You can also convert PKCS#8 to PEM in C++ if you prefer. The algorithm is very simple as you can see from the PHP code.
如果您愿意,也可以将PKCS#8转换成c++中的PEM。从PHP代码中可以看出,该算法非常简单。
OpenSSL is so prevalent nowadays. I don't see any reason to use Crypto++ for common crypto applications like this.
OpenSSL现在非常流行。我看不出有什么理由在像这样的普通加密应用程序中使用Crypto++。
#2
1
Is there a way to use the RSA keys I've generated with the Crypto++ API in OpenSSL? What I am looking for is a way to store the keys in a format that both Crypto++ and OpenSSL can easily open them.
有没有办法使用我在OpenSSL中使用Crypto++ API生成的RSA密钥?我正在寻找的是一种以加密++和OpenSSL都可以轻松打开的格式存储密钥的方法。
Yes. In addition to X.509 and PKCS #8 encoded keys (ZZ Coder's answer), you can also use PEM encoded keys including encrypted keys. Support for PEM encoded keys was donated to the project in July, 2014 for OpenSSL interop.
是的。除了X.509和PKCS #8编码密钥(ZZ编码者的答案)之外,您还可以使用包含加密密钥的PEM编码密钥。对PEM编码密钥的支持在2014年7月捐赠给OpenSSL互操作项目。
To use the PEM encoded keys, you need to fetch the Crypto++ PEM Pack and recompile the library. The PEM Pack is not part of the Crypto++ library as provided by Wei Dai at the Crypto++ website.
要使用PEM编码的密钥,您需要获取Crypto++ PEM包并重新编译该库。PEM包不是密码++库的一部分,由密码++网站的魏代提供。
Once you install and recompile, its as simple as:
一旦你安装和重新编译,它的简单如下:
// Load a RSA public key
FileSource fs1("rsa-pub.pem", true);
RSA::PublicKey k1;
PEM_Load(fs1, k1);
// Load a encrypted RSA private key
FileSource fs2("rsa-enc-priv.pem", true);
RSA::PrivateKey k2;
PEM_Load(fs2, k2, "test", 4);
// Save an EC public key
DL_PublicKey_EC<ECP> k16 = ...;
FileSink fs16("ec-pub-xxx.pem", true);
PEM_Save(fs16, k16);
// Save an encrypted EC private key
DL_PrivateKey_EC<ECP> k18 = ...;
FileSink fs18("ec-enc-priv-xxx.pem", true);
PEM_Save(fs18, k18, "AES-128-CBC", "test", 4);
The keys look like so on-disk:
键看起来像磁盘上的:
$ cat rsa-pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg7ovcljEjZCFOdLWENBKE6FSk
Nke6OP79SMJABJw+JoEBpNddK6/v99IvA1qU76V0V4k8qLvhkVUtk9FArhhRsxeF
1fd8UVqgsT8j0YCVFcJ/ZA372ogpXyvc5aK9mZEiKE5TIF8qnDFFZiMWPrad1buk
hg+eFdo78QRLA5plEQIDAQAB
-----END PUBLIC KEY-----
$
$ cat rsa-enc-priv.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E1A759E11CA515CE34B6E8CE5278C919
slMx02TMblahTedEKsfS+qYYo4nZFaqI3PhCRYmE5zUa9clHm7yo36wIk3oo52OB
f4AhOaJwiPQAbLe/kDHeP77iHd/4+hFNq/Haj6ahWRpXilLVOETLtefbzSGO8va3
ORnwQpPThs2V0EetPU3LB3QcA/XRjWDzyNa7+LydOjKwbQdZnF/jND5NCkEkncNM
iQJ1VWubN+Xs3Rx0CfLu5Chl1n7WnmCNMtLL/LtYeaR1SlRJa6BaF7hNHJJJ3+Jc
8curCKlpobs+XnlDfjyqgTXolkiepn95TnT7KSqi3BqVEpq/5LKMnkDJg6nwUR7A
w0jLNr1f8adWyBEj2Dp0D/jy8eDh65eHdJw4s8G5FZfBud1zWbvRQ3Ah70ISUKa3
4q/6z2vervPgoc+rMVYDvRf/mqa4LMXYhuygsyx50OgPldCC2d0cVVFCg/ljdEzO
UV5rSkK1Qczv8Nc1ZdY3fJA+qYIV8JqPPY+dJ2312R+myPi5Av0/69k8lZN5eIJk
SkiiFQmabhc+o6z4RFA52a3lOud3eGM9L5nbFQGc5COzQVZ6y8t06tLIp9Y5zjA4
KTgNncV5eq3Bau+cWXjP6pJRixFVfwIoy95mAur7B2P1iE4FXyZbvCovPL6vilT5
kSqAo7Znu0RpTjE36tWY6tFt+GU7k8EBrjA3Qi+8xxqyYtr57Ns+H/j+hhJTN8L7
IXoevwS81OPiB0Dmg6wLLXATG1+gCNXb8sd5U2eJhy4LOJA3y54CTgRnPXtM38CH
K+JvnDstyUl9IGTsgUz51ZzyJNZGU9Ro3pt/a3Cs5IJumaygZ0LQ44WBw9m/vja9
-----END RSA PRIVATE KEY-----
$
$ cat ec-pub.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVwXjdIb2yy25QbIO0XiIHpySXwSpIAcz
v0Wdyq+fZ6BdJjs2jKvbs9pcRJn8yxlASWoz2R4NoHTZ2YokKsDfEg==
-----END PUBLIC KEY-----
$
$ cat ec-enc-priv.pem
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F1DBC73E26DCD310888932C2762B3512
nikex48SFvtNOIrOEDipwmxaghjn4jtrvwI3d1H/VNq9yp26WqFZxBJCUPFBFLjH
auA+AHeUo3BVkNQPs0VO4FD5xR50mtc2tCJizzhyTTTypLc3lRkxmD1MpeZnWRy2
70foVtNSvLL/QLJqNJGm/G9kl0xPN4zAfOq7Txoscnk=
-----END EC PRIVATE KEY-----
Related: for other useful Crypto++ patches, see the Category:Patch page on the Crypto++ wiki.
相关:对于其他有用的加密++补丁,请参阅Crypto++ wiki上的类别:补丁页面。
#3
0
Try this link: http://www.cryptopp.com/fom-serve/cache/62.html
试试这个链接:http://www.cryptopp.com/fom-serve/cache/62.html
It looks like you'll need to use PKCS#8 and convert from DER to PEM format to be able to use the keys in OpenSSL. I'm not sure if you'll be able to use a single file for both.
看起来您需要使用PKCS#8并将DER转换为PEM格式,以便能够在OpenSSL中使用密钥。我不确定你是否能同时使用一个文件。
I've only used OpenSSL so I'm not sure what options you have with Crypto++. I found the link above by searching Google for these terms: Crypto++ RSA OpenSSL.
我只使用了OpenSSL,所以我不确定加密+有哪些选项。我通过搜索谷歌找到了上面的链接:Crypto+ RSA OpenSSL。
DER is OpenSSL's binary format for keys and certificates.
DER是OpenSSL用于密钥和证书的二进制格式。
PEM is OpenSSL's text format.
PEM是OpenSSL的文本格式。