I generated a public/private keypair with openssl
:
我使用openssl生成了一个公钥/私钥对:
openssl genrsa -out private.pem 1024
openssl pkcs8 -topk8 -in private.pem -outform DER -out private.der -nocrypt
openssl rsa -in private.pem -pubout -outform DER -out public.der
Now after that I created test code with Python, that was encrypting and deciphering strings. I took the example straight from PyCrypto
documentation, encrypting:
之后,我用Python创建了测试代码,这是加密和解密字符串。我从PyCrypto的文档中直接拿了这个例子,加密:
string_to_encrypt = str(raw_input("Enter a string to encrypt: "))
print "Encrypting: %s" % string_to_encrypt
key = RSA.importKey(open('./public.der').read())
cipher = PKCS1_OAEP.new(key)
ciphertext = cipher.encrypt(string_to_encrypt)
and decrypting:
和解密:
dec_key = RSA.importKey(open('./private.der').read())
d_cipher = PKCS1_OAEP.new(dec_key)
dec_message = d_cipher.decrypt(ciphertext)
Now this works as expected, and next I wanted to try deciphering same using C
. I transfer the data via socket
to the C application.. but now I'm unable to get the message back to clear text, even though the deciphering is not throwing errors.
现在,这是预期的工作,接下来我想尝试使用C来解密相同的数据。但是现在我无法将消息返回到清晰的文本中,即使解译并不是抛出错误。
Before I try to decipher the text, I print out the data to the screen, and the bytes match on both ends. The receiving function looks like this:
在我尝试破译文本之前,我将数据打印到屏幕上,并在两端匹配字节。接收函数是这样的:
char* decrypt_packet(char* encrypted_buffer, int size) {
FILE *keyfile = fopen("./private.pem", "r");
RSA *rsa_pri = PEM_read_RSAPrivateKey (keyfile, NULL, NULL, NULL);
int rsa_private_len = RSA_size(rsa_pri);
for(i; i < size;i++)
printf("%02x:",(unsigned char)encrypted_buffer[i]);
printf("\n");
char * decrypt = (char*)malloc(rsa_private_len+1);
memset(decrypt,0,rsa_private_len+1); //Zero the buffer for printing
int res = RSA_private_decrypt(rsa_private_len, (unsigned char*)encrypted_buffer, (unsigned char*)decrypt, rsa_pri , RSA_NO_PADDING);
if(res == -1) {
ERR_load_crypto_strings();
printf("ERROR: %s\n",ERR_error_string(ERR_get_error(),NULL));
}
printf("size decrypt: %i\n", res);
printf("decrypted: %s\n", decrypt);
....
The deciphering doesn't fail, but the output is garbage (here sending just a test string "hello world"):
解码不会失败,但是输出是垃圾(这里只发送一个测试字符串“hello world”):
received buffer:
82:9d:a7:f7:3c:d6:71:12:01:31:ba:c6:a2:90:94:90:fd:69:d3:fe:14:11:2f:af:a9:8a:25:99:55:d2:84:1f:dc:e3:5e:a9:be:7b:8a:ac:cd:38:76:a2:91:ec:24:da:06:c7:8d:67:c8:15:19:73:c8:57:ce:a5:87:f0:da:db:c2:6d:5b:55:a3:ba:7e:7d:ca:6b:02:23:fd:fe:cb:b4:04:53:e2:74:c3:91:77:ee:5f:7a:61:7a:87:a6:42:37:28:c6:9c:cb:6a:46:f4:c0:bd:fe:8a:92:da:86:53:3b:5c:e2:e3:79:81:2c:32:28:9c:4c:be:0a:fa:75:7b:b2:
size decrypt: 128
decrypted: dÕf`5åiõuy<òáµÛ~G=/
Ä
I have chosen to use RSA_NO_PADDING
? I have no idea really if this is correct.
我选择使用RSA_NO_PADDING?我不知道这是否正确。
But if I use something else, the decrypt function complains: RSA_padding_check_PKCS1_type_2:block type is not 02
or RSA_padding_check_PKCS1_OAEP:oaep decoding error
但是如果我使用别的东西,解密函数会抱怨:rsa_pading_check_pkcs1_type_2:块类型不是02或rsa_pading_check_pkcs1_oaep:oaep解码错误。
Am I correctly calling the RSA_private_decrypt
function ? Could the problem be that I'm reading the private.pem
file in C (in Python I was reading the .der
file)?
我是否正确地调用了RSA_private_decrypt函数?问题可能是我正在读私人信件。在C中的pem文件(在Python中,我正在读取.der文件)?
One more thing came to mind. I used default openssl
from Ubuntu to generate the keys, but my C application I'm linking against a downloaded and compiled source. The Makefile
contains:
我又想起了一件事。我在Ubuntu中使用默认的openssl来生成密钥,但是我的C应用程序与下载的和编译的源代码相链接。Makefile文件包含:
SOURCE_FILES = main.c client_handler.c
CC=gcc
$(CC) $(SOURCE_FILES) -o client_control_srv -lpthread -lssl -lcrypto -I/home/jlumme/openssl-1.0.1f_x86/include
Thanks for any tips!
谢谢你的任何建议!
1 个解决方案
#1
0
Looks like my key generation was messed up.
看来我的关键一代搞砸了。
I regenerated the keys:
我再生的关键:
openssl genrsa -out mykey_priv.pem 1024
openssl rsa -in mykey_priv.pem -out mykey_publ.der -outform DER -pubout
and now it works with the same code. As CBHacking pointed out, I also needed to have padding set to RSA_PKCS1_OAEP_PADDING
.
现在它使用相同的代码。正如CBHacking指出的那样,我还需要将填充设置为RSA_PKCS1_OAEP_PADDING。
#1
0
Looks like my key generation was messed up.
看来我的关键一代搞砸了。
I regenerated the keys:
我再生的关键:
openssl genrsa -out mykey_priv.pem 1024
openssl rsa -in mykey_priv.pem -out mykey_publ.der -outform DER -pubout
and now it works with the same code. As CBHacking pointed out, I also needed to have padding set to RSA_PKCS1_OAEP_PADDING
.
现在它使用相同的代码。正如CBHacking指出的那样,我还需要将填充设置为RSA_PKCS1_OAEP_PADDING。