我在C#中创建了一个密钥对,我想将公钥上传到服务器,这样服务器就可以向客户端发送私人数据。服务器必须使用此公钥,但它是XML格式。我一直在阅读,在linux中使用公钥加密文件的最佳方法似乎是使用openssl。
这就是我的公钥在.net中使用RSACryptoServiceProvider生成后的样子
<RSAKeyValue><模量>sqprMX0n4y1gmmgpTt6pHb870k5U0MIuXixidD+S8foQf5BbFS44th2uWDKzXOXqiONxIPHPb+84XdxrRi2O7bvLysztgrFeU8oNDMeuIwJOKVQzKoJ1vGqjBKiA9w48oQKxvO+Ck3GmObW67LFNcrt50sEco2/OMmrpiH3W8hRx55TcR1flCJduU0/6jA7Yct9ZfhOwBq6o5Iwi8Mi1R6LVq9sSNAWHC/bFcEONktz6NgUKbFKtt+mTfFGToiwPB1L4TecGyTIweH84nl8jVAngcMvvFP415Eg1kd9PJbRqrIESM5AU1YcsapWV3bsqEGVS2y+r5N4yzXPCYRCRyFWJSnNVlax+gtDFTNz3m9UT8m2E7elGe5hPhR6nN3votzBNvTeQ4Lwc5JDIvnUg7aOdVIXnHQbBqEQke79BXxIv8tzVPczGkFqFExkmPPQv8zJvBKkIYc+BFJtkylBiZfQX0590NS3L1y31VSeXn8Ncx2/ceJfUXsMWJ3sQ+dk51MKBJ2LLoyJq8IgloBLnXWvlYZ+tkzRVTExFR277V3Jr17DeTOMQEg5HqRkbDDVGPTl2RvC2S2BTe7+r9xNzyAZMieVjZLZgb6ic E6uSJFcu4qqJ1khQUjW7taymqW8ao3oEiCUJKvRpZcJPMN+JtMnj+2we17ytk=<模量><指数>AQAB<指数><RSAKeyValue>
事实是openssl只接受PEM(据我所见)如何将此密钥转换为openssl可以用来加密的密钥
但它是XML格式的
表示格式为RFC 3275,XML签名语法和处理。
如何将此密钥转换为openssl可以用来加密的密钥?
您需要解析RFC 3275RSAKeyValue,然后将其放入OpenSSLRSA结构中。
有点痛苦。。。。你确定要看吗?(XML解析留给读者练习,但它使用了上面提供的值)。
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
int main(int argc, char* argv[])
{
int ret = -1;
char nz[] = "sqprMX0n4y1gmmgpTt6pHb870k5U0MIuXixidD+S8foQf5Bb"
"FS44kth2uWDKzXOXqiONxIPHPb+84XdxrRi2O7bvLysztgrF"
"eU8oNDMeuIwJOKVQzKoJ1vGqjBKiA9w48oQKxvO+Ck3GmObW"
"67LFNcrt50sEco2/OMmrpiH3W8hRx55TcR1flCJduU0/6jA7"
"Yct9ZfhOw5wBq6o5IwiT8Mi1R6LVq9sTzSNAWHC/bFcEONkt"
"z6NgUKbFKtt+mTfFGToiwPB1L4TecGyTIweH84nl8jVAngcM"
"vvFP415Eg1kd9PJbRqrIESM5AU1YcsapWV3bsqEGVS2y+r5N"
"4yzXPCYRCRyFWJSnNVlax+gtDFTNz3m9UT8m2E7elGe5hPhR"
"6nN3votzBNvTeQ4Lwc5JDIvnWUg7aOdVIXnHQbBqEQke79BX"
"xIv8tzVPczGkFqFExkmPPQQv8zJvBKkIYc+BFJtkylBiZfQX"
"0590NS3L1y31VSeXn8Ncx2/ceJfUXsMWJ3sQ+dk51MKBJ2LL"
"oyJq8IgloBLnXWvlYZ+tkzRVTExFR277V3Jr17DeTOMQGEg5"
"HqRkbDDVGPTl2RvC2S2BTe7+r9xNzyAZMieVjZLZgb6icE6u"
"SJFcu4qqJ1khQUjW7taymqW8Ao3oEiCUJKvRpZcJPMN+JtMn"
"ji+2we17ytk=";
char ez[] = "AQAB";
BIO* nn = NULL, *ee = NULL;
BIO* b1 = NULL, *b2 = NULL;
RSA* rsa = NULL;
nn = BIO_new_mem_buf(nz, strlen(nz));
if(!nn) { ret = 1; goto done; }
ee = BIO_new_mem_buf(ez, strlen(ez));
if(!ee) { ret = 2; goto done; }
b1 = BIO_new(BIO_f_base64());
if(!b1) { ret = 3; goto done; }
b2 = BIO_new(BIO_f_base64());
if(!b2) { ret = 4; goto done; }
/* If you leave these out even though you */
/* are reading, then BIO_read will return 0 */
/* and BIO_should_retry will return false */
BIO_set_flags(b1, BIO_FLAGS_BASE64_NO_NL);
BIO_set_flags(b2, BIO_FLAGS_BASE64_NO_NL);
nn = BIO_push(b1, nn);
if(!nn) { ret = 5; goto done; }
ee = BIO_push(b2, ee);
if(!ee) { ret = 6; goto done; }
rsa = RSA_new();
if(rsa == NULL) { ret = 7; goto done; }
unsigned char buff[4096];
const int bsize = sizeof(buff);
int rr = 0, rd = 0;
/* See http://marc.info/?l=openssl-users&m=123171064303018&w=2 */
/* for this contorted goodness */
rd = 0;
do {
rr = BIO_read(nn, buff + rd, bsize - rd);
if(rr < 0) { ret = 8; goto done; } /* failed */
rd += rr;
} while (rr > 0 || BIO_should_retry(nn));
if(rd == 0) { ret = 9; goto done; }
rsa->n = BN_bin2bn(buff, rd, NULL);
if(rsa->n == NULL) { ret = 10; goto done; }
rd = 0;
do {
rr = BIO_read(ee, buff + rd, bsize - rd);
if(rr < 0) { ret = 11; goto done; } /* failed */
rd += rr;
} while (rr > 0 || BIO_should_retry(ee));
if(rd == 0) { ret = 12; goto done; }
rsa->e = BN_bin2bn(buff, rd, NULL);
if(rsa->e == NULL) { ret = 13; goto done; }
/***** Paydirt *****/
RSA_print_fp(stdout, rsa, 0);
ret = 0;
done:
if(ret != 0)
fprintf(stderr, "Failed to parse and validate RSA keyn");
if(rsa)
RSA_free(rsa), rsa = NULL;
if(nn)
BIO_free_all(nn), nn = NULL;
if(ee)
BIO_free_all(ee), ee = NULL;
return ret;
}
如何在linux中使用xml公钥加密
使用上面的RSA,尝试RSA_encrypt(和RSA_verify)。请参阅OpenSSL文档中的rsa(3)。
事实是openssl只接受PEM(据我所见)。
OpenSSL接受PEM和DER。
这是上面关于参数的程序输出。
$ ./rsa-test.exe
Public-Key: (4096 bit)
Modulus:
00:b2:aa:6b:31:7d:27:e3:2d:60:9a:68:29:4e:de:
a9:1d:bf:3b:d2:4e:54:d0:c2:2e:5e:2c:62:74:3f:
92:f1:fa:10:7f:90:5b:15:2e:38:92:d8:76:b9:60:
ca:cd:73:97:aa:23:8d:c4:83:c7:3d:bf:bc:e1:77:
71:ad:18:b6:3b:b6:ef:2f:2b:33:b6:0a:c5:79:4f:
28:34:33:1e:b8:8c:09:38:a5:50:cc:aa:09:d6:f1:
aa:8c:12:a2:03:dc:38:f2:84:0a:c6:f3:be:0a:4d:
c6:98:e6:d6:eb:b2:c5:35:ca:ed:e7:4b:04:72:8d:
bf:38:c9:ab:a6:21:f7:5b:c8:51:c7:9e:53:71:1d:
5f:94:22:5d:b9:4d:3f:ea:30:3b:61:cb:7d:65:f8:
4e:c3:9c:01:ab:aa:39:23:08:93:f0:c8:b5:47:a2:
d5:ab:db:13:cd:23:40:58:70:bf:6c:57:04:38:d9:
2d:cf:a3:60:50:a6:c5:2a:db:7e:99:37:c5:19:3a:
22:c0:f0:75:2f:84:de:70:6c:93:23:07:87:f3:89:
e5:f2:35:40:9e:07:0c:be:f1:4f:e3:5e:44:83:59:
1d:f4:f2:5b:46:aa:c8:11:23:39:01:4d:58:72:c6:
a9:59:5d:db:b2:a1:06:55:2d:b2:fa:be:4d:e3:2c:
d7:3c:26:11:09:1c:85:58:94:a7:35:59:5a:c7:e8:
2d:0c:54:cd:cf:79:bd:51:3f:26:d8:4e:de:94:67:
b9:84:f8:51:ea:73:77:be:8b:73:04:db:d3:79:0e:
0b:c1:ce:49:0c:8b:e7:59:48:3b:68:e7:55:21:79:
c7:41:b0:6a:11:09:1e:ef:d0:57:c4:8b:fc:b7:35:
4f:73:31:a4:16:a1:44:c6:49:8f:3d:04:2f:f3:32:
6f:04:a9:08:61:cf:81:14:9b:64:ca:50:62:65:f4:
17:d3:9f:74:35:2d:cb:d7:2d:f5:55:27:97:9f:c3:
5c:c7:6f:dc:78:97:d4:5e:c3:16:27:7b:10:f9:d9:
39:d4:c2:81:27:62:cb:a3:22:6a:f0:88:25:a0:12:
e7:5d:6b:e5:61:9f:ad:93:34:55:4c:4c:45:47:6e:
fb:57:72:6b:d7:b0:de:4c:e3:10:18:48:39:1e:a4:
64:6c:30:d5:18:f4:e5:d9:1b:c2:d9:2d:81:4d:ee:
fe:af:dc:4d:cf:20:19:32:27:95:8d:92:d9:81:be:
a2:70:4e:ae:48:91:5c:bb:8a:aa:27:59:21:41:48:
d6:ee:d6:b2:9a:a5:bc:02:8d:e8:12:20:94:24:ab:
d1:a5:97:09:3c:c3:7e:26:d3:27:8e:2f:b6:c1:ed:
7b:ca:d9
Exponent: 65537 (0x10001)