Ncryptdecrypt无法解密由openssl使用RSA_PKCS1_OAEP_PADDING加密的数据 [英] Ncryptdecrypt fails to decrypt data that is encrypted by openssl with RSA_PKCS1_OAEP_PADDING
问题描述
我很难解密使用OpenSSL,RSA和RSA_PKCS1_OAEP_PADDING填充选项加密的数据。
我正在做的是从Windows KSP加载密钥:
m_hSystemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,0,NULL,CERT_SYSTEM_STORE_LOCAL_MACHINE,m_storeName.c_str());
m_pCertWithKeys = CertFindCertificateInStore(m_hSystemStore,SupportedEncodings,0,CERT_FIND_SUBJECT_STR,m_certName.c_str(),NULL);
//从证书中获取私钥。
DWORD m_KeyContextSpec = 0;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE m_hKeyContextFull;
CryptAcquireCertificatePrivateKey(m_pCertWithKeys,CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG,NULL,& m_hKeyContextFull,& m_KeyContextSpec,& m_KeyContextMustBeReleased);
并致电NCryptDecrypt,如:
BCRYPT_OAEP_PADDING_INFO paddingInfo = {0};
DWORD cbDecryptedMessage;
BYTE * pbDecryptedMessage = NULL;
paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM;
//计算所需的缓冲区
NCryptDecrypt(m_hKeyContextFull,(LPBYTE)pEncrypted,encryptedLenInBytes,& paddingInfo,NULL,cbDecryptedMessage,& outputDataLen,NCRYPT_PAD_OAEP_FLAG | NCRYPT_SILENT_FLAG);
//分配所需的缓冲区后...
NCryptDecrypt(m_hKeyContextFull,(LPBYTE)pEncrypted,encryptedLenInBytes,& paddingInfo,pbDecryptedMessage,cbDecryptedMessage,& outputDataLen,NCRYPT_PAD_OAEP_FLAG | NCRYPT_SILENT_FLAG);
使用NTE_INVALID_PARAMETER(0x80090027)失败。我尝试了不同的标志,但没有一个工作。
注意:为了便于阅读,所有错误检查都已从代码中删除。
数据使用相同的密钥(公共部分)进行加密,例如:
RsaPublicEncrypt(size-42,blk,output,Rsa,RSA_PKCS1_OAEP_PADDING)
并且可以使用SoftHSM成功解密。
CNG解密OpenSSL加密的数据有什么限制吗?
有什么想法我做错了吗? />
谢谢。
我的尝试:
我没有改变OpenSSL方面的任何内容,因为该部分有效,我们可以使用SoftHSM使用相同的密钥解密数据,但是:
*我尝试了不同的标志在NCryptDecrypt中
*填充的不同算法
*生成密钥的不同算法
到目前为止它们都没有工作。
您应该已经显示完整的代码。所以我只能猜测你可能忘记在调用NCryptDecrypt()
之前初始化cbDecryptedMessage
:
pbDecryptedMessage = new BYTE [outputDataLen]; // 或malloc()与C
cbDecryptedMessage = outputDataLen;
I have difficulty to decrypt data being encrypted using OpenSSL, RSA and RSA_PKCS1_OAEP_PADDING padding option.
What I am doing is to load the key from Windows KSP:
m_hSystemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_LOCAL_MACHINE, m_storeName.c_str()); m_pCertWithKeys = CertFindCertificateInStore(m_hSystemStore, SupportedEncodings, 0, CERT_FIND_SUBJECT_STR, m_certName.c_str(), NULL); // Obtain the private key from the certificate. DWORD m_KeyContextSpec = 0; HCRYPTPROV_OR_NCRYPT_KEY_HANDLE m_hKeyContextFull; CryptAcquireCertificatePrivateKey(m_pCertWithKeys, CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG, NULL, &m_hKeyContextFull, &m_KeyContextSpec, &m_KeyContextMustBeReleased);
and call NCryptDecrypt like:
BCRYPT_OAEP_PADDING_INFO paddingInfo = { 0 }; DWORD cbDecryptedMessage; BYTE* pbDecryptedMessage = NULL; paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; // Calculate the required buffer NCryptDecrypt(m_hKeyContextFull, (LPBYTE)pEncrypted, encryptedLenInBytes, &paddingInfo, NULL, cbDecryptedMessage, &outputDataLen, NCRYPT_PAD_OAEP_FLAG | NCRYPT_SILENT_FLAG); // After required buffer is allocated... NCryptDecrypt(m_hKeyContextFull, (LPBYTE)pEncrypted, encryptedLenInBytes, &paddingInfo, pbDecryptedMessage, cbDecryptedMessage, &outputDataLen, NCRYPT_PAD_OAEP_FLAG | NCRYPT_SILENT_FLAG);
It fails with NTE_INVALID_PARAMETER (0x80090027). I tried different flags but none of them works.
Note: All error checkings have been removed from code for readability.
The data is being encrypted with same key (public part) like:
RsaPublicEncrypt(size - 42, blk, output, Rsa, RSA_PKCS1_OAEP_PADDING)
and can be decrypted using SoftHSM successfully.
Is there any limitation for CNG to decrypt data being encrypted by OpenSSL?
Is there any idea what am I doing wrong?
Thanks.
What I have tried:
I did not change anything in OpenSSL side, because that part works and we can decrypt data using SoftHSM with same key, but:
* I have tried different flags in NCryptDecrypt
* Different algorithm for padding
* Different algorithm to generate the key
None of them worked so far.
You should have shown the full code. So I can only guess that you might forgot to initialisecbDecryptedMessage
before callingNCryptDecrypt()
:
pbDecryptedMessage = new BYTE[outputDataLen]; // or malloc() with C cbDecryptedMessage = outputDataLen;
这篇关于Ncryptdecrypt无法解密由openssl使用RSA_PKCS1_OAEP_PADDING加密的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!