OpenSSL C ++ RSA标志与命令行标志不同 [英] OpenSSL C++ RSA sign is different from command line sign

问题描述

我正在尝试用C ++签名文本，然后在命令行中进行验证.我正在使用OpenSSL库.这是我生成密钥的命令行:

I'm trying to sign a text in C++ and then verify it in the command line. I'm using OpenSSL libraries. This is my command line for key generation:

openssl genrsa -out key.pem 1024

现在我有了我的私钥.然后，这就是我登录命令行的方式:

Now I have my private key. Then this is how I do to sign in command line:

echo "hola" | openssl rsautl -pkcs -sign -inkey key.pem > sign.txt

这时似乎一切正常，现在我在sign.txt中登录了. 现在，我试图在C中做同样的事情.这是我的代码:

At this point all works like it seems to be, now I have a sign in sign.txt. Now I'm trying to do the same in C... This is my code:

RSA * rsaPrivKey;


RSA * createRSAWithFilename (const char * filename, int publicKey)
{
   FILE * fp = fopen (filename, "rb");

   if (fp == NULL)
   {
      printf ("Unable to open file %s \n", filename);
      return NULL;
   }
   RSA *rsa = RSA_new ();

   if (publicKey)
      rsa = PEM_read_RSA_PUBKEY (fp, &rsa, NULL, NULL);
   else
      rsa = PEM_read_RSAPrivateKey (fp, &rsa, NULL, NULL);

   return rsa;
}


void initRSA (void)
{
   rsaPrivKey = createRSAWithFilename ("key.pem", 0);

   unsigned char text[] = {"hola"};
   unsigned char encrypted[4098] = {};
   unsigned int outlen;

   unsigned char hash[20];
   if (!SHA1 (text, sizeof(text), hash)){
      printf ("SHA1 failed\n");
      exit (0);
   }
   if (!RSA_sign (NID_sha1, hash, 20, encrypted, &outlen, rsaPrivKey)){
      printf ("RSA_sign failed\n");
      exit (0);
   }

   printf ("Result:\n");
   for (int a = 0; a < outlen; a++)
      printf ("%c", encrypted[a]);

   exit (1);
}

当我调用initRSA()时，它会打印生成的签名.....与在命令行中生成的签名不同.

When I call initRSA() it prints the generated signature.. but.. is not the same as in generated in command line.

因为不确定我的sizeof是否使用的是"text"的真实长度，所以我尝试使用length = 4(hola有4个字符)和5(也许计算\ 0)，结果不是预期的.

Because not sure about if the sizeof is taking the real length of "text" I tried with length = 4 (hola have 4 chars) and 5 (perhaps computing \0) and the results are not the expected.

我对密码学的知识非常有限.不知道问题出在哪里.

My knowledge in cryptography is very limited.. don't know where is the problem.

推荐答案

显然是因为您使用了错误的命令行.您需要以下命令行，该命令行可计算输入摘要并使用私钥对其进行签名:

Apparently it's because you're using the wrong command line. You want this command line, which computes a digest of your input and signs it using the private key:

echo -n "hola" | openssl dgst -sha1 -binary -sign key.pem >sign.txt

使用pkeyutl还会执行其他一些额外的操作，如下所述:

Using pkeyutl does some other extra stuff as described here: Different signatures when using C routines and openssl dgst, rsautl commands

因此，如果使用我提供的命令行(使用echo -n以避免添加换行符)并将代码更改为sizeof(text)-1以跳过空终止符，则应该获得相同的输出.

So if you use the command line I provided (use echo -n to avoid adding a newline) and change your code to sizeof(text)-1 to skip the null terminator, you should get the same output.

这篇关于OpenSSL C ++ RSA标志与命令行标志不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！