会话密钥的 OpenSSL 加密 [英] OpenSSL Encryption of Session Key

问题描述

我正在编写一种加密会话密钥的方法.它需要这样做，以便密钥可以由已成功测试的不同程序解密.解密程序不能更改.我遇到的问题是让我的加密以与解密程序一致的方式工作.

I am writing a method that encrypts session keys. It needs to do this such that the key can be decrypted by a different program that has been tested successfully. The decryption program cannot change. Where I am stuck is on getting my encryption to work in a way that it aligns with the decryption routine.

先说解密套路.请记住，这无法改变:

Let me give the decryption routine first. Remember, this cannot change:

public Boolean decryptSessionKey() {

    // first, base64 decode the session key
    String sslString = "openssl base64 -d -in enc_sesskey -out temp";

    try {
        Process p = Runtime.getRuntime().exec(sslString);
    } catch (IOException e2) {
        e2.printStackTrace();
    }

    // now we can decrypt it
    try {
        sslString = "openssl rsautl -in temp -inkey privkey.pem -decrypt";
        Process p = Runtime.getRuntime().exec(sslString);   
        BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream()));

        try {
            String s;
            while ((s = stdInput.readLine()) != null) {           
                decrypted_session_password = s;
                writeToFile(decrypted_sesskey, s);
            }
            return true;

        } catch (Exception e) {
            return false;
        }
    } catch (IOException e1) {
        return false;
    } catch (Exception e) {
        return false;
    }
}

这是我正在编写的加密例程.我产生了 base64 编码的文本，但它最终是不可解密的.值得注意的是，我已经验证了解密例程正确提取了加密例程的结果(两者之间没有握手问题).

Here is the encryption routine that I am writing. I yields base64 encoded text, but it is ultimately not decryptable. It's worth noting that I have verified that the decryption routine correctly picks up the results of the encryption routine (no handshake problems between the two).

public Boolean encryptSessionKey(Cert receiver_cert) {

    String sslString = 
        "openssl rsautl base64 -in sesskey -out temp -inkey cert.pem -encrypt -certin";

    // run this openssl encryption. Note that it will not yet be base64 encoded
    try {
        Process p = Runtime.getRuntime().exec(sslString);
    } catch (IOException e2) {
        e2.printStackTrace();
    }

    // now we base64-encode the encrypted file
    sslString = "openssl base64 -in temp -out enc_sesskey"; 

    try {
        Process p = Runtime.getRuntime().exec(sslString);   
    } catch (IOException e1) {return false;
    } catch (Exception e) {return false;
    }

    return true;
}

我真的被困住了.任何帮助表示赞赏.谢谢.

I'm really stuck. Any help is appreciated. Thank you.

推荐答案

使用 PKCS 填充和从证书获取的公钥的 RSA 加密:

RSA encryption with PKCS padding and public key acquired from certificate:

openssl rsautl -encrypt -in sesskey -inkey cert.pem -certin -out temp
openssl base64 -e -in temp -out enc_sesskey

使用 PKCS 填充和私钥的 RSA 解密:

RSA decryption with PKCS padding and private key:

openssl base64 -d -in enc_sesskey -out temp
openssl rsautl -decrypt -in temp -inkey privkey.pem -out sesskey2

经过测试确认没问题，因为sesskey"文件的内容与sesskey2"文件的内容相同.

Tested and confirmed to be OK because content of the "sesskey" file is the same as content of the "sesskey2" file.

这篇关于会话密钥的 OpenSSL 加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！