会话密钥的OpenSSL加密 [英] OpenSSL Encryption of Session Key
问题描述
我正在编写一种加密会话密钥的方法。它需要这样做,以便密钥可以由已成功测试的不同程序解密。解密程序不能改变。我遇到的问题是让加密工作的方式与解密程序一致。
I am writing a method that encrypts session keys. It needs to do this such that the key can be decrypted by a different program that has been tested successfully. The decryption program cannot change. Where I am stuck is on getting my encryption to work in a way that it aligns with the decryption routine.
让我先给出解密程序。请记住,这不能改变:
Let me give the decryption routine first. Remember, this cannot change:
public Boolean decryptSessionKey() {
// first, base64 decode the session key
String sslString = "openssl base64 -d -in enc_sesskey -out temp";
try {
Process p = Runtime.getRuntime().exec(sslString);
} catch (IOException e2) {
e2.printStackTrace();
}
// now we can decrypt it
try {
sslString = "openssl rsautl -in temp -inkey privkey.pem -decrypt";
Process p = Runtime.getRuntime().exec(sslString);
BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream()));
try {
String s;
while ((s = stdInput.readLine()) != null) {
decrypted_session_password = s;
writeToFile(decrypted_sesskey, s);
}
return true;
} catch (Exception e) {
return false;
}
} catch (IOException e1) {
return false;
} catch (Exception e) {
return false;
}
}
这是我写的加密例程。我产生base64编码的文本,但它最终不能解密。值得注意的是,我已经验证解密例程正确地获取了加密例程的结果(两者之间没有握手问题)。
Here is the encryption routine that I am writing. I yields base64 encoded text, but it is ultimately not decryptable. It's worth noting that I have verified that the decryption routine correctly picks up the results of the encryption routine (no handshake problems between the two).
public Boolean encryptSessionKey(Cert receiver_cert) {
String sslString =
"openssl rsautl base64 -in sesskey -out temp -inkey cert.pem -encrypt -certin";
// run this openssl encryption. Note that it will not yet be base64 encoded
try {
Process p = Runtime.getRuntime().exec(sslString);
} catch (IOException e2) {
e2.printStackTrace();
}
// now we base64-encode the encrypted file
sslString = "openssl base64 -in temp -out enc_sesskey";
try {
Process p = Runtime.getRuntime().exec(sslString);
} catch (IOException e1) {return false;
} catch (Exception e) {return false;
}
return true;
}
我真的被困了。任何帮助表示赞赏。谢谢。
I'm really stuck. Any help is appreciated. Thank you.
推荐答案
使用PKCS填充和从证书获取的公钥进行RSA加密:
RSA encryption with PKCS padding and public key acquired from certificate:
openssl rsautl -encrypt -in sesskey -inkey cert.pem -certin -out temp
openssl base64 -e -in temp -out enc_sesskey
使用PKCS填充和私钥进行RSA解密:
RSA decryption with PKCS padding and private key:
openssl base64 -d -in enc_sesskey -out temp
openssl rsautl -decrypt -in temp -inkey privkey.pem -out sesskey2
测试并确认没问题,因为sesskey文件的内容与sesskey2文件的内容相同。
Tested and confirmed to be OK because content of the "sesskey" file is the same as content of the "sesskey2" file.
这篇关于会话密钥的OpenSSL加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!