无法使用开放SSL解密RSA数据 [英] Can't decrypt RSA data with open SSL
问题描述
我尝试使用我用openssl创建的公钥来加密matlab中的一些数据
I try to encrypt some data in matlab using a public key I created with openssl
我使用以下方法创建了密钥:
I created the keys using:
openssl genrsa -des3 -out private.pem 1024
openssl rsa -in private.pem -pubout -outform DER -out public.der
我使用这个matlab代码(使用Java库)加密我的数据:
I encrypt my data using this matlab code (with Java libraries):
import java.security.spec.RSAPublicKeySpec
import javax.crypto.Cipher;
import java.security.KeyFactory
import java.math.BigInteger
fid = fopen('public.der');
a = fread(fid);
key = java.security.spec.X509EncodedKeySpec(a);
kf = KeyFactory.getInstance('RSA');
KEY = kf.generatePublic(key);
cipher = Cipher.getInstance('RSA/ECB/PKCS1Padding');
cipher.init(Cipher.ENCRYPT_MODE, KEY)
plaintextBytes = [24];
ciphertext = cipher.doFinal(plaintextBytes)' ;
fid2 = fopen('msg.txt','w');
fwrite(fid2,ciphertext);
fclose(fid2);
我尝试使用以下方法对其进行解密:
I try to decrypt it using:
openssl rsautl -decrypt -inkey private.pem -in msg.txt -keyform PEM -pkcs
然后我收到此错误:
RSA operation error
80305:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/rsa/rsa_pk1.c:267:
80305:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.40.2/src/crypto/rsa/rsa_eay.c:614:
推荐答案
大多数情况下这样的RSA_padding_check_PKCS1_type_2错误...... - 你倾向于看到这个
(1)编码错误:不是解密二进制数据,而是对(可能)Base64编码数据进行解密。
(2)密钥对或密钥本身不匹配:公钥与私钥不匹配以进行解密。
http:// hustoknow .blogspot.ca / 2013/01 / rsa-block-type-is-not-02-error.html
Most of the time for such "RSA_padding_check_PKCS1_type_2 error ..." - you tends to see this with (1) Encoding errors: instead of decrypting binary data, decrypting is done on (maybe) Base64 encoded data. (2) Mismatched key pair or key itself: Public key does not matched to the Private key for decryption. http://hustoknow.blogspot.ca/2013/01/rsa-block-type-is-not-02-error.html
也许我们可以确保这对在说密码加载不正确之前(2)也没有不匹配(2)。如下所示参考 https://www.sslshopper.com/ssl-converter.html
Maybe we can make sure the pair is not mismatch (2) too before saying the cipher load is not correct (1). Like below in ref to https://www.sslshopper.com/ssl-converter.html
将PEM转换为DER:openssl x509 -outform der -in certificate.pem -out certificate.der
或者如果证书已经在der中格式,也可以变成pem
例如将DER转换为PEM:openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert PEM to DER: openssl x509 -outform der -in certificate.pem -out certificate.der or if the cert is already in "der" format, can also be turn into "pem" e.g. Convert DER to PEM: openssl x509 -inform der -in certificate.cer -out certificate.pem
将PEM转换为PFX:openssl pkcs12 -export -out certificate.pfx - inkey privateKey.key -in certificate.crt -certfile CACert.crt
或者如果只有pfx则可以获得pem
eg将PFX转换为PEM:openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Convert PEM to PFX: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt or if there is only "pfx" then can get "pem" e.g. Convert PFX to PEM: openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
确认我们有pem后,我们可以尝试加密和如
中所述解密 http://openssl.6102.n7.nabble.com/unable-to-decrypt-using-using-private-key-td15204.html
After making sure we have the "pem", we can try the encrypt and decrypt as stated in http://openssl.6102.n7.nabble.com/unable-to-decrypt-using-using-private-key-td15204.html
如1)openssl enc -base64 -d -in -out创建的地方,它有二进制内容。
,例如2)openssl rsautl -decrypt -inkey -out -pkcs
但在这种情况下,请考虑使用-raw而不是-pkcs来解密数据与服务器私有
密钥
e.g. 1) openssl enc -base64 -d -in -out where was created and it had binary contents. e.g. 2) openssl rsautl -decrypt -inkey -out -pkcs but in this case, consider trying to use -raw instead of -pkcs to decrypt data with server private key
这篇关于无法使用开放SSL解密RSA数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!