OpenSSL RSA_sign C++ - 与命令行不同的符号
OpenSSL RSA_sign C++ - Different sign than the command line
我正在尝试使用 OpenSSL 的库开发数字签名工具,但我的代码创建的签名与我从命令行获得的签名不同。
我检查并验证了 SHA256 摘要是正确的。
这是我用来验证签名的命令示例:
openssl rsautl -sign -inkey privateKey.pem -in hash.txt > signature
根据我下面的代码,是否有明显的错误?
#include <iostream>
#include <string>
#include <sstream>
#include <fstream>
#include <iomanip>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
using namespace std;
RSA * generateKeys()
{
RSA *rsa = RSA_new();
BIGNUM *bignum = NULL;
bignum = BN_new();
BN_set_word(bignum, RSA_F4);
FILE *file;
bool exists;
if ((file = fopen("privateKey.pem", "r")))
{
exists = true;
fclose(file);
}
if (!exists)
{
FILE *pkey = fopen("privateKey.pem", "wb");
RSA_generate_key_ex(rsa, 2048, bignum, NULL);
PEM_write_RSAPrivateKey(pkey, rsa, NULL, NULL, 0, NULL, NULL);
fclose(pkey);
}else{
FILE *pkey = fopen("privateKey.pem", "rb");
PEM_read_RSAPrivateKey(
pkey,
&rsa,
NULL,
NULL);
fclose(pkey);
}
return rsa;
}
// Sign document
void sign(const char *filepath)
{
FILE *file = fopen(filepath, "r");
// SHA256 digest
unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
char *buffer[1024];
int bytesRead = 0;
while ((bytesRead = fread(buffer, 1, 1024, file)))
{
SHA256_Update(&sha256, buffer, bytesRead);
}
fclose(file);
SHA256_Final(hash, &sha256);
// Retrieve keys (create keys if it does not exist)
RSA *rsa = generateKeys();
// Sign
const int size = RSA_size(rsa);
unsigned char *sign = new unsigned char[size];
unsigned int outlen = 0;
RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, sign, &outlen, rsa);
FILE *signedDoc = fopen("signedDocument.signed","wb");
fputs((const char *) sign,signedDoc);
fclose(signedDoc);
}
// Validate document
// int validate(FILE *file){
// return 0;
// }
int main(int argc, char *argv[])
{
// Input validation
if (argc == 1)
{
cout << "Usage: sign -sv document" << endl
<< "-s sign document" << endl
<< "-v validate document signature" << endl;
return 0;
}
if (argc > 3 || (string(argv[1]) != "-s" && string(argv[1]) != "-v"))
{
cout << "Error: Wrong arguments given." << endl
<< "sign for help" << endl;
return -1;
}
FILE *document = fopen(argv[2], "r");
if (document == NULL)
{
cout << "File open error.." << endl;
return -1;
}
// Sign document
if ((string(argv[1]) == "-s"))
{
sign(argv[2]);
}
// // Validate signature
// if((string(argv[1]) == "-v")){
// validate(document);
// }
}
这些是我用来编译它的标志:
-Wall -Werror -Wextra -pedantic -lcrypto -std=c++11 -g
提前致谢。
我已经实现了 RSA_verify 功能,并且根据我的代码所做的标志,RSA_verify 有效并且 returns 它是有效的。我还添加了保存 public 键的代码。
我最好的猜测是我的代码并不完全代表命令。
我正在尝试使用 OpenSSL 的库开发数字签名工具,但我的代码创建的签名与我从命令行获得的签名不同。
我检查并验证了 SHA256 摘要是正确的。
这是我用来验证签名的命令示例:
openssl rsautl -sign -inkey privateKey.pem -in hash.txt > signature
根据我下面的代码,是否有明显的错误?
#include <iostream>
#include <string>
#include <sstream>
#include <fstream>
#include <iomanip>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
using namespace std;
RSA * generateKeys()
{
RSA *rsa = RSA_new();
BIGNUM *bignum = NULL;
bignum = BN_new();
BN_set_word(bignum, RSA_F4);
FILE *file;
bool exists;
if ((file = fopen("privateKey.pem", "r")))
{
exists = true;
fclose(file);
}
if (!exists)
{
FILE *pkey = fopen("privateKey.pem", "wb");
RSA_generate_key_ex(rsa, 2048, bignum, NULL);
PEM_write_RSAPrivateKey(pkey, rsa, NULL, NULL, 0, NULL, NULL);
fclose(pkey);
}else{
FILE *pkey = fopen("privateKey.pem", "rb");
PEM_read_RSAPrivateKey(
pkey,
&rsa,
NULL,
NULL);
fclose(pkey);
}
return rsa;
}
// Sign document
void sign(const char *filepath)
{
FILE *file = fopen(filepath, "r");
// SHA256 digest
unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
char *buffer[1024];
int bytesRead = 0;
while ((bytesRead = fread(buffer, 1, 1024, file)))
{
SHA256_Update(&sha256, buffer, bytesRead);
}
fclose(file);
SHA256_Final(hash, &sha256);
// Retrieve keys (create keys if it does not exist)
RSA *rsa = generateKeys();
// Sign
const int size = RSA_size(rsa);
unsigned char *sign = new unsigned char[size];
unsigned int outlen = 0;
RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, sign, &outlen, rsa);
FILE *signedDoc = fopen("signedDocument.signed","wb");
fputs((const char *) sign,signedDoc);
fclose(signedDoc);
}
// Validate document
// int validate(FILE *file){
// return 0;
// }
int main(int argc, char *argv[])
{
// Input validation
if (argc == 1)
{
cout << "Usage: sign -sv document" << endl
<< "-s sign document" << endl
<< "-v validate document signature" << endl;
return 0;
}
if (argc > 3 || (string(argv[1]) != "-s" && string(argv[1]) != "-v"))
{
cout << "Error: Wrong arguments given." << endl
<< "sign for help" << endl;
return -1;
}
FILE *document = fopen(argv[2], "r");
if (document == NULL)
{
cout << "File open error.." << endl;
return -1;
}
// Sign document
if ((string(argv[1]) == "-s"))
{
sign(argv[2]);
}
// // Validate signature
// if((string(argv[1]) == "-v")){
// validate(document);
// }
}
这些是我用来编译它的标志:
-Wall -Werror -Wextra -pedantic -lcrypto -std=c++11 -g
提前致谢。
我已经实现了 RSA_verify 功能,并且根据我的代码所做的标志,RSA_verify 有效并且 returns 它是有效的。我还添加了保存 public 键的代码。
我最好的猜测是我的代码并不完全代表命令。