使用 rsa-pss 算法对数据进行签名
Use rsa-pss algorithm to sign data
我想使用 RSA-PSS 算法通过 rust openssl crate 对数据进行签名和验证。但是我运行遇到了一些问题。
这是我的代码:
use openssl::sign::{Signer, Verifier, RsaPssSaltlen};
use openssl::rsa::Rsa;
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
// Generate a keypair
let keypair = Rsa::generate(2048).unwrap();
let keypair = PKey::from_rsa(keypair).unwrap();
let data = b"hello, world!";
// Sign the data
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
// set the salt length to the digest length
let digest_len = RsaPssSaltlen::DIGEST_LENGTH;
signer.set_rsa_pss_saltlen(digest_len).unwrap(); // panic here
signer.update(data).unwrap();
let signature = signer.sign_to_vec().unwrap();
我将加盐长度设置为摘要长度,但代码会抛出这样的错误:
[Error { code: 67694738, library: "rsa routines", function: "pkey_rsa_ctrl", reason: "invalid pss saltlen", file: "crypto/rsa/rsa_pmeth.c", line: 438 }, Error { code: 101224595, library: "digital envelope routines", function: "EVP_PKEY_CTX_ctrl", reason: "command not supported", file: "crypto/evp/pmeth_lib.c", line: 396 }])
所以 pss saltlen 是无效的,我不知道如何正确地做。
我也试过自己设置saltlen:
let digest_len = RsaPssSaltlen::custom(32 as c_int);
抛出
[Error { code: 67694738, library: "rsa routines", function: "pkey_rsa_ctrl", reason: "invalid pss saltlen", file: "crypto/rsa/rsa_pmeth.c", line: 438 }, Error { code: 101224595, library: "digital envelope routines", function: "EVP_PKEY_CTX_ctrl", reason: "command not supported", file: "crypto/evp/pmeth_lib.c", line: 396 }]
还有一个无效的 pss saltlen。
有什么帮助吗?谢谢!
下面是一个使用RSA-PSS算法的例子:link.
基本上,您需要先设置rsa_padding。
let key = include_bytes!("../test/rsa.pem");
let private_key = Rsa::private_key_from_pem(key).unwrap();
let pkey = PKey::from_rsa(private_key).unwrap();
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
signer.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
assert_eq!(signer.rsa_padding().unwrap(), Padding::PKCS1_PSS);
signer
.set_rsa_pss_saltlen(RsaPssSaltlen::DIGEST_LENGTH)
.unwrap();
signer.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
signer.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
let signature = signer.sign_to_vec().unwrap();
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
verifier.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
verifier
.set_rsa_pss_saltlen(RsaPssSaltlen::DIGEST_LENGTH)
.unwrap();
verifier.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
verifier.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
assert!(verifier.verify(&signature).unwrap());
我想使用 RSA-PSS 算法通过 rust openssl crate 对数据进行签名和验证。但是我运行遇到了一些问题。
这是我的代码:
use openssl::sign::{Signer, Verifier, RsaPssSaltlen};
use openssl::rsa::Rsa;
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
// Generate a keypair
let keypair = Rsa::generate(2048).unwrap();
let keypair = PKey::from_rsa(keypair).unwrap();
let data = b"hello, world!";
// Sign the data
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
// set the salt length to the digest length
let digest_len = RsaPssSaltlen::DIGEST_LENGTH;
signer.set_rsa_pss_saltlen(digest_len).unwrap(); // panic here
signer.update(data).unwrap();
let signature = signer.sign_to_vec().unwrap();
我将加盐长度设置为摘要长度,但代码会抛出这样的错误:
[Error { code: 67694738, library: "rsa routines", function: "pkey_rsa_ctrl", reason: "invalid pss saltlen", file: "crypto/rsa/rsa_pmeth.c", line: 438 }, Error { code: 101224595, library: "digital envelope routines", function: "EVP_PKEY_CTX_ctrl", reason: "command not supported", file: "crypto/evp/pmeth_lib.c", line: 396 }])
所以 pss saltlen 是无效的,我不知道如何正确地做。
我也试过自己设置saltlen:
let digest_len = RsaPssSaltlen::custom(32 as c_int);
抛出
[Error { code: 67694738, library: "rsa routines", function: "pkey_rsa_ctrl", reason: "invalid pss saltlen", file: "crypto/rsa/rsa_pmeth.c", line: 438 }, Error { code: 101224595, library: "digital envelope routines", function: "EVP_PKEY_CTX_ctrl", reason: "command not supported", file: "crypto/evp/pmeth_lib.c", line: 396 }]
还有一个无效的 pss saltlen。
有什么帮助吗?谢谢!
下面是一个使用RSA-PSS算法的例子:link.
基本上,您需要先设置rsa_padding。
let key = include_bytes!("../test/rsa.pem");
let private_key = Rsa::private_key_from_pem(key).unwrap();
let pkey = PKey::from_rsa(private_key).unwrap();
let mut signer = Signer::new(MessageDigest::sha256(), &pkey).unwrap();
signer.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
assert_eq!(signer.rsa_padding().unwrap(), Padding::PKCS1_PSS);
signer
.set_rsa_pss_saltlen(RsaPssSaltlen::DIGEST_LENGTH)
.unwrap();
signer.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
signer.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
let signature = signer.sign_to_vec().unwrap();
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey).unwrap();
verifier.set_rsa_padding(Padding::PKCS1_PSS).unwrap();
verifier
.set_rsa_pss_saltlen(RsaPssSaltlen::DIGEST_LENGTH)
.unwrap();
verifier.set_rsa_mgf1_md(MessageDigest::sha256()).unwrap();
verifier.update(&Vec::from_hex(INPUT).unwrap()).unwrap();
assert!(verifier.verify(&signature).unwrap());