我正在使用M2Crypto(0.22.6rc4)。我想使用OpenSC项目中的engine_pkcs11和Aladdin PKI客户端进行基于令牌的身份验证来加密和解密数据。
from M2Crypto import Engine, m2, RSA, BIO
slot_id = "slot_01"
pin = "password"
dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/lib/ssl/engines/libpkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so")
pkcs11.init()
r = pkcs11.ctrl_cmd_string("PIN", pin)
pubkey = pkcs11.load_public_key(slot_id, pin)
priv = pkcs11.load_private_key(slot_id, pin)
enc = pubkey.get_rsa().public_encrypt("teste", RSA.pkcs1_oaep_padding)
dec = priv.get_rsa().private_decrypt(enc, RSA.pkcs1_oaep_padding)
print dec
出于某种原因,我可以加密数据,但是当我尝试解密时,我得到一个RSA_pub的实例,并出现此错误:
File "pkcs11.py", line 14, in <module>
dec = priv.get_rsa().private_decrypt(enc, RSA.pkcs1_oaep_padding)
File "/usr/lib/python2.7/dist-packages/M2Crypto/RSA.py", line 279, in private_decrypt
raise RSAError, 'RSA_pub object has no private key'
M2Crypto.RSA.RSAError: RSA_pub object has no private key
任何帮助将不胜感激!
答案 0 :(得分:0)
RSC私钥的M2Crypto包装中存在错误。解决方法是使用低级M2Crypto API直接访问私钥对象。
def decrypt(cipher_text):
# Load the key using high level API
engine = Engine.Engine('pkcs11')
engine.init()
key_slot = 'slot_1-id_01'
privKey = engine.load_private_key(key_slot)
# Get a pointer to the low level API object
rsa_ptr = m2.pkey_get1_rsa(privKey.pkey)
rsaWrapper = RSA.RSA(rsa_ptr, 1)
# Decrypt with low level API
results = m2.rsa_private_decrypt(rsaWrapper.rsa, ciphertext, 1)