openssl解密签名&加密的消息

时间:2013-08-26 15:58:08

标签: c openssl

我正在尝试一个小的示例程序来解密已经签名然后使用openSSL加密的消息。它在命令行中运行良好。但是,在修改OpenSSL的'demos'文件夹中的代码后尝试代码时,解密失败

这是解密代码:

   int decrypt_smime(){

        BIO *in = NULL, *out = NULL, *tbio = NULL;
        X509 *rcert = NULL;
        EVP_PKEY *rkey = NULL;
        //PKCS7 *cms = NULL;
        CMS_ContentInfo *cms = NULL;
        int ret = 1;
        int flags = CMS_STREAM;
        OpenSSL_add_all_algorithms();
        ERR_load_crypto_strings();
        printf("decrypt...\n");
        /* Read in recipient certificate and private key */
        tbio = BIO_new_file("signer.pem", "r");

        if (!tbio)
            goto err;

        rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);

        BIO_reset(tbio);

        rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);

        if (!rcert || !rkey)
            goto err;
        printf("decrypt...\n");
        /* Open S/MIME message to decrypt */

        in = BIO_new_file("smencsign.txt", "r");

        if (!in)
            goto err;
        printf("keys read...\n");
        /* Parse message */
        cms = SMIME_read_CMS(in, NULL); //here is the problem I think

        if (!cms)
            goto err;
        printf("keys read...\n");
        out = BIO_new_file("decout.txt", "w");
        if (!out)
            goto err;

        /* Decrypt S/MIME message */
        if (!CMS_decrypt(cms, rkey, rcert, NULL, out, flags))
            goto err;

        ret = 0;

        err:

        if (ret)
        {
            fprintf(stderr, "Error Decrypting Data\n");
            ERR_print_errors_fp(stderr);
        }

        if (cms)
            //PKCS7_free(cms);
            CMS_ContentInfo_free(cms);
        if (rcert)
            X509_free(rcert);
        if (rkey)
            EVP_PKEY_free(rkey);

        if (in)
            BIO_free(in);
        if (out)
            BIO_free(out);
        if (tbio)
            BIO_free(tbio);

        return ret;

    }

我得到的错误是: 验证数据时出错 * 3074258568:错误:0D0D40D1:asn1编码例程:SMIME_read_ASN1:无内容类型:asn_mime.c:451:*

The commands on openssl that worked:

openssl cms -sign -in encr.txt -signer signer.pem -text | openssl cms -encrypt -out smencsign.txt signer.pem 

openssl smime -decrypt -in smencsign.txt -recip signer.pem -inkey signer.pem

很明显openssl使用'cms'实用程序进行签名和加密,但似乎使用'smime'实用程序进行解密。那等价的代码是什么?

1 个答案:

答案 0 :(得分:0)

尝试添加以下行:

OpenSSL_add_all_ciphers();