cryptlib cryptSignCert失败

时间:2017-02-26 11:54:13

标签: c++ public-key-encryption ca cryptlib

我实际上是编程和端到端加密日历。为此我使用cryptlib。我或多或少地复制了manual中的代码。但总是,当我尝试生成根ca.它在cryptSignCert()时失败,错误代码为-2。 (根据手册,这意味着第二个参数存在问题)
这是一个重现问题的小代码。 

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/*Generating a root ca*/
auto genRootCA(const char* commonName,const char* keyLabel,const char* country) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );
    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //This is, what is actually not working
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Save data to disk....(cut out)
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

提前致谢, 大卫。

1 个答案:

答案 0 :(得分:1)

我终于找到了解决问题的方法。我忘了将公钥添加到证书中。这是一个工作示例代码:

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/* generating the root ca */
auto genRootCA(const char* commonName,const char* keyLabel, const char* country,const char* path, const char* password) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );

    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );

    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);

    /* Add the public key */
    status = cryptSetAttribute( cryptCertificate,
    CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptContext );

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //Works now
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Saving data to disk (cut out)

    return CRYPT_OK;
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE","key.pem","abc");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

我希望这有助于其他有同样问题的人。

相关问题
最新问题