我编写了一个简单的程序来加载openssl生成的公钥,以解密由公钥的私钥加密的字符串。但我不知道为什么我会失败
b = CryptDecrypt(hKey,NULL,FALSE,0,pbEncrypt,&cbEncrypt);
我收到错误“8009000D NTE_NO_KEY 钥匙不存在。“。有人可以向我解释这个吗?
void DecodeString()
{
CHAR* publicKey =
"-----BEGIN PUBLIC KEY-----"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+yyzdZaqcE7qOOZ8pyN"
"o1n3PS2U/ewT2gGSQeixP+VixQGrxnssT3zlbeUND8CVX+tZGwkcIZZD09Rkx9vh"
"z7vLUFD7dngupo/aL6pfehb95citD31DUswc9BTJjQySpSSG6zWDSBJMELDYaCa4"
"MIU7odoCg2EbQBwRWX7upWiR+shyxnPYklY8ZUpVCtIdHXmPO5eMaI1elftqNw1N"
"n/Id4pFFif11Lmny3s3ADfItuyMfTwU6jwgsPaoqrX5FCnurlAVl/mcfpMVpsPju"
"XWw2IlvZP5SkTW4G6V+Bt+xDI6SW3dvMi6gJngHLUKekbhZxcFWuv3hus8ojpo+I"
"mwIDAQAB"
"-----END PUBLIC KEY-----";
BYTE* derPubKey;
DWORD derPubKeyLen;
BOOL b = CryptStringToBinaryA(publicKey, 0, CRYPT_STRING_BASE64HEADER, NULL, &derPubKeyLen, NULL, NULL);
DWORD error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
derPubKey = new BYTE[derPubKeyLen];
b = CryptStringToBinaryA(publicKey, 0, CRYPT_STRING_BASE64HEADER, derPubKey, &derPubKeyLen, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
CERT_PUBLIC_KEY_INFO *publicKeyInfo;
DWORD publicKeyInfoLen;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
b = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, derPubKey, derPubKeyLen, CRYPT_ENCODE_ALLOC_FLAG, NULL, &publicKeyInfo, &publicKeyInfoLen);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
b = CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
b = CryptImportPublicKeyInfo(hProv, X509_ASN_ENCODING, publicKeyInfo, &hKey);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
//same test decrypt
CHAR* sameTest = "nJZ6MN6MIrpbLQiRvfLFIHHzneQBe2rucaKSykXeHgf8Zth5FNPZPdiPhWcHq0/K"
"KgRHv2ON+gPyFbjsdDl2cixPgNGXs1FfI/RvkH+Icn+6rYq5uPBM5oQVriyiWI9/"
"QiC56LP0ooouqLg9e2U5zJmC/ftCODkFyL748Fx3godXzDl1mNB7bx/Ua6Z93KeB"
"OgNvYZH3tcZZYlgoX4GVf4ocO0aZ8pQjEB8p9hMWfIDRCIckDAncy21tHDmWDqZ4"
"H7CZjbdNyaiWe5Cr6+CYs25+r3AdIlXOKWuphgbckKDHh4r7nMX0AX+iHXGjCgkM"
"iwi4yz7wF+Ow/CcGHkAMTQ==";
BYTE* pbEncrypt = 0;
DWORD cbEncrypt = 0;
b = CryptStringToBinaryA(sameTest, 0, CRYPT_STRING_BASE64, NULL, &cbEncrypt, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
pbEncrypt = new BYTE[cbEncrypt];
printf("%s\n",(CHAR*)pbEncrypt);
b = CryptStringToBinaryA(sameTest, 0, CRYPT_STRING_BASE64, pbEncrypt, &cbEncrypt, NULL, NULL);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
printf("%s\n",(CHAR*)pbEncrypt);
b = CryptDecrypt(hKey,NULL,FALSE,0,pbEncrypt,&cbEncrypt);
error = GetLastError();
_ASSERT(error == 0);
_ASSERT(b == TRUE);
printf("%s\n",(CHAR*)pbEncrypt);
}
答案 0 :(得分:3)
您无法使用公钥解密使用私钥加密的内容。公钥仅用于加密,而私钥只能用于解密。
来自Wikipedia:
[...]公钥加密中使用的区别技术是 使用非对称密钥算法,其中密钥用于加密 消息与用于解密它的密钥不同。每个用户都有一个 加密密钥对 - 公共加密密钥和私有密钥 解密密钥。公开的加密密钥是广泛的 分布式,而私有解密密钥只有 接受者。邮件使用收件人的公钥加密,并且 只能使用相应的私钥解密。[...]