我在C中编写一个例程,用一个公钥读取base64字符串并继续加密字符串。我也测试相同的字符串的解密,但我在尝试解码时收到错误0x0407106B:
$ openssl errstr 0x0407106B
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
这是代码
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
//#define PADDING RSA_PKCS1_OAEP_PADDING
#define PADDING RSA_PKCS1_PADDING
//#define PADDING RSA_NO_PADDING
main() {
// public key
char *b64_pKey = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp2w+8HUdECo8V5yuKYrWJmUbL\ntD6nSyVifN543axXvNSFzQfWNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6\nhsZA81AblAOOXKaUaxvFC+ZKRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68Epn\naOLepTZw+GLTnusQgwIDAQAB\n-----END PUBLIC KEY-----\n";
// private key
char *b64priv_key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCp2w+8HUdECo8V5yuKYrWJmUbLtD6nSyVifN543axXvNSFzQfW\nNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6hsZA81AblAOOXKaUaxvFC+ZK\nRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68EpnaOLepTZw+GLTnusQgwIDAQAB\nAoGBAKDuq3PikblH/9YS11AgwjwC++7ZcltzeZJdGTSPY1El2n6Dip9ML0hUjeSM\nROIWtac/nsNcJCnvOnUjK/c3NIAaGJcfRPiH/S0Ga6ROiDfFj2UXAmk/v4wRRUzr\n5lsA0jgEt5qcq2Xr/JPQVGB4wUgL/yQK0dDhW0EdrJ707e3BAkEA1aIHbmcVfCP8\nY/uWuK0lvWxrIWfR5MlHhI8tD9lvkot2kyXiV+jB6/gktwk1QaFsy7dCXn7w03+k\nxrjEGGN+kQJBAMuKf55lDtU9K2Js3YSStTZAXP+Hz7XpoLxmbWFyGvBx806WjgAD\n624irwS+0tBxkERbRcisfb2cXmAx8earT9MCQDZuVCpjBWxd1t66qYpgQ29iAmG+\njBIY3qn9uOOC6RSTiCCx1FvFqDMxRFmGdRVFxeyZwsVE3qNksF0Zko0MPKECQCEe\noDV97DP2iCCz5je0R5hUUM2jo8DOC0GcyR+aGZgWcqjPBrwp5x08t43mHxeb4wW8\ndFZ6+trnntO4TMxkA9ECQB+yCPgO1zisJWYuD46KISoesYhwHe5C1BQElQgi9bio\nU39fFo88w1pok23a2CZBEXguSvCvexeB68OggdDXvy0=\n-----END RSA PRIVATE KEY-----\n";
// String to encrypt
char *str = "1234";
ERR_load_crypto_strings();
BIO *bpo = BIO_new_mem_buf(b64_pKey, -1);
RSA *pubKey = PEM_read_bio_RSA_PUBKEY(bpo, NULL, NULL, NULL);
if ( !pubKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
int rsa_length = RSA_size(pubKey);
BIO *b64 = NULL;
BIO *bmem = NULL;
BUF_MEM *bptr = NULL;
unsigned char encrypted[2560] = { 0 };
unsigned char retencrypted[2560] = { 0 };
int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);
if ( resultEncrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
/*
* Show base 64 encrypted string
*/
b64 = BIO_new((BIO_METHOD *)BIO_f_base64());
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_write(b64, encrypted, resultEncrypt);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bptr);
memcpy(retencrypted, bptr->data, bptr->length);
BIO_free(b64);
BIO_free(bpo);
RSA_free(pubKey);
printf("Encrypted string:%s\n",retencrypted);
/*
* Now decrypt this very string with the private key
*/
BIO *bpop = BIO_new_mem_buf(b64priv_key, -1);
RSA *privKey = PEM_read_bio_RSAPrivateKey(bpop, NULL, NULL, NULL);
if ( !privKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
rsa_length = RSA_size(privKey);
unsigned char decrypted[2560] = { 0 };
int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);
if ( resultDecrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
printf("resultDecrypt=%d\ndecrypted string: %s\n",resultDecrypt,decrypted);
BIO_free(bpop);
RSA_free(privKey);
ERR_free_strings();
}
注意:我使用
导出了私钥openssl rsa -in rsa_privatekey.pem -check
和公钥:
openssl rsa -in rsa_privatekey.pem -pubout
为什么我收到错误?
答案 0 :(得分:3)
问题是您正在尝试解密base64编码的结果。 您应该尝试解密加密结果。
即代替:
int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);
你应该致电:
int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), encrypted, decrypted, privKey, PADDING);
此外,加密调用中存在问题:
int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);
为什么要将PADDING传递为flen?这应该是字符串的长度(即4或5,具体取决于您是否要加密空字符)。
如果要将加密的字符串写为ASCII(使用base64编码),那很好。但是你必须先解码它才能解密它。
答案 1 :(得分:1)
您收到的错误是block type is not 02。
虽然Omri表示您传递了错误的数据是正确的,并且您只需加密1个字节,但错误是因为sizeof( encrypted )太大(2560)。换句话说,RSA_public_encrypt的数据接收器必须是常规unsigned char*指针,不 unsigned char[2560]。
你在哪里
unsigned char encrypted[2560] = { 0 }; //X 2560?? RSA_public_encrypt fails.
您应该使用
unsigned char *encrypted = (unsigned char*)malloc( rsa_length ) ;
RSA_public_encrypt( DATALEN, (const unsigned char*)str, encrypted, pubKey, PADDING ) ;
请注意Omri指出的错误,您使用PADDING作为RSA_public_encrypt的第一个arg,而它应该是DATALEN数据长度。
如果你修复了这个问题,你将在以后使用私钥解密时收到类似的错误。修复它,你就在路上。