编程实现实验二中的功能
目录
- 实验环境配置
- 具体实现过程
环境配置
-
添加相关属性
1
2 - 将OpenSSL安装目录下bin文件夹中的“libcrypto-1_1-x64.dll”和“libssl-1_1-x64.dll”\(名字后面的版本号可能因更新而不同)复制到新建的项目工程目录下。
实现过程
- rsa的密钥生成与保存
rsa.h文件
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define KEY_LENGTH 1024 // 密钥长度
#define PUB_KEY_FILE "pubkey.pem" // 公钥路径
#define PRI_KEY_FILE "prikey.pem" // 私钥路径
// 函数方法生成密钥对
void generateRSAKey(std::string strKey[2])
{
// 公私密钥对
size_t pri_len;
size_t pub_len;
char *pri_key = NULL;
char *pub_key = NULL;
// 生成密钥对
RSA *keypair = RSA_generate_key(KEY_LENGTH, RSA_F4, NULL, NULL);
BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());
PEM_write_bio_RSAPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(pub, keypair);
// 获取长度
pri_len = BIO_pending(pri);
pub_len = BIO_pending(pub);
// 密钥对读取到字符串
pri_key = (char *)malloc(pri_len + 1);
pub_key = (char *)malloc(pub_len + 1);
BIO_read(pri, pri_key, pri_len);
BIO_read(pub, pub_key, pub_len);
pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';
// 存储密钥对
strKey[0] = pub_key;
strKey[1] = pri_key;
// 存储到磁盘(这种方式存储的是begin rsa public key/ begin rsa private key开头的)
FILE *pubFile = fopen(PUB_KEY_FILE, "w");
if (pubFile == NULL)
{
//assert(false);
return;
}
fputs(pub_key, pubFile);
fclose(pubFile);
FILE *priFile = fopen(PRI_KEY_FILE, "w");
if (priFile == NULL)
{
//assert(false);
return;
}
fputs(pri_key, priFile);
fclose(priFile);
// 内存释放
RSA_free(keypair);
BIO_free_all(pub);
BIO_free_all(pri);
free(pri_key);
free(pub_key);
}
main函数
#include
#include "rsa.h"
using namespace std;
int main() {
string a[2];
generateRSAKey(a);
system("pause");
return 0;
}
- 证书请求文件和证书的生成
#include
#include
#include
#include
#include
#include
#include
bool MakeCsrSSL(const char * keyFilePath, const char *email, const char *name, const char *country, const char *saveCsrFilePath) {
int ret = 0;
RSA *r = NULL;
BIGNUM *bne = NULL;
int nVersion = 1;
int bits = 2048;
unsigned long e = RSA_F4;
X509 *crt = NULL;
X509_REQ *x509_req = NULL;
X509_NAME *x509_name = NULL;
EVP_PKEY *pKey = NULL;
RSA *tem = NULL;
BIO *out = NULL, *keyFileBIO = NULL;
FILE *pubKeyFile = NULL;
if (strlen(saveCsrFilePath) == 0) {
fprintf(stderr, "MakeLocalCsrSSLApi save path is empty\n");
return false;
}
//not exists public key file, create one immediately.
if (strlen(keyFilePath) == 0) {
// 1. generate rsa key
bne = BN_new();
ret = BN_set_word(bne, e);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi BN_set_word err\n");
goto free_all;
}
r = RSA_new();
ret = RSA_generate_key_ex(r, bits, bne, NULL);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi RSA_generate_key_ex err\n");
goto free_all;
}
} else { //open it
pubKeyFile = fopen(keyFilePath, "r");
if (pubKeyFile == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi opening file %s err\n", keyFilePath);
goto free_all;
}
keyFileBIO = BIO_new_file(keyFilePath, "r");
if (keyFileBIO == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi BIO_new_file err %s\n", keyFilePath);
goto free_all;
}
r = PEM_read_bio_RSAPrivateKey(keyFileBIO, NULL, NULL, NULL);
if (r == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi PEM_read_bio_RSAPrivateKey err\n");
goto free_all;
}
/*
//从csr文件中获取私钥
BIO* bio = bio_open_default(csrFilePath, "r", 1);
r = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
if (r == NULL) {
fprintf(stderr, "Error PEM_read_RSAPublicKey file %s\n", savePrivateKeyFilePath);
return false;
}*/
}
// 2. set version of x509 req
x509_req = X509_REQ_new();
ret = X509_REQ_set_version(x509_req, nVersion);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_version err\n");
goto free_all;
}
// 3. set subject of x509 req
x509_name = X509_REQ_get_subject_name(x509_req); //x509_req->req_info.subject;
ret = X509_NAME_add_entry_by_txt(x509_name, "emailAddress", MBSTRING_ASC, (const unsigned char*)email, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt emailAddress err\n");
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC, (const unsigned char*)name, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt CN err\n");
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC, (const unsigned char*)country, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt C err\n");
goto free_all;
}
// 4. set public key of x509 req
pKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pKey, r);
r = NULL; // will be free rsa when EVP_PKEY_free(pKey)
ret = X509_REQ_set_pubkey(x509_req, pKey);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_pubkey err\n");
goto free_all;
}
// 5. set sign key of x509 req
ret = X509_REQ_sign(x509_req, pKey, EVP_sha1()); // return x509_req->signature->length
if (ret <= 0) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_sign err\n");
goto free_all;
}
out = BIO_new_file(saveCsrFilePath, "w");
crt = X509_REQ_to_X509(x509_req, 1000, pKey);
ret = PEM_write_bio_X509_REQ(out, x509_req);
// 6. free
free_all:
BIO_free_all(keyFileBIO);
X509_REQ_free(x509_req);
BIO_free_all(out);
// r = NULL;
EVP_PKEY_free(pKey);
BN_free(bne);
if (pubKeyFile) fclose(pubKeyFile);
return (ret == 1);
}
而crt的生成,只需要对csr文件调用一个简单的x509转换函数就可以得到,即函数X509_REQ_to_X509
#include
#include
#include
#include
#include
#include
#include
bool MakeCsrSSL(const char * keyFilePath, const char *email, const char *name, const char *country, const char *saveCsrFilePath) {
int ret = 0;
RSA *r = NULL;
BIGNUM *bne = NULL;
int nVersion = 1;
int bits = 2048;
unsigned long e = RSA_F4;
X509 *crt = NULL;
X509_REQ *x509_req = NULL;
X509_NAME *x509_name = NULL;
EVP_PKEY *pKey = NULL;
RSA *tem = NULL;
BIO *out = NULL, *keyFileBIO = NULL;
FILE *pubKeyFile = NULL;
if (strlen(saveCsrFilePath) == 0) {
fprintf(stderr, "MakeLocalCsrSSLApi save path is empty\n");
return false;
}
//not exists public key file, create one immediately.
if (strlen(keyFilePath) == 0) {
// 1. generate rsa key
bne = BN_new();
ret = BN_set_word(bne, e);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi BN_set_word err\n");
goto free_all;
}
r = RSA_new();
ret = RSA_generate_key_ex(r, bits, bne, NULL);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi RSA_generate_key_ex err\n");
goto free_all;
}
} else { //open it
pubKeyFile = fopen(keyFilePath, "r");
if (pubKeyFile == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi opening file %s err\n", keyFilePath);
goto free_all;
}
keyFileBIO = BIO_new_file(keyFilePath, "r");
if (keyFileBIO == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi BIO_new_file err %s\n", keyFilePath);
goto free_all;
}
r = PEM_read_bio_RSAPrivateKey(keyFileBIO, NULL, NULL, NULL);
if (r == NULL) {
fprintf(stderr, "MakeLocalCsrSSLApi PEM_read_bio_RSAPrivateKey err\n");
goto free_all;
}
/*
//从csr文件中获取私钥
BIO* bio = bio_open_default(csrFilePath, "r", 1);
r = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
if (r == NULL) {
fprintf(stderr, "Error PEM_read_RSAPublicKey file %s\n", savePrivateKeyFilePath);
return false;
}*/
}
// 2. set version of x509 req
x509_req = X509_REQ_new();
ret = X509_REQ_set_version(x509_req, nVersion);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_version err\n");
goto free_all;
}
// 3. set subject of x509 req
x509_name = X509_REQ_get_subject_name(x509_req); //x509_req->req_info.subject;
ret = X509_NAME_add_entry_by_txt(x509_name, "emailAddress", MBSTRING_ASC, (const unsigned char*)email, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt emailAddress err\n");
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC, (const unsigned char*)name, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt CN err\n");
goto free_all;
}
ret = X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC, (const unsigned char*)country, -1, -1, 0);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt C err\n");
goto free_all;
}
// 4. set public key of x509 req
pKey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pKey, r);
r = NULL; // will be free rsa when EVP_PKEY_free(pKey)
ret = X509_REQ_set_pubkey(x509_req, pKey);
if (ret != 1) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_pubkey err\n");
goto free_all;
}
// 5. set sign key of x509 req
ret = X509_REQ_sign(x509_req, pKey, EVP_sha1()); // return x509_req->signature->length
if (ret <= 0) {
fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_sign err\n");
goto free_all;
}
out = BIO_new_file(saveCsrFilePath, "w");
crt = X509_REQ_to_X509(x509_req, 1000, pKey);
ret = PEM_write_bio_X509_REQ(out, x509_req);
// 6. free
free_all:
BIO_free_all(keyFileBIO);
X509_REQ_free(x509_req);
BIO_free_all(out);
// r = NULL;
EVP_PKEY_free(pKey);
BN_free(bne);
if (pubKeyFile) fclose(pubKeyFile);
return (ret == 1);
}