非对称加密,也被称为公钥加密,其中使用一对相关的密钥:一个公钥和一个私钥。公钥用于加密数据,私钥用于解密数据。公钥可以公开分享,而私钥必须保密。
密钥生成:
加密过程:
解密过程:
安全性:
数字签名:
主要算法:
性能问题:
公钥基础设施(PKI):
总结:非对称加密使用一对密钥来确保数据的安全性和完整性。公钥用于加密,而私钥用于解密或签名。
#include
#include
#include
/* compile : gcc createRSA_KeyPair.c -I./include -L./lib -lcrypto -Wl,-rpath=./lib */
int main() {
int ret = 0;
RSA *r = NULL;
BIGNUM *bne = NULL;
int bits = 2048;
unsigned long e = RSA_F4;
// 1. 生成 RSA 密钥对
bne = BN_new();
ret = BN_set_word(bne, e);
if(ret != 1) {
goto free_all;
}
r = RSA_new();
ret = RSA_generate_key_ex(r, bits, bne, NULL);
if(ret != 1) {
goto free_all;
}
// 2. 保存私钥到 PEM 文件
FILE *fp = fopen("private_key.pem", "wb");
if(fp == NULL) {
perror("Unable to open private key file for writing");
goto free_all;
}
PEM_write_RSAPrivateKey(fp, r, NULL, NULL, 0, NULL, NULL);
fclose(fp);
// 3. 保存公钥到 PEM 文件
fp = fopen("public_key.pem", "wb");
if(fp == NULL) {
perror("Unable to open public key file for writing");
goto free_all;
}
PEM_write_RSA_PUBKEY(fp, r);
fclose(fp);
free_all:
RSA_free(r);
BN_free(bne);
return 0;
}
#include
#include
#include
/* compile : gcc keyFromFile.c -I./include -L./lib -lcrypto -Wl,-rpath=./lib */
int main() {
// 加载公钥
FILE* pubKeyFile = fopen("public_key.pem", "rb");
RSA* rsaPublicKey = PEM_read_RSA_PUBKEY(pubKeyFile, NULL, NULL, NULL);
fclose(pubKeyFile);
// 加载私钥
FILE* privKeyFile = fopen("private_key.pem", "rb");
RSA* rsaPrivateKey = PEM_read_RSAPrivateKey(privKeyFile, NULL, NULL, NULL);
fclose(privKeyFile);
const char* plainText = "Hello, OpenSSL!";
char encrypted[4098] = {};
char decrypted[4098] = {};
// 使用公钥加密
int encryptedLength = RSA_public_encrypt(strlen(plainText), (unsigned char*)plainText,
(unsigned char*)encrypted, rsaPublicKey, RSA_PKCS1_OAEP_PADDING);
if (encryptedLength == -1) {
printf("Public Encrypt failed \n");
return 0;
}
// 使用私钥解密
int decryptedLength = RSA_private_decrypt(encryptedLength, (unsigned char*)encrypted,
(unsigned char*)decrypted, rsaPrivateKey, RSA_PKCS1_OAEP_PADDING);
if (decryptedLength == -1) {
printf("Private Decrypt failed \n");
return 0;
}
decrypted[decryptedLength] = '\0';
printf("Original: %s\n", plainText);
printf("Decrypted: %s\n", decrypted);
RSA_free(rsaPublicKey);
RSA_free(rsaPrivateKey);
return 0;
}
#include
#include
#include
#include
/* compile : gcc RSA.c -I./include -L./lib -lcrypto -Wl,-rpath=./lib */
int main() {
// 1. create key
int ret = 0;
RSA *rsa = NULL;
BIGNUM *bne = NULL;
int bits = 2048;
unsigned long e = RSA_F4;
bne = BN_new();
ret = BN_set_word(bne, e);
if(ret != 1) {
goto free_all;
}
rsa = RSA_new();
ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
if(ret != 1) {
goto free_all;
}
// 2. encrypto
const char* plainText = "Hello, OpenSSL!";
char encrypted[4098] = {};
int encryptedLength = RSA_public_encrypt(strlen(plainText) + 1, (unsigned char*)plainText,
(unsigned char*)encrypted, rsa, RSA_PKCS1_OAEP_PADDING);
if(encryptedLength == -1) {
printf("Public Encrypt failed \n");
goto free_all;
}
// 3. decrypto
char decrypted[4098] = {};
int decryptedLength = RSA_private_decrypt(encryptedLength, (unsigned char*)encrypted,
(unsigned char*)decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
if(decryptedLength == -1) {
printf("Private Decrypt failed \n");
goto free_all;
}
decrypted[decryptedLength] = '\0';
printf("Original: %s\n", plainText);
printf("Decrypted: %s\n", decrypted);
free_all:
RSA_free(rsa);
BN_free(bne);
return 0;
}
#include
#include
#include
extern "C"{
#include
#include
}
class RSAWrapper {
public:
RSAWrapper() {
rsa = RSA_new();
bne = BN_new();
BN_set_word(bne, RSA_F4);
RSA_generate_key_ex(rsa, 2048, bne, nullptr);
}
~RSAWrapper() {
RSA_free(rsa);
BN_free(bne);
}
std::vector<unsigned char> encrypt(const std::string &plainText) {
std::vector<unsigned char> encrypted(RSA_size(rsa));
int encryptLength = RSA_public_encrypt(plainText.size(),
reinterpret_cast<const unsigned char*>(plainText.c_str()),
encrypted.data(),
rsa,
RSA_PKCS1_OAEP_PADDING);
if (encryptLength == -1) {
throw std::runtime_error("Error during encryption");
}
return encrypted;
}
std::string decrypt(const std::vector<unsigned char> &cipherText) {
std::vector<unsigned char> decrypted(RSA_size(rsa));
int decryptLength = RSA_private_decrypt(cipherText.size(),
cipherText.data(),
decrypted.data(),
rsa,
RSA_PKCS1_OAEP_PADDING);
if (decryptLength == -1) {
throw std::runtime_error("Error during decryption");
}
return std::string(reinterpret_cast<char*>(decrypted.data()));
}
private:
RSA *rsa;
BIGNUM *bne;
};
/* compile : g++ -std=c++11 RSA.cpp -I./include -L./lib -lcrypto -Wl,-rpath=./lib */
int main() {
try {
RSAWrapper rsaWrapper;
std::string plainText = "Hello, OpenSSL C++!";
auto encrypted = rsaWrapper.encrypt(plainText);
auto decrypted = rsaWrapper.decrypt(encrypted);
std::cout << "Original Text: " << plainText << std::endl;
std::cout << "Decrypted Text: " << decrypted << std::endl;
} catch (const std::exception &e) {
std::cerr << "Error: " << e.what() << std::endl;
}
return 0;
}