openssl3.2 - 官方demo学习 - smime - smver.c

文章目录

    • openssl3.2 - 官方demo学习 - smime - smver.c
    • 概述
    • 笔记
    • END

openssl3.2 - 官方demo学习 - smime - smver.c

概述

对于签名文件(不管是单独签名, 还是联合签名), 都要用顶层证书进行验签(靠近根CA的证书)

读证书文件, 得到x509*, 添加到证书容器
读取签名密文, 得到pkcs7*和密文的bio
进行pkcs7验签, 并将验签得到的签名的明文写到文件.

笔记

/*!
\file smver.c
\note
openssl3.2 - 官方demo学习 - smime - smver.c
对于签名文件(不管是单独签名, 还是联合签名), 都要用顶层证书进行验签(靠近根CA的证书)

读证书文件, 得到x509*, 添加到证书容器
读取签名密文, 得到pkcs7*和密文的bio
进行pkcs7验签, 并将验签得到的签名的明文写到文件.
*/

/*
 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Simple S/MIME verification example */
#include 
#include 
#include 

#include "my_openSSL_lib.h"

int main(int argc, char **argv)
{
    BIO *_bio_in = NULL, *_bio_out = NULL, *_bio_t = NULL, *_bio_c = NULL;
    X509_STORE *_x509_store = NULL;
    X509 *_x509 = NULL;
    PKCS7 *_pkcs7 = NULL;
    int ret = EXIT_FAILURE;

    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    /* Set up trusted CA certificate store */

    _x509_store = X509_STORE_new();
    if (_x509_store == NULL)
        goto err;

    /* Read in signer certificate and private key */
    _bio_t = BIO_new_file("cacert.pem", "r");

    if (_bio_t == NULL)
        goto err;

    _x509 = PEM_read_bio_X509(_bio_t, NULL, 0, NULL);

    if (_x509 == NULL)
        goto err;

    if (!X509_STORE_add_cert(_x509_store, _x509))
        goto err;

    /* Open content being signed */

    _bio_in = BIO_new_file("smout.txt", "r");

    if (_bio_in == NULL)
        goto err;

    /* Sign content */
    _pkcs7 = SMIME_read_PKCS7(_bio_in, &_bio_c);

    if (_pkcs7 == NULL)
        goto err;

    /* File to output verified content to */
    _bio_out = BIO_new_file("smver.txt", "w");
    if (_bio_out == NULL)
        goto err;

    if (!PKCS7_verify(_pkcs7, NULL, _x509_store, _bio_c, _bio_out, 0)) {
        fprintf(stderr, "Verification Failure\n");
        goto err;
    }

    fprintf(stderr, "Verification Successful\n");

    ret = EXIT_SUCCESS;

 err:
    if (ret != EXIT_SUCCESS) {
        fprintf(stderr, "Error Verifying Data\n");
        ERR_print_errors_fp(stderr);
    }

    X509_STORE_free(_x509_store);
    PKCS7_free(_pkcs7);
    X509_free(_x509);
    BIO_free(_bio_in);
    BIO_free(_bio_out);
    BIO_free(_bio_t);
    return ret;
}

END

你可能感兴趣的:(openSSL,openSSL)