openssl ---RSA秘钥生成笔记
openssl 提供了丰富的RSA 非对称秘钥生成,加密解密相关API与命令行。以下主要介绍到RSA private key与public key的生成。
RSA基础请看:http://www.qmailer.net/archives/216.html
#include <stdio.h>
#include <stdlib.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
/*************************************************************************************
* RSA密钥生成函数
* 1.PEM_write_RSA_PUBKEY() //生成----BEGIN RSA PRIVATE KEY----格式的公钥pem文件
* PEM_write_RSAPublicKey() //生成----BEGIN PUBLIC KEY----格式的公钥pem文件
*
* 2.----BEGIN PUBLIC KEY----格式的公钥pem文件才可以用
**************************************************************************************/
int main()
{
FILE *Private_key_file;
FILE *Public_key_file;
Private_key_file = fopen("./prikey.pem", "w+");
Public_key_file = fopen("./pubkey.pem", "w+");
RSA *rsa = RSA_generate_key(2048, 65537, NULL, NULL);
PEM_write_RSAPrivateKey(Private_key_file, rsa, NULL, NULL, 0, NULL, NULL);
PEM_write_RSA_PUBKEY(Public_key_file,rsa);
RSA_free(rsa);
fclose(Private_key_file);
fclose(Public_key_file);
return 0;
用PEM_write_RSAPrivateKey()生成的2048位private key以.pem文件(base64编码文件)存放并且文件的开头为-----BEGIN RSA PRIVATE KEY-----。
keyu0915@keyu0915:~/CAR/ASE$ vi RSA_genkey.c keyu0915@keyu0915:~/CAR/ASE$ gcc RSA_genkey.c -o RSA_genkey -lcrypto keyu0915@keyu0915:~/CAR/ASE$ ./RSA_genkey keyu0915@keyu0915:~/CAR/ASE$ cat prikey.pem -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAtGSju9+6EiaIHUzk0rNmeu97pePYcV+JTvRsa+L+WxloEUeX cs2bo5gXo04hy3L8Xo1yL+hxHx5drMYymbrEpig3VFd/wv7/J0PYKvmzjaw6mqwP aNjIsNSAqZRpBtXxK5OY5e4/Sf0v3wYSV3T/2UVS3LBCj6MByfoGyLmBHz2iPgqQ oulkBTe0MaE/3ApS8GaSW4ySwkg1UNdpRoYsMtZhDsADBuPQ6178UVl6+7uX9nc2 6mAQ21NlInGgM4b2NShysCk5AakVUyGhrIJgxiq9qJPS4Obx49ohuA9YrkGFNk/x MhedDi29dacpZXLM2AIykEFAbIn/7cSSg+TiHwIDAQABAoIBAHdzsOxmYKtGMpnc YiWXwEOls2YNMzUXwy+yMN1cCXw/nabbllDiD67LttNfmIdFFBJ0bWmF7OpjTDpt X/JmN3Oja8gAzMxN2J2iklEa2if1JTVovCd8baCShsRETyvEnZdyfCu9kNEow/tV 5O1ev1CbVBxo5xqAIV4inz1pgTQymcC0TXgNBcAfJsit9Qsh0viHslC1IaD6urR0 eK6/LUaeX/tJpteHhQzzIzRCZV9c5g82c2azIue6vr4c0b6AOBGUiWFBMSuIVqJA ZWFmJpMQAIgOetOvJgERfFTuLGbhmbSsfSAhtR2zquQj/1iRskIP4BxuNMMiVuOC etMpxaECgYEA5PcE35Tewf4PM2YWAkpV3CBDzV10qkT6PYfCPF0JtjAwb/sG8BON IyIidgDfq1nC8SbxU3TqO2r7oACCk+pdM9HXqlfQhglnQFGUVt4n/Qn3uSrJlwJF LqQ1Ia8piz1QR8+1vw3Q8ELKPhKjQhhe2pv6iv/lDykfVfwa/WAt/vECgYEAybFt s8QtS/jdjnnWiYxO4Fs2lE+4sickK1YCZ2fPCQ/861bbI9+v0k3edruRr8SAqbZZ TlMeb6VjkjsPcL0IMMWN6hg7hR/IlR891aKLNcfOH32o/lkGZuLkKh8xaIm8Zhi3 YqtY168TGikfdHqnTg3jDlQ6v+3kWUsc8qWmEg8CgYEA4BLi4RAnJIDHTYzlkx4+ gqvMzwlb6FqS726R51NB8tucO6rWclMf97crNILMYjv5LNnoqL0tkjKzyDVXlPxy dAkz35ALEXHYazirTIwjZF7B4aP/H1roa6nmGW374TmC/JRJEI2r4cXreO3yefex tI2blzaxa7HZ6eNMYpUiznECgYEAr7ZiszUanVA/fOuKSySwZucwIn9dkd9ltFdn Gr0mcme6WTC/E37Bxz7Nq7T3VCCmUrQpE4J4Rp3YpEHNztLwesTxQNtBp1WsQrYI AcFs9DqQyYCJJKVcXXAXhNbODZvJRU0NHunWKXk99BGVdL2SWf7hK8+XqzPONzio DIDhsGMCgYEAhzS2o44GOqaiXevWqACoCZkVRhxY2iX1UAdZ5/TQP++YgXF1MK+Z Teq3H2sppwMXwnfkM4u3fx2QE+GfwS/a9mgvRKierf5v28+CMvXqh5/wD2L98868 d+6JjNR1njom4b4VIBQdV45sMHVVoxnRlwA+/LDHvMeR4IOpWZxrLo4= -----END RSA PRIVATE KEY-----
生成的----BEGIN PUBLIC KEY----开头的公钥.pem文件
keyu0915@keyu0915:~/CAR/ASE$ cat pubkey.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGSju9+6EiaIHUzk0rNm eu97pePYcV+JTvRsa+L+WxloEUeXcs2bo5gXo04hy3L8Xo1yL+hxHx5drMYymbrE pig3VFd/wv7/J0PYKvmzjaw6mqwPaNjIsNSAqZRpBtXxK5OY5e4/Sf0v3wYSV3T/ 2UVS3LBCj6MByfoGyLmBHz2iPgqQoulkBTe0MaE/3ApS8GaSW4ySwkg1UNdpRoYs MtZhDsADBuPQ6178UVl6+7uX9nc26mAQ21NlInGgM4b2NShysCk5AakVUyGhrIJg xiq9qJPS4Obx49ohuA9YrkGFNk/xMhedDi29dacpZXLM2AIykEFAbIn/7cSSg+Ti HwIDAQAB -----END PUBLIC KEY-----
注意:使用PEM_write_RSAPublicKey()生成的公钥.pem文件是以----BEGIN RSA PUBLIC KEY---开头,但是用它来加密文件时会出现
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -encrypt -in input.file -inkey pubkey.pem -pubin -out output.file unable to load Public Key但是以 PEM_write_RSA_PUBKEY()生成的 ----BEGIN PUBLIC KEY----开头的公钥.pem文件或通过命令行转化成的 ----BEGIN RSA PUBLIC KEY---开头
.pem文件都可以正常加密,所以为了避免问题,自己只好使用PEM_write_RSA_PUBKEY()。
加解密:
明文:
keyu0915@keyu0915:~/CAR/ASE$ cat input.file hellow !I have use RSA encrypto.公钥加密:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -encrypt -in input.file -inkey pubkey.pem -pubin -out output.file
解密:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsautl -decrypt -in output.file -inkey prikey.pem -out decrypt.file解密后的文件:
keyu0915@keyu0915:~/CAR/ASE$ cat decrypt.file hellow !I have use RSA encrypto.
同理以上 ----BEGIN PUBLIC KEY----开头的公钥.pem文件或通过命令行转化成的 ----BEGIN RSA PUBLIC KEY---开头
.pem文件都可以正常加密input.file,并且用同样的私钥(-----BEGIN RSA PRIVATE KEY----开头)来解密。
以上的公钥转化命令行为:
keyu0915@keyu0915:~/CAR/ASE$ openssl rsa -in prikey.pem -RSAPublicKey_out -out pubkey.pem writing RSA key keyu0915@keyu0915:~/CAR/ASE$ cat pubkey.pem -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAzjluUAqJrBwb3xZhxcCqQxTMLsvFAI0diLugAzPdFRhdLSsX5JuS y1ec0Qt09s8/C8eM30MJ/jgg/TRtX8xc0s3HdDy5zojTFuGbHeuqn/XyBnk8Z+4s fPm2V0jk7FpUoUta9x3CQW778604S6uUmnuk2rvDaloxL6/lpK2dHgncir+7J/8A g2maRFidTGP96NMvT1EuILqQHqUKaXREu91fVKoOT8+MGDus4atj6Z6pJ/yh3c8U xfsQor/m0GgrpsfIPoQTo/F33j1MIN2puGJsCvMC0eZOxzACtum8FvS03HH3g6fQ TKq95YcVyz7sdyYZZPM9q3lIevt8ozYiZwIDAQAB -----END RSA PUBLIC KEY-----
注意!
本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。