C++ 使用CPP进行OpenSSL sha256签名和验证
我的代码应该读取PKCS12以获取私钥来对一些文件进行签名并检查其签名 读取和解析PKCS12似乎工作正常。这个问题特别发生在验证时。下面是签名和验证C++ 使用CPP进行OpenSSL sha256签名和验证,c++,ssl,openssl,C++,Ssl,Openssl,我的代码应该读取PKCS12以获取私钥来对一些文件进行签名并检查其签名 读取和解析PKCS12似乎工作正常。这个问题特别发生在验证时。下面是签名和验证 int sign (EVP_PKEY *pkey, char* msg,unsigned char** sig, size_t* slen){ EVP_MD_CTX *mdctx = NULL; int ret = 0; size_t req = 0; *sig = NULL; /* Create the
int sign (EVP_PKEY *pkey, char* msg,unsigned char** sig, size_t* slen){
EVP_MD_CTX *mdctx = NULL;
int ret = 0;
size_t req = 0;
*sig = NULL;
/* Create the Message Digest Context */
if(!(mdctx = EVP_MD_CTX_create())) {
qDebug()<<"0";
return 0;
}
/* Initialise the DigestSign operation - SHA-256 has been selected as the message digest function in this example */
if(1 != EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL,pkey)) {
qDebug()<<"A";
return 0;
}
/* Call update with the message */
if(1 != EVP_DigestSignUpdate(mdctx, msg, strlen(msg))) {
qDebug()<<"B";
return 0;
}
/* Finalise the DigestSign operation */
/* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
* signature. Length is returned in slen */
if(1 != EVP_DigestSignFinal(mdctx, NULL, slen)) {
qDebug()<<"C";
return 0;
}
/* Allocate memory for the signature based on size in slen */
if(!(*sig =(unsigned char *) OPENSSL_malloc(sizeof(unsigned char) * (*slen)))){
qDebug()<<"D";
return 0;
}
/* Obtain the signature */
if(1 != EVP_DigestSignFinal(mdctx, *sig, slen)){
qDebug()<<"E";
return 0;
}
//qDebug()<<(char*)sig;
/* Success */
ret = 1;
/* Clean up */
if(*sig && !ret) OPENSSL_free(*sig);
if(mdctx) EVP_MD_CTX_destroy(mdctx);
qDebug()<<"SIGNED";
return 1;
}
/*------------------------------*/
int verify(EVP_PKEY *pubkey, const char* msg,unsigned char* sig, size_t slen){
EVP_MD_CTX *mdctx;
ERR_get_error();
if(!(mdctx = EVP_MD_CTX_create())) {
qDebug()<<"DEU RUIM";
}
EVP_MD_CTX_init(mdctx);
if(1 != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pubkey)){
qDebug()<<"Err1";
return 0;
}
if(1 != EVP_DigestVerifyUpdate(mdctx, msg, strlen(msg))){
qDebug()<<"Err2";
return 0;
}
ERR_print_errors_fp(stderr);
if(1 == EVP_DigestVerifyFinal(mdctx, sig, slen)) {
qDebug()<<"THE FILE IS ORIGINAL";
return 1;
} else{
qDebug()<<"THE FILE IS NOT ORIGINAL";
return 0;
}
}
int符号(EVP\u PKEY*PKEY,char*msg,unsigned char**sig,size\u t*slen){
EVP_MD_CTX*mdctx=NULL;
int-ret=0;
尺寸要求=0;
*sig=NULL;
/*创建消息摘要上下文*/
如果(!(mdctx=EVP\u MD\u CTX\u create()){
qDebug()解决了打开、写入文件和读取文件的问题。不幸的是,如果只是尝试验证,它仍然无法正确验证。另请参见OpenSSL wiki上的。
/*---(START)IF COMMENT THIS PART, VERIFIES WRONGLY---*/
sign(prkey, msg, &sig, &len);
/*write file certificate*/
ofstream outfile("outCert",ios::out | ios::binary);
outfile.write((reinterpret_cast<const char*>(sig)),len);
/*---(END)---*/
//set public key
EVP_PKEY* pubkey=X509_get_pubkey(cert);
FILE* file2;
unsigned char *msg2;
size_t sz;
file2=fopen ("outCert","rb");
if(file2!=NULL){
fseek(file2, 0L, SEEK_END);
sz = ftell(file2);
fseek(file2, 0, SEEK_SET);
msg2 = new unsigned char [sz];
fread(msg2,1,sz,file2);
fclose(file2);
}else cout << "Unable to open file";
//change 'msg2' and 'sz' for 'sig' and 'len' to work respectively
verify(pubkey,msg,msg2,sz);