使用加密货币++在 OpenSSL 上生成 RSA 密钥

发布于 2024-08-03 05:46:39 字数 308 浏览 8 评论 0 原文

有没有办法在 OpenSSL 中使用我通过 Crypto++ API 生成的 RSA 密钥?我正在寻找一种以 Crypto++ 和 OpenSSL 都可以轻松打开密钥的格式存储密钥的方法。

我正在编写一个许可方案,并且想要使用 Crypto++ API 来验证签名和解密文件,但是为了生成许可证文件,我想要使用 Web 界面(可能使用 PHP,它只支持 OpenSSL)来生成和加密/签署许可证。

我会使用 Crypto++ 编写这两个应用程序并从 PHP 调用它,但由于私钥将以加密形式存储,因此必须将密码传递给应用程序并在命令行上传递它似乎不是一个好的选择对我来说。

Is there a way to use the RSA keys I've generated with the Crypto++ API in OpenSSL? What I am looking for is a way to store the keys in a format that both Crypto++ and OpenSSL can easily open them.

I'm writing a licensing scheme and would want to verify signatures and decrypt files using the Crypto++ API, but to generate the license files I would want to use a web interface (probably using PHP, which only supports OpenSSL) to generate and encrypt/sign the licenses.

I would write both applications using Crypto++ and call it from the PHP, but since the private key will be stored in a encrypted form, a password must be passed to the application and passing it on the command line doesn't seems to be a good idea to me.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

沒落の蓅哖 2024-08-10 05:46:39

Crypto++ 和 OpenSSL 都可以处理 PKCS#8 编码的密钥。在 crypto++ 中,您可以像这样生成密钥并转换为 PKCS#8 缓冲区,

AutoSeededRandomPool rng;
RSAES_OAEP_SHA_Decryptor priv(rng, 2048);
string der;
StringSink der_sink(der);
priv.DEREncode(der_sink);
der_sink.MessageEnd();

// der.data() is the bytes you need

现在您只需将字节传递给 PHP 即可。您可以将其保存在文件中,然后发送消息。

唯一的问题是 PHP 的 OpenSSL 接口仅接受 PEM 编码的 PKCS#8。您可以在 PHP 中轻松地将 DER 编码的缓冲区转换为 PEM,

<?php
function pkcs8_to_pem($der) {

    static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
    static $END_MARKER = "-----END PRIVATE KEY-----";

    $value = base64_encode($der);

    $pem = $BEGIN_MARKER . "\n";
    $pem .= chunk_split($value, 64, "\n");
    $pem .= $END_MARKER . "\n";

    return $pem;
}
?>

如果您愿意,还可以在 C++ 中将 PKCS#8 转换为 PEM。从 PHP 代码中可以看出该算法非常简单。

OpenSSL 如今非常流行。我不认为有任何理由将 Crypto++ 用于像这样的常见加密应用程序。

Both Crypto++ and OpenSSL can handle PKCS#8 encoded keys. In crypto++, you can generate keys and convert to PKCS#8 buffer like this,

AutoSeededRandomPool rng;
RSAES_OAEP_SHA_Decryptor priv(rng, 2048);
string der;
StringSink der_sink(der);
priv.DEREncode(der_sink);
der_sink.MessageEnd();

// der.data() is the bytes you need

Now you just need to pass the bytes to PHP. You can save it in a file, send in a message.

The only gotcha is that PHP's OpenSSL interface only accepts PEM encoded PKCS#8. You can easily convert DER-encoded buffer into PEM like this in PHP,

<?php
function pkcs8_to_pem($der) {

    static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
    static $END_MARKER = "-----END PRIVATE KEY-----";

    $value = base64_encode($der);

    $pem = $BEGIN_MARKER . "\n";
    $pem .= chunk_split($value, 64, "\n");
    $pem .= $END_MARKER . "\n";

    return $pem;
}
?>

You can also convert PKCS#8 to PEM in C++ if you prefer. The algorithm is very simple as you can see from the PHP code.

OpenSSL is so prevalent nowadays. I don't see any reason to use Crypto++ for common crypto applications like this.

绝不服输 2024-08-10 05:46:39

有没有办法在 OpenSSL 中使用我通过 Crypto++ API 生成的 RSA 密钥?我正在寻找一种以 Crypto++ 和 OpenSSL 都可以轻松打开密钥的格式存储密钥的方法。

是的。除了 X.509 和 PKCS #8 编码密钥(ZZ Coder 的答案)之外,您还可以使用 PEM 编码密钥(包括加密密钥)。 2014 年 7 月,为 OpenSSL 互操作向该项目提供了对 PEM 编码密钥的支持。

要使用 PEM 编码密钥,您需要获取 Crypto++ PEM Pack 并重新编译库。 PEM Pack 不是 Wei Dai 在 Crypto++ 网站 上提供的 Crypto++ 库的一部分。

安装并重新编译后,它就像这样简单:

// Load a RSA public key
FileSource fs1("rsa-pub.pem", true);
RSA::PublicKey k1;
PEM_Load(fs1, k1);

// Load a encrypted RSA private key
FileSource fs2("rsa-enc-priv.pem", true);
RSA::PrivateKey k2;
PEM_Load(fs2, k2, "test", 4);

// Save an EC public key
DL_PublicKey_EC<ECP> k16 = ...;
FileSink fs16("ec-pub-xxx.pem", true);
PEM_Save(fs16, k16);

// Save an encrypted EC private key
DL_PrivateKey_EC<ECP> k18 = ...;
FileSink fs18("ec-enc-priv-xxx.pem", true);
PEM_Save(fs18, k18, "AES-128-CBC", "test", 4);

密钥在磁盘上看起来像这样:

$ cat rsa-pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg7ovcljEjZCFOdLWENBKE6FSk
Nke6OP79SMJABJw+JoEBpNddK6/v99IvA1qU76V0V4k8qLvhkVUtk9FArhhRsxeF
1fd8UVqgsT8j0YCVFcJ/ZA372ogpXyvc5aK9mZEiKE5TIF8qnDFFZiMWPrad1buk
hg+eFdo78QRLA5plEQIDAQAB
-----END PUBLIC KEY-----
$  
$ cat rsa-enc-priv.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E1A759E11CA515CE34B6E8CE5278C919

slMx02TMblahTedEKsfS+qYYo4nZFaqI3PhCRYmE5zUa9clHm7yo36wIk3oo52OB
f4AhOaJwiPQAbLe/kDHeP77iHd/4+hFNq/Haj6ahWRpXilLVOETLtefbzSGO8va3
ORnwQpPThs2V0EetPU3LB3QcA/XRjWDzyNa7+LydOjKwbQdZnF/jND5NCkEkncNM
iQJ1VWubN+Xs3Rx0CfLu5Chl1n7WnmCNMtLL/LtYeaR1SlRJa6BaF7hNHJJJ3+Jc
8curCKlpobs+XnlDfjyqgTXolkiepn95TnT7KSqi3BqVEpq/5LKMnkDJg6nwUR7A
w0jLNr1f8adWyBEj2Dp0D/jy8eDh65eHdJw4s8G5FZfBud1zWbvRQ3Ah70ISUKa3
4q/6z2vervPgoc+rMVYDvRf/mqa4LMXYhuygsyx50OgPldCC2d0cVVFCg/ljdEzO
UV5rSkK1Qczv8Nc1ZdY3fJA+qYIV8JqPPY+dJ2312R+myPi5Av0/69k8lZN5eIJk
SkiiFQmabhc+o6z4RFA52a3lOud3eGM9L5nbFQGc5COzQVZ6y8t06tLIp9Y5zjA4
KTgNncV5eq3Bau+cWXjP6pJRixFVfwIoy95mAur7B2P1iE4FXyZbvCovPL6vilT5
kSqAo7Znu0RpTjE36tWY6tFt+GU7k8EBrjA3Qi+8xxqyYtr57Ns+H/j+hhJTN8L7
IXoevwS81OPiB0Dmg6wLLXATG1+gCNXb8sd5U2eJhy4LOJA3y54CTgRnPXtM38CH
K+JvnDstyUl9IGTsgUz51ZzyJNZGU9Ro3pt/a3Cs5IJumaygZ0LQ44WBw9m/vja9
-----END RSA PRIVATE KEY-----
$  
$ cat ec-pub.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVwXjdIb2yy25QbIO0XiIHpySXwSpIAcz
v0Wdyq+fZ6BdJjs2jKvbs9pcRJn8yxlASWoz2R4NoHTZ2YokKsDfEg==
-----END PUBLIC KEY-----
$  
$ cat ec-enc-priv.pem
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F1DBC73E26DCD310888932C2762B3512

nikex48SFvtNOIrOEDipwmxaghjn4jtrvwI3d1H/VNq9yp26WqFZxBJCUPFBFLjH
auA+AHeUo3BVkNQPs0VO4FD5xR50mtc2tCJizzhyTTTypLc3lRkxmD1MpeZnWRy2
70foVtNSvLL/QLJqNJGm/G9kl0xPN4zAfOq7Txoscnk=
-----END EC PRIVATE KEY-----

相关:有关其他有用的 Crypto++ 补丁,请参阅 类别:补丁 页面。

Is there a way to use the RSA keys I've generated with the Crypto++ API in OpenSSL? What I am looking for is a way to store the keys in a format that both Crypto++ and OpenSSL can easily open them.

Yes. In addition to X.509 and PKCS #8 encoded keys (ZZ Coder's answer), you can also use PEM encoded keys including encrypted keys. Support for PEM encoded keys was donated to the project in July, 2014 for OpenSSL interop.

To use the PEM encoded keys, you need to fetch the Crypto++ PEM Pack and recompile the library. The PEM Pack is not part of the Crypto++ library as provided by Wei Dai at the Crypto++ website.

Once you install and recompile, its as simple as:

// Load a RSA public key
FileSource fs1("rsa-pub.pem", true);
RSA::PublicKey k1;
PEM_Load(fs1, k1);

// Load a encrypted RSA private key
FileSource fs2("rsa-enc-priv.pem", true);
RSA::PrivateKey k2;
PEM_Load(fs2, k2, "test", 4);

// Save an EC public key
DL_PublicKey_EC<ECP> k16 = ...;
FileSink fs16("ec-pub-xxx.pem", true);
PEM_Save(fs16, k16);

// Save an encrypted EC private key
DL_PrivateKey_EC<ECP> k18 = ...;
FileSink fs18("ec-enc-priv-xxx.pem", true);
PEM_Save(fs18, k18, "AES-128-CBC", "test", 4);

The keys look like so on-disk:

$ cat rsa-pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg7ovcljEjZCFOdLWENBKE6FSk
Nke6OP79SMJABJw+JoEBpNddK6/v99IvA1qU76V0V4k8qLvhkVUtk9FArhhRsxeF
1fd8UVqgsT8j0YCVFcJ/ZA372ogpXyvc5aK9mZEiKE5TIF8qnDFFZiMWPrad1buk
hg+eFdo78QRLA5plEQIDAQAB
-----END PUBLIC KEY-----
$  
$ cat rsa-enc-priv.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E1A759E11CA515CE34B6E8CE5278C919

slMx02TMblahTedEKsfS+qYYo4nZFaqI3PhCRYmE5zUa9clHm7yo36wIk3oo52OB
f4AhOaJwiPQAbLe/kDHeP77iHd/4+hFNq/Haj6ahWRpXilLVOETLtefbzSGO8va3
ORnwQpPThs2V0EetPU3LB3QcA/XRjWDzyNa7+LydOjKwbQdZnF/jND5NCkEkncNM
iQJ1VWubN+Xs3Rx0CfLu5Chl1n7WnmCNMtLL/LtYeaR1SlRJa6BaF7hNHJJJ3+Jc
8curCKlpobs+XnlDfjyqgTXolkiepn95TnT7KSqi3BqVEpq/5LKMnkDJg6nwUR7A
w0jLNr1f8adWyBEj2Dp0D/jy8eDh65eHdJw4s8G5FZfBud1zWbvRQ3Ah70ISUKa3
4q/6z2vervPgoc+rMVYDvRf/mqa4LMXYhuygsyx50OgPldCC2d0cVVFCg/ljdEzO
UV5rSkK1Qczv8Nc1ZdY3fJA+qYIV8JqPPY+dJ2312R+myPi5Av0/69k8lZN5eIJk
SkiiFQmabhc+o6z4RFA52a3lOud3eGM9L5nbFQGc5COzQVZ6y8t06tLIp9Y5zjA4
KTgNncV5eq3Bau+cWXjP6pJRixFVfwIoy95mAur7B2P1iE4FXyZbvCovPL6vilT5
kSqAo7Znu0RpTjE36tWY6tFt+GU7k8EBrjA3Qi+8xxqyYtr57Ns+H/j+hhJTN8L7
IXoevwS81OPiB0Dmg6wLLXATG1+gCNXb8sd5U2eJhy4LOJA3y54CTgRnPXtM38CH
K+JvnDstyUl9IGTsgUz51ZzyJNZGU9Ro3pt/a3Cs5IJumaygZ0LQ44WBw9m/vja9
-----END RSA PRIVATE KEY-----
$  
$ cat ec-pub.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVwXjdIb2yy25QbIO0XiIHpySXwSpIAcz
v0Wdyq+fZ6BdJjs2jKvbs9pcRJn8yxlASWoz2R4NoHTZ2YokKsDfEg==
-----END PUBLIC KEY-----
$  
$ cat ec-enc-priv.pem
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F1DBC73E26DCD310888932C2762B3512

nikex48SFvtNOIrOEDipwmxaghjn4jtrvwI3d1H/VNq9yp26WqFZxBJCUPFBFLjH
auA+AHeUo3BVkNQPs0VO4FD5xR50mtc2tCJizzhyTTTypLc3lRkxmD1MpeZnWRy2
70foVtNSvLL/QLJqNJGm/G9kl0xPN4zAfOq7Txoscnk=
-----END EC PRIVATE KEY-----

Related: for other useful Crypto++ patches, see the Category:Patch page on the Crypto++ wiki.

苯莒 2024-08-10 05:46:39

试试这个链接:
http://www.cryptopp.com/fom-serve/cache/62。 html

看来您需要使用 PKCS#8 并从 DER 转换为 PEM 格式才能在 OpenSSL 中使用密钥。我不确定您是否能够使用一个文件来完成这两个任务。

我只使用过 OpenSSL,所以我不确定 Crypto++ 有哪些选项。我通过在 Google 中搜索这些术语找到了上面的链接:Crypto++ RSA OpenSSL。

DER 是 OpenSSL 密钥和证书的二进制格式。

PEM 是 OpenSSL 的文本格式。

Try this link:
http://www.cryptopp.com/fom-serve/cache/62.html

It looks like you'll need to use PKCS#8 and convert from DER to PEM format to be able to use the keys in OpenSSL. I'm not sure if you'll be able to use a single file for both.

I've only used OpenSSL so I'm not sure what options you have with Crypto++. I found the link above by searching Google for these terms: Crypto++ RSA OpenSSL.

DER is OpenSSL's binary format for keys and certificates.

PEM is OpenSSL's text format.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文