在 OpenSSL 中使用 ECDSA 对消息进行签名

发布于 2024-08-20 18:17:41 字数 1091 浏览 9 评论 0原文

以编程方式在 OpenSSL 中使用 ECDSA 时,如何设置用于签名消息的私钥?我有以下代码:

static int create_signature(unsigned char* hash)
{
  EC_KEY *eckey=NULL;
  EC_GROUP *ecgroup=NULL;
  EVP_PKEY *evpkey=NULL;
  unsigned char *signature=NULL;
  point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
  int signature_size, block_size;
  unsigned char * block=NULL;

  ecgroup = get_ec_group_192();
  EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
  EC_GROUP_set_point_conversion_form(ecgroup, form);
  eckey=EC_KEY_new();
  EC_KEY_set_group(eckey,ecgroup);
  EC_KEY_generate_key(eckey);
  evpkey=EVP_PKEY_new();
  EVP_PKEY_assign_EC_KEY(evpkey,eckey);
  signature=OPENSSL_malloc(EVP_PKEY_size(evpkey));

  ECDSA_sign(0, hash, sizeof(hash), signature, &signature_size, eckey);

  printf("%s", signature);
  return 0;
}

函数 get_ec_group_192() 是通过运行 openssl ecparam -C -name secp192k1 -genkey 创建的,它还会生成一些 EC PARAMETERS > 和 EC 私钥

我想做的是用我的私钥加密 hash 中包含的消息,以便只有公钥可以解密它。上面的代码是否可以做到这一点,或者我这样做完全是错误的?

How do I set the private key for signing messages when using ECDSA in OpenSSL programmatically? I have the following code:

static int create_signature(unsigned char* hash)
{
  EC_KEY *eckey=NULL;
  EC_GROUP *ecgroup=NULL;
  EVP_PKEY *evpkey=NULL;
  unsigned char *signature=NULL;
  point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
  int signature_size, block_size;
  unsigned char * block=NULL;

  ecgroup = get_ec_group_192();
  EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
  EC_GROUP_set_point_conversion_form(ecgroup, form);
  eckey=EC_KEY_new();
  EC_KEY_set_group(eckey,ecgroup);
  EC_KEY_generate_key(eckey);
  evpkey=EVP_PKEY_new();
  EVP_PKEY_assign_EC_KEY(evpkey,eckey);
  signature=OPENSSL_malloc(EVP_PKEY_size(evpkey));

  ECDSA_sign(0, hash, sizeof(hash), signature, &signature_size, eckey);

  printf("%s", signature);
  return 0;
}

The function get_ec_group_192() is created by running openssl ecparam -C -name secp192k1 -genkey which also generates some EC PARAMETERS and a EC PRIVATE KEY.

What I am trying to do is to encrypt the message contained in hash with my private key so that only public key can decrypt it. Is that possible with the above code, or am I doing this completely wrong?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

南烟 2024-08-27 18:17:41

以下对我来说验证成功:

//compiled with gcc -g -lssl -UOPENSSL_NO_EC SO2228860.c -lcrypto
#include <openssl/ec.h>      // for EC_GROUP_new_by_curve_name, EC_GROUP_free, EC_KEY_new, EC_KEY_set_group, EC_KEY_generate_key, EC_KEY_free
#include <openssl/ecdsa.h>   // for ECDSA_do_sign, ECDSA_do_verify
#include <openssl/obj_mac.h> // for NID_secp192k1


static int create_signature(unsigned char* hash)
{
    int function_status = -1;
    EC_KEY *eckey=EC_KEY_new();
    if (NULL == eckey)
    {
        printf("Failed to create new EC Key\n");
        function_status = -1;
    }
    else
    {
        EC_GROUP *ecgroup= EC_GROUP_new_by_curve_name(NID_secp192k1);
        if (NULL == ecgroup)
        {
            printf("Failed to create new EC Group\n");
            function_status = -1;
        }
        else
        {
            int set_group_status = EC_KEY_set_group(eckey,ecgroup);
            const int set_group_success = 1;
            if (set_group_success != set_group_status)
            {
                printf("Failed to set group for EC Key\n");
                function_status = -1;
            }
            else
            {
                const int gen_success = 1;
                int gen_status = EC_KEY_generate_key(eckey);
                if (gen_success != gen_status)
                {
                    printf("Failed to generate EC Key\n");
                    function_status = -1;
                }
                else
                {
                    ECDSA_SIG *signature = ECDSA_do_sign(hash, strlen(hash), eckey);
                    if (NULL == signature)
                    {
                        printf("Failed to generate EC Signature\n");
                        function_status = -1;
                    }
                    else
                    {

                        int verify_status = ECDSA_do_verify(hash, strlen(hash), signature, eckey);
                        const int verify_success = 1;
                        if (verify_success != verify_status)
                        {
                            printf("Failed to verify EC Signature\n");
                            function_status = -1;
                        }
                        else
                        {
                            printf("Verifed EC Signature\n");
                            function_status = 1;
                        }
                    }
                }
            }
            EC_GROUP_free(ecgroup);
        }
        EC_KEY_free(eckey);
    }

  return function_status;
}

int main( int argc , char * argv[] )
{
    unsigned char hash[] = "c7fbca202a95a570285e3d700eb04ca2";
    int status = create_signature(hash);
    return(0) ;
}

The following verifies successfully for me:

//compiled with gcc -g -lssl -UOPENSSL_NO_EC SO2228860.c -lcrypto
#include <openssl/ec.h>      // for EC_GROUP_new_by_curve_name, EC_GROUP_free, EC_KEY_new, EC_KEY_set_group, EC_KEY_generate_key, EC_KEY_free
#include <openssl/ecdsa.h>   // for ECDSA_do_sign, ECDSA_do_verify
#include <openssl/obj_mac.h> // for NID_secp192k1


static int create_signature(unsigned char* hash)
{
    int function_status = -1;
    EC_KEY *eckey=EC_KEY_new();
    if (NULL == eckey)
    {
        printf("Failed to create new EC Key\n");
        function_status = -1;
    }
    else
    {
        EC_GROUP *ecgroup= EC_GROUP_new_by_curve_name(NID_secp192k1);
        if (NULL == ecgroup)
        {
            printf("Failed to create new EC Group\n");
            function_status = -1;
        }
        else
        {
            int set_group_status = EC_KEY_set_group(eckey,ecgroup);
            const int set_group_success = 1;
            if (set_group_success != set_group_status)
            {
                printf("Failed to set group for EC Key\n");
                function_status = -1;
            }
            else
            {
                const int gen_success = 1;
                int gen_status = EC_KEY_generate_key(eckey);
                if (gen_success != gen_status)
                {
                    printf("Failed to generate EC Key\n");
                    function_status = -1;
                }
                else
                {
                    ECDSA_SIG *signature = ECDSA_do_sign(hash, strlen(hash), eckey);
                    if (NULL == signature)
                    {
                        printf("Failed to generate EC Signature\n");
                        function_status = -1;
                    }
                    else
                    {

                        int verify_status = ECDSA_do_verify(hash, strlen(hash), signature, eckey);
                        const int verify_success = 1;
                        if (verify_success != verify_status)
                        {
                            printf("Failed to verify EC Signature\n");
                            function_status = -1;
                        }
                        else
                        {
                            printf("Verifed EC Signature\n");
                            function_status = 1;
                        }
                    }
                }
            }
            EC_GROUP_free(ecgroup);
        }
        EC_KEY_free(eckey);
    }

  return function_status;
}

int main( int argc , char * argv[] )
{
    unsigned char hash[] = "c7fbca202a95a570285e3d700eb04ca2";
    int status = create_signature(hash);
    return(0) ;
}
提笔书几行 2024-08-27 18:17:41

这是上面代码中的一个小错误。传递的散列是一个无符号字符,该散列中可以有 0x00 值!不要使用 strlen(hash) 来计算长度,因为如果散列中的任何位置都有 0x00,则可能会将不正确的长度传递给例程。哈希值是固定长度的,应该这样传递。例如,sha256 的长度应为 64。

Their is a small bug in the above code. The hash that is passed is an unsigned char, this hash CAN have 0x00 values in it! Do NOT use the strlen(hash) to calculate the length, as that will possibly pass the incorrect length to the routine IF the hash has a 0x00 in it anywhere. Hashes are fixed length, and should be passed as such. sha256 for example should be of length 64.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文