如何使用密码解密 PKCS8 DER 加密私钥,在 crypto++
我正在尝试使用加密的私钥对消息进行签名,我当然拥有它的密码,因此我正在尝试解密该密钥,以便我可以使用它进行签名。
我正在使用 C++ 库crypto++,这是我尝试用来从文件读取密钥的代码。
string keyString;
FileSource fs(keyFileName.c_str(), true, new DefaultDecryptorWithMAC(passphrase, new StringSink(keyString)));
执行此操作时,它会出现 CryptoPP::DefaultDecryptor::KeyBadErrCryptoPP::DefaultDecryptor::KeyBadErr code>,我知道我有正确的密码,因为我设法使用 openssl 和以下命令行解密密钥:
openssl pkcs8 -inform DER -passin pass:PASSPHRASE < emisor.key
这是我的第一篇文章,我不确定我是否遵循所有规则来提出问题,但任何帮助或提示将不胜感激。
问候,
重
I'm trying to sign a message using a private key that is encrypted, I of course have the password to it, so I'm trying to decrypt the key so I can the use it to sign.
I'm using C++ library crypto++, this is the code I'm trying to use to read the key from file
string keyString;
FileSource fs(keyFileName.c_str(), true, new DefaultDecryptorWithMAC(passphrase, new StringSink(keyString)));
When doing this, it rises a CryptoPP::DefaultDecryptor::KeyBadErr, I know that I have the correct password because I managed to decrypt the key using openssl with the following command line:
openssl pkcs8 -inform DER -passin pass:PASSPHRASE < emisor.key
This is my first post, I'm not sure if I'm following all the rules to ask the question, but any help or tip will be appreciated.
Regards,
heavy
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
PKCS #8 使用与 Crypto++ 的
DefaultDecryptorWithMAC无关的特定加密格式。您可以在此处找到规范的详细信息 - http://www.rsa.com /rsalabs/node.asp?id=2130不幸的是,Crypto++ 目前不原生支持加密的 PKCS #8 密钥。借助库中的 ASN.1 和加密支持,您当然可以自己实现它,但使用 openssl 命令行工具简单地解密密钥可能会更容易。或者您可以在程序中使用 openssl 或其他支持加密 PKCS #8 密钥的库。
PKCS #8 uses a specific encryption format that has nothing to do with Crypto++'s
DefaultDecryptorWithMAC. You can find the details in the specification here - http://www.rsa.com/rsalabs/node.asp?id=2130Unfortunately Crypto++ does not currently support encrypted PKCS #8 keys natively. With the ASN.1 and crypto support in the library you can certainly implement it yourself, but it may be easier to simply decrypt the key using the openssl command line tool. Or you could use openssl in your program, or another library that supports encrypted PKCS #8 keys.