使用 OpenSSL 加密和解密错误 0x0407106B
我正在用 C 语言编写一个例程,该例程使用公钥读取 Base64 字符串并继续加密字符串。我还测试了相同字符串的解密,但在尝试解码时收到错误 0x0407106B:
$ openssl errstr 0x0407106B
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
这是代码
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
//#define PADDING RSA_PKCS1_OAEP_PADDING
#define PADDING RSA_PKCS1_PADDING
//#define PADDING RSA_NO_PADDING
main() {
// public key
char *b64_pKey = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp2w+8HUdECo8V5yuKYrWJmUbL\ntD6nSyVifN543axXvNSFzQfWNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6\nhsZA81AblAOOXKaUaxvFC+ZKRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68Epn\naOLepTZw+GLTnusQgwIDAQAB\n-----END PUBLIC KEY-----\n";
// private key
char *b64priv_key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCp2w+8HUdECo8V5yuKYrWJmUbLtD6nSyVifN543axXvNSFzQfW\nNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6hsZA81AblAOOXKaUaxvFC+ZK\nRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68EpnaOLepTZw+GLTnusQgwIDAQAB\nAoGBAKDuq3PikblH/9YS11AgwjwC++7ZcltzeZJdGTSPY1El2n6Dip9ML0hUjeSM\nROIWtac/nsNcJCnvOnUjK/c3NIAaGJcfRPiH/S0Ga6ROiDfFj2UXAmk/v4wRRUzr\n5lsA0jgEt5qcq2Xr/JPQVGB4wUgL/yQK0dDhW0EdrJ707e3BAkEA1aIHbmcVfCP8\nY/uWuK0lvWxrIWfR5MlHhI8tD9lvkot2kyXiV+jB6/gktwk1QaFsy7dCXn7w03+k\nxrjEGGN+kQJBAMuKf55lDtU9K2Js3YSStTZAXP+Hz7XpoLxmbWFyGvBx806WjgAD\n624irwS+0tBxkERbRcisfb2cXmAx8earT9MCQDZuVCpjBWxd1t66qYpgQ29iAmG+\njBIY3qn9uOOC6RSTiCCx1FvFqDMxRFmGdRVFxeyZwsVE3qNksF0Zko0MPKECQCEe\noDV97DP2iCCz5je0R5hUUM2jo8DOC0GcyR+aGZgWcqjPBrwp5x08t43mHxeb4wW8\ndFZ6+trnntO4TMxkA9ECQB+yCPgO1zisJWYuD46KISoesYhwHe5C1BQElQgi9bio\nU39fFo88w1pok23a2CZBEXguSvCvexeB68OggdDXvy0=\n-----END RSA PRIVATE KEY-----\n";
// String to encrypt
char *str = "1234";
ERR_load_crypto_strings();
BIO *bpo = BIO_new_mem_buf(b64_pKey, -1);
RSA *pubKey = PEM_read_bio_RSA_PUBKEY(bpo, NULL, NULL, NULL);
if ( !pubKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
int rsa_length = RSA_size(pubKey);
BIO *b64 = NULL;
BIO *bmem = NULL;
BUF_MEM *bptr = NULL;
unsigned char encrypted[2560] = { 0 };
unsigned char retencrypted[2560] = { 0 };
int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);
if ( resultEncrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
/*
* Show base 64 encrypted string
*/
b64 = BIO_new((BIO_METHOD *)BIO_f_base64());
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_write(b64, encrypted, resultEncrypt);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bptr);
memcpy(retencrypted, bptr->data, bptr->length);
BIO_free(b64);
BIO_free(bpo);
RSA_free(pubKey);
printf("Encrypted string:%s\n",retencrypted);
/*
* Now decrypt this very string with the private key
*/
BIO *bpop = BIO_new_mem_buf(b64priv_key, -1);
RSA *privKey = PEM_read_bio_RSAPrivateKey(bpop, NULL, NULL, NULL);
if ( !privKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
rsa_length = RSA_size(privKey);
unsigned char decrypted[2560] = { 0 };
int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);
if ( resultDecrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
printf("resultDecrypt=%d\ndecrypted string: %s\n",resultDecrypt,decrypted);
BIO_free(bpop);
RSA_free(privKey);
ERR_free_strings();
}
导出私钥
openssl rsa -in rsa_privatekey.pem -check
注意:我使用公钥
openssl rsa -in rsa_privatekey.pem -pubout
:为什么会收到错误?
I'm writing a routine in C that reads a base64 string with the public key and proceeds to encrypt a string. I also test the same string's decryption but I'm getting error 0x0407106B when trying to do the decoding:
$ openssl errstr 0x0407106B
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
Here's the code
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
//#define PADDING RSA_PKCS1_OAEP_PADDING
#define PADDING RSA_PKCS1_PADDING
//#define PADDING RSA_NO_PADDING
main() {
// public key
char *b64_pKey = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp2w+8HUdECo8V5yuKYrWJmUbL\ntD6nSyVifN543axXvNSFzQfWNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6\nhsZA81AblAOOXKaUaxvFC+ZKRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68Epn\naOLepTZw+GLTnusQgwIDAQAB\n-----END PUBLIC KEY-----\n";
// private key
char *b64priv_key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCp2w+8HUdECo8V5yuKYrWJmUbLtD6nSyVifN543axXvNSFzQfW\nNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6hsZA81AblAOOXKaUaxvFC+ZK\nRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68EpnaOLepTZw+GLTnusQgwIDAQAB\nAoGBAKDuq3PikblH/9YS11AgwjwC++7ZcltzeZJdGTSPY1El2n6Dip9ML0hUjeSM\nROIWtac/nsNcJCnvOnUjK/c3NIAaGJcfRPiH/S0Ga6ROiDfFj2UXAmk/v4wRRUzr\n5lsA0jgEt5qcq2Xr/JPQVGB4wUgL/yQK0dDhW0EdrJ707e3BAkEA1aIHbmcVfCP8\nY/uWuK0lvWxrIWfR5MlHhI8tD9lvkot2kyXiV+jB6/gktwk1QaFsy7dCXn7w03+k\nxrjEGGN+kQJBAMuKf55lDtU9K2Js3YSStTZAXP+Hz7XpoLxmbWFyGvBx806WjgAD\n624irwS+0tBxkERbRcisfb2cXmAx8earT9MCQDZuVCpjBWxd1t66qYpgQ29iAmG+\njBIY3qn9uOOC6RSTiCCx1FvFqDMxRFmGdRVFxeyZwsVE3qNksF0Zko0MPKECQCEe\noDV97DP2iCCz5je0R5hUUM2jo8DOC0GcyR+aGZgWcqjPBrwp5x08t43mHxeb4wW8\ndFZ6+trnntO4TMxkA9ECQB+yCPgO1zisJWYuD46KISoesYhwHe5C1BQElQgi9bio\nU39fFo88w1pok23a2CZBEXguSvCvexeB68OggdDXvy0=\n-----END RSA PRIVATE KEY-----\n";
// String to encrypt
char *str = "1234";
ERR_load_crypto_strings();
BIO *bpo = BIO_new_mem_buf(b64_pKey, -1);
RSA *pubKey = PEM_read_bio_RSA_PUBKEY(bpo, NULL, NULL, NULL);
if ( !pubKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
int rsa_length = RSA_size(pubKey);
BIO *b64 = NULL;
BIO *bmem = NULL;
BUF_MEM *bptr = NULL;
unsigned char encrypted[2560] = { 0 };
unsigned char retencrypted[2560] = { 0 };
int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);
if ( resultEncrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
/*
* Show base 64 encrypted string
*/
b64 = BIO_new((BIO_METHOD *)BIO_f_base64());
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_write(b64, encrypted, resultEncrypt);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bptr);
memcpy(retencrypted, bptr->data, bptr->length);
BIO_free(b64);
BIO_free(bpo);
RSA_free(pubKey);
printf("Encrypted string:%s\n",retencrypted);
/*
* Now decrypt this very string with the private key
*/
BIO *bpop = BIO_new_mem_buf(b64priv_key, -1);
RSA *privKey = PEM_read_bio_RSAPrivateKey(bpop, NULL, NULL, NULL);
if ( !privKey ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
rsa_length = RSA_size(privKey);
unsigned char decrypted[2560] = { 0 };
int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);
if ( resultDecrypt == -1 ) {
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return;
}
printf("resultDecrypt=%d\ndecrypted string: %s\n",resultDecrypt,decrypted);
BIO_free(bpop);
RSA_free(privKey);
ERR_free_strings();
}
Note: I exported the private key using
openssl rsa -in rsa_privatekey.pem -check
and the public key:
openssl rsa -in rsa_privatekey.pem -pubout
Why am I getting the error?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
问题是您正在尝试解密 Base64 编码结果。
您应该尝试解密加密结果。
也就是说,而不是:
您应该调用:
另外,加密调用中存在问题:
为什么您将 PADDING 作为
flen传递?这应该是字符串的长度(即 4 或 5,具体取决于您是否要加密空字符)。如果您想将加密字符串写入 ASCII(使用 base64 编码),那没问题。但在解密之前你必须先解码它。
The problem is that you're trying to decrypt the base64 encoded result.
You should try to decrypt the result of the encryption.
That is, instead of:
You should call:
Also, there is a problem in the encryption call:
Why are you passing PADDING as
flen? This should be the length of the string (i.e. 4 or 5, depending on whether you want to encrypt the null character).If you want to write the encrypted string as ASCII (encoded using base64), that's fine. But you have to decode it back before you decrypt it.
您收到的错误是 block类型不是 02。
尽管 Omri 是正确的,您传递了错误的数据,并且您只会加密 1 个字节,但错误是因为
sizeof(encrypted)太大了 (2560)。换句话说,RSA_public_encrypt的数据接收器必须是常规的unsigned char*指针,而不是unsigned char[2560].你
应该使用
注意Omri指出的错误,你使用
PADDING作为RSA_public_encrypt的第一个参数,而它应该是DATALEN代码>数据长度。如果您修复了该问题,稍后您将在私钥解密时收到类似的错误。修好它,你就可以上路了。
The error you're getting is block type is not 02.
Although Omri is correct that you're passing the wrong data, and you are only going to encrypt 1 byte, the error is because the
sizeof( encrypted )is way too large (2560). In other words your data receiver forRSA_public_encryptmust be a regularunsigned char*pointer, not anunsigned char[2560].Where you have
You should be using
Notice the error Omri pointed out, that you used
PADDINGas the first arg toRSA_public_encrypt, while it should be theDATALENdata length.If you fix that you'll get a similar error later with the private key decrypt. Fix it and you're on your way.