OpenSSL CMS 在 C++ 中加密和 Objective-c
我正在使用 OpenSSL 的 CMS 库加密文本(只是字符串)。我已经实现了一个 cms 加密方法,当我在 C++ 项目中调用它(具有相同的证书和输入字符串)时,它会产生以下输出:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHA6CAMIACAQAxggG9MIIBuQIBADCBoDCBkjELMAkGA1UEBhMC
QVQxDzANBgNVBAgMBlN0eXJpYTENMAsGA1UEBwwER3JhejEKMAgGA1UECgwBLzEK
MAgGA1UECwwBLzEdMBsGA1UEAwwUQ2hyaXN0b2YgU3Ryb21iZXJnZXIxLDAqBgkq
hkiG9w0BCQEWHXN0cm9tYmVyZ2VyQHN0dWRlbnQudHVncmF6LmF0AgkAmHFnJtIY
YyAwDQYJKoZIhvcNAQEBBQAEggEACLskYA0ma3hBccwOamh14/b2XqRCmBakGxPM
dQFMoiQy47UvGLQ4QmruOU1Mv530r3jglxVZd2DNX5fBPwHJ91ORU39BGns2BnWd
E5z8yH5Kr1edjErj/EZRzJFU1Qyq6/uBn3W4X9+jNhuWWcPrxoQOoQhrE0vETnv4
dZb5ic1iYLWOraSwnQmvOLgrh9iCJuq6n9EWF/YHJelETKQSO2RnPvbpesHLgZ48
ngGkDH+FWU0QZV+LXmq8xpdpLWxMAeh07WIUz0sA1okYFMCk2uy5sg7ovyO804ae
AbZlXz8aDeoMMGzOfNi2PxYxbwRwObBOj2cxU0qMQu49lgIhJjCABgkqhkiG9w0B
BwEwFAYIKoZIhvcNAwcECNUojhuQn568oIAEGPkzqWrziObAHieBNpIKMGboxxY8
oiTMIAQIToaGyI0IMGcAAAAAAAAAAAAA
但是当我将代码复制到 Objective-c 项目(适用于 iOS5)时,我得到我无法再解密的“错误”输出...这是输出:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHA6CAMIACAQAxggG4MIIBtAIBADCBoDCBkjELMAkGA1UEBhMC
QVQxDzANBgNVBAgMBlN0eXJpYTENMAsGA1UEBwwER3JhejEKMAgGA1UECgwBLzEK
MAgGA1UECwwBLzEdMBsGA1UEAwwUQ2hyaXN0b2YgU3Ryb21iZXJnZXIxLDAqBgkq
hkiG9w0BCQEWHXN0cm9tYmVyZ2VyQHN0dWRlbnQudHVncmF6LmF0AgkAmHFnJtIY
YyAwDQYJKoZIhvcNAQEBBQAEgfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwgAYJKoZIhvcNAQcBMBQG
CCqGSIb3DQMHBAgAyfDfER+rUaCABBi7ammjNh3zr0CZDxRjalXcmxC5qIbWsoUE
COCbSOGWOGcWAAAAAAAAAAAAAA==
它是完全相同的代码,但产生两个不同的输出。对我来说,第二个输出看起来很奇怪,因为 base64 编码中的鬃毛“AAAA”。我想这一定是证书的一部分。底部是加密的输入字符串,证书的开头是相等的,但在证书的中间或末尾发生了奇怪的变化。
有人建议这里出了什么问题吗?
I'm encrypting a text (just a string) using OpenSSL's CMS library. I've implemented a cms encrypt method and when I call this in a C++ project (with the equal certificate and input string) it produces the following output:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHA6CAMIACAQAxggG9MIIBuQIBADCBoDCBkjELMAkGA1UEBhMC
QVQxDzANBgNVBAgMBlN0eXJpYTENMAsGA1UEBwwER3JhejEKMAgGA1UECgwBLzEK
MAgGA1UECwwBLzEdMBsGA1UEAwwUQ2hyaXN0b2YgU3Ryb21iZXJnZXIxLDAqBgkq
hkiG9w0BCQEWHXN0cm9tYmVyZ2VyQHN0dWRlbnQudHVncmF6LmF0AgkAmHFnJtIY
YyAwDQYJKoZIhvcNAQEBBQAEggEACLskYA0ma3hBccwOamh14/b2XqRCmBakGxPM
dQFMoiQy47UvGLQ4QmruOU1Mv530r3jglxVZd2DNX5fBPwHJ91ORU39BGns2BnWd
E5z8yH5Kr1edjErj/EZRzJFU1Qyq6/uBn3W4X9+jNhuWWcPrxoQOoQhrE0vETnv4
dZb5ic1iYLWOraSwnQmvOLgrh9iCJuq6n9EWF/YHJelETKQSO2RnPvbpesHLgZ48
ngGkDH+FWU0QZV+LXmq8xpdpLWxMAeh07WIUz0sA1okYFMCk2uy5sg7ovyO804ae
AbZlXz8aDeoMMGzOfNi2PxYxbwRwObBOj2cxU0qMQu49lgIhJjCABgkqhkiG9w0B
BwEwFAYIKoZIhvcNAwcECNUojhuQn568oIAEGPkzqWrziObAHieBNpIKMGboxxY8
oiTMIAQIToaGyI0IMGcAAAAAAAAAAAAA
But when I copy the code into a objective-c Project (for iOS5) I get a "wrong" output which I can't decrypt anymore... This is the output:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHA6CAMIACAQAxggG4MIIBtAIBADCBoDCBkjELMAkGA1UEBhMC
QVQxDzANBgNVBAgMBlN0eXJpYTENMAsGA1UEBwwER3JhejEKMAgGA1UECgwBLzEK
MAgGA1UECwwBLzEdMBsGA1UEAwwUQ2hyaXN0b2YgU3Ryb21iZXJnZXIxLDAqBgkq
hkiG9w0BCQEWHXN0cm9tYmVyZ2VyQHN0dWRlbnQudHVncmF6LmF0AgkAmHFnJtIY
YyAwDQYJKoZIhvcNAQEBBQAEgfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwgAYJKoZIhvcNAQcBMBQG
CCqGSIb3DQMHBAgAyfDfER+rUaCABBi7ammjNh3zr0CZDxRjalXcmxC5qIbWsoUE
COCbSOGWOGcWAAAAAAAAAAAAAA==
It's exactly the same code but produces two different outputs. To me the second output seems very strange because of the mane "AAAA" in base64 encoding. I guess this must be the part of the certificate. At the bottom is the encrypted input string and the begin of the certificate is equal but it changes strangely in the middle or end of the certificate.
Does anyone have a suggestion what's going wrong here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
S/MIME 编码的工作原理通常如下:
您可以使用“openssl asn1parse”之类的命令来更好地了解这些消息的内部结构,例如:
其中 blah.txt 包含您的 S/MIME 输出,减去MIME 标头(即以“MIAGCSq...”开头)。这样做,你会得到:
从你好的输出中,以及:
从你的坏输出中。因此,这表明输出中的所有“A”都应该是 RSA 加密密钥,因此 RSA 加密不知何故失败了。
不过,如果不了解更多关于代码的信息,就很难确切地说出哪里出了问题。作为一个盲目的尝试,我想说确保你记得调用OpenSSL_add_all_algorithms()(或实现相同目的的东西),但你可能已经这样做了,否则你的代码可能会到处失败,不只是在 iOS 上...
S/MIME encoding generally works as follows:
You can use a command like "openssl asn1parse" to get a better idea of the internal structure of these messages, e.g.:
Where blah.txt contains your S/MIME output, minus the MIME headers (i.e. starts with "MIAGCSq..."). Doing this, you get:
from your good output, and:
on your bad output. So this suggests that all those 'A's in your output are supposed to be the RSA-encrypted key, so the RSA encryption is failing somehow.
Without knowing more about your code, it's hard to say exactly what's going wrong, though. As a shot in the dark, I'd say make sure you remembered to call OpenSSL_add_all_algorithms() (or something accomplishing the same purpose), but you probably already did, otherwise your code likely would fail everywhere, not just on iOS...
好吧...问题是 OpenSSL 库中的一个错误。当针对特定体系结构(即 i386)进行编译并在 x64 环境中使用它时,
CMS_encrypt()方法会产生上述错误输出。该错误是由汇编程序中的一些性能优化造成的。欲了解更多信息,请参阅:
http://www.openssl.org/support/faq.cgi =>; 12。为什么 OpenBSD-i386 在 des-586.s 上构建失败并出现“未实现的段类型”?
我通过使用
no-asm属性编译 OpenSSL 解决了这个问题。./Configure ... no-asm我遇到这个问题是因为用于 iOS 模拟器的库需要 i386 架构,但 Mac OSX 使用 x64。只需使用
no-asm编译它即可工作。Okay... the problem was a bug in the OpenSSL lib. When compiling for a certain architecture (i.e. i386) and using it in an x64 environment the
CMS_encrypt()method produces the aforementioned wrong output. This bug results from some performance optimizations in assembler.For further information see:
http://www.openssl.org/support/faq.cgi => 12. Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
I solved it by compiling OpenSSL with
no-asmattribute../Configure ... no-asmI had this problem because the library used for the iOS simulator needs a i386 architecture but Mac OSX uses x64. Simply compile it with
no-asmand it works.