Botan无法使用RSA键对解密数据
我正在制作一个具有客户端和服务器的程序,并将数据从客户端发送到使用加密的服务器。数据已使用键加密,并且密钥被服务器的公共RSA密钥加密,但是服务器无法解密键,给我消息无效的public键密文,无法解密,但有时它确实有效。 RSA密钥被保存为纯文本,并应要求发送给客户端(仅公开密钥)。私钥仅由服务器使用。 要加密客户端执行以下操作的密钥:
Botan::AutoSeeded_RNG rng;
Botan::DataSource_Memory DSMPublicServer(serverPublicKey); // serverPublicKey = key from server
Botan::X509_PublicKey *X509Key_publicServer = Botan::X509::load_key(DSMPublicServer); // Load the key
std::unique_ptr <Botan::Public_Key> publicKeyServer(X509Key_publicServer); // The key used to encrypt
Botan::PK_Encryptor_EME encKey(*publicKeyServer, rng, "EME-PKCS1-v1_5");
std::vector <uint8_t> encKey_t = encKey.encrypt(key, rng);
并且服务器试图将其解密如下:
Botan::AutoSeeded_RNG rngTest;
Botan::DataSource_Memory DSMPrivate(this->myKeyString); // myKeyString = server private key
Botan::PKCS8_PrivateKey *PKCS8Key_Private = Botan::PKCS8::load_key(DSMPrivate, rngTest) // Load the key
std::unique_ptr <Botan::Private_Key> privateKey(PKCS8Key_Private);
Botan::PK_Decryptor_EME dec(*privateKey, rngTest, "EME-PKCS1-v1_5"); // Decryptor
std::vector <uint8_t> dec_t = Botan::unlock(dec.decrypt(this->key)); // This throws errors
this->key.clear(); // The key used on the rest of the data
std::copy(dec_t.begin(), dec_t.end(), std::back_inserter(this->key)); // Put the decrypted key back
如果我在服务器上使用一些数据进行测试,则可以正常工作,但是似乎任一数据在传输过程中丢失,但是它使用TCP SO SO SO不应该这样,或者加密每次都无法正常运行,因为它有时会起作用。有没有办法验证加密数据,以便在发送之前可以对其进行测试,或者我该如何解决问题?
I'm making a program that has a client and server, and to send data from the client to the server it uses encryption. The data is encrypted with a key and the key gets encrypted with the server's public RSA key, but the server fails to decrypt the key giving me the message Invalid public key ciphertext, cannot decrypt but sometimes it does work. The RSA keys are saved as plain text and sent to the client on request (public key only). The private key is used only by the server.
To encrypt the key the client does the following:
Botan::AutoSeeded_RNG rng;
Botan::DataSource_Memory DSMPublicServer(serverPublicKey); // serverPublicKey = key from server
Botan::X509_PublicKey *X509Key_publicServer = Botan::X509::load_key(DSMPublicServer); // Load the key
std::unique_ptr <Botan::Public_Key> publicKeyServer(X509Key_publicServer); // The key used to encrypt
Botan::PK_Encryptor_EME encKey(*publicKeyServer, rng, "EME-PKCS1-v1_5");
std::vector <uint8_t> encKey_t = encKey.encrypt(key, rng);
And the server tries to decrypt it as follows:
Botan::AutoSeeded_RNG rngTest;
Botan::DataSource_Memory DSMPrivate(this->myKeyString); // myKeyString = server private key
Botan::PKCS8_PrivateKey *PKCS8Key_Private = Botan::PKCS8::load_key(DSMPrivate, rngTest) // Load the key
std::unique_ptr <Botan::Private_Key> privateKey(PKCS8Key_Private);
Botan::PK_Decryptor_EME dec(*privateKey, rngTest, "EME-PKCS1-v1_5"); // Decryptor
std::vector <uint8_t> dec_t = Botan::unlock(dec.decrypt(this->key)); // This throws errors
this->key.clear(); // The key used on the rest of the data
std::copy(dec_t.begin(), dec_t.end(), std::back_inserter(this->key)); // Put the decrypted key back
If I test this on the server with some data it works fine, but it seems that either data is lost during transmission, but it uses TCP so that should not be it or that the encryption does not run properly every time since it does work sometimes. Is there a way to validate the encrypted data so I can test it before sending or how could I fix the issue?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好的,所以经过许多不同的尝试,我设法使它起作用。我更改的是服务器如何获取数据,首先,这是在函数请求之后的长消息中,但是现在,服务器从客户端请求它。这些小数据包似乎工作正常,我没有加密的问题。
为什么它不使用我不知道的原始代码,但是从我所做的所有测试中,它可以在多个位置,在拆卸消息时在服务器上加密或构建消息时在客户端上。<<<<<<< br>
-edit--
由于这里请求更多信息。
首先,客户端将数据发送给服务器,其中包含加密数据的长字符串IE
somefilter |函数| data在ZMQ中使用过滤器,该函数是对服务器的函数调用,并且数据包含纯文本,使用客户端键加密文本,并使用服务器的RSA公共密钥进行加密。然后,服务器使用也在消息中的那些零件的长度分解了消息,但这无法正常工作。我无法确切地弄清楚它的问题。取而代之的是,我对服务器和客户端进行了大修,以发送小零件,客户端将向服务器和数据的一个部分发送函数请求以区分客户长消息字符串,因此现在所有数据都以其自己的小包装而不是大信息。但是,此解决方案仅能使用,因为我可以更改服务器和客户端,如果不可能的话,解决方案无法正常工作。另外,这不是我问的问题的答案,但是自从我大修服务器和客户端以来,Botan未能解密的问题就已经解决了,因此我不确定这是什么情况。Ok, so after a lot of different attempts I've managed to get it to work. The thing I've changed is how the server gets the data, at first this was in a long message after the function request, but now the server requests it in parts from the client. The small packets seem to work fine and I don't have any more problems with the encryption.
Why it did not work with the original code I don't know but from all the tests I've done, it could be in several places, on the client when encrypting or building the message, on the server when disassembling the message.
--Edit--
Since more info was requested here it is.
At first, the client sends data to the server in a long string with encrypted data i.e.
somefilter|function|datawhere the filter is used for ZMQ, the function is a function call to the server, and data contained plain text, text encrypted using the key of the client and the key encrypted using the RSA public key of the server. The server then disassembled the message using the lengths of those parts which were also in the message, but this did not work properly. I have not been able to figure out where it goes wrong exactly. Instead, I overhauled the server and client to send small parts, the client would send a function request to the server and one part of data to distinguish the client, after this the server would send messages for the other info that was previously part of the long message string, so now all the data comes in its own small packed instead of a large message. This solution, however, was only possible because I can change the server and client, if this was not possible the solution would not work. Also, this is not an answer to the question I asked but the issue with Botan failing to decrypt has been resolved ever since I overhauled the server and client, so I'm not sure as to what was going on with that.