{"id":591,"date":"2016-03-23T16:53:04","date_gmt":"2016-03-23T08:53:04","guid":{"rendered":"http:\/\/www.datarelab.com\/blog\/?p=591"},"modified":"2016-03-23T16:53:04","modified_gmt":"2016-03-23T08:53:04","slug":"%e4%bd%bf%e7%94%a8openssl%e5%ba%93%e5%ae%9e%e7%8e%b0rsa%e3%80%81aes%e6%95%b0%e6%8d%ae%e5%8a%a0%e5%af%86%e4%b8%8e%e8%a7%a3%e5%af%86","status":"publish","type":"post","link":"https:\/\/www.datarelab.com\/blog\/Technical_literature\/591.html","title":{"rendered":"\u4f7f\u7528OpenSSL\u5e93\u5b9e\u73b0RSA\u3001AES\u6570\u636e\u52a0\u5bc6\u4e0e\u89e3\u5bc6"},"content":{"rendered":"

openssl\u662f\u53ef\u4ee5\u5f88\u65b9\u4fbf\u52a0\u5bc6\u89e3\u5bc6\u7684\u5e93\uff0c\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5bf9\u9700\u8981\u5728\u7f51\u7edc\u4e2d\u4f20\u8f93\u7684\u6570\u636e\u52a0\u5bc6\u3002\u53ef\u4ee5\u4f7f\u7528\u975e\u5bf9\u79f0\u52a0\u5bc6\uff1a\u516c\u94a5\u52a0\u5bc6\uff0c\u79c1\u94a5\u89e3\u5bc6\u3002openssl\u63d0\u4f9b\u4e86\u5bf9RSA\u7684\u652f\u6301\uff0c\u4f46RSA\u5b58\u5728\u8ba1\u7b97\u6548\u7387\u4f4e\u7684\u95ee\u9898\uff0c\u6240\u4ee5\u4e00\u822c\u7684\u505a\u6cd5\u662f\u4f7f\u7528\u5bf9\u79f0\u5bc6\u94a5\u52a0\u5bc6\u6570\u636e\uff0c\u7136\u540e\u518d\u628a\u8fd9\u4e2a\u53ea\u5728\u5f53\u524d\u6709\u6548\u7684\u4e34\u65f6\u751f\u6210\u7684\u5bf9\u79f0\u5bc6\u94a5\u7528\u975e\u5bf9\u79f0\u5bc6\u94a5\u7684\u516c\u94a5\u52a0\u5bc6\u4e4b\u540e\u4f20\u9012\u7ed9\u76ee\u6807\u65b9\uff0c\u76ee\u6807\u65b9\u4f7f\u7528\u7ea6\u5b9a\u597d\u7684\u975e\u5bf9\u79f0\u5bc6\u94a5\u4e2d\u7684\u79c1\u94a5\u89e3\u5f00\uff0c\u5f97\u5230\u6570\u636e\u52a0\u5bc6\u7684\u5bc6\u94a5\uff0c\u518d\u8fdb\u884c\u6570\u636e\u89e3\u5bc6\uff0c\u5f97\u5230\u6570\u636e\uff0c\u8fd9\u79cd\u4f7f\u7528\u65b9\u5f0f\u5f88\u5e38\u89c1\uff0c\u53ef\u4ee5\u8ba4\u4e3a\u662f\u5bf9HTTPS\u7684\u88c1\u526a\u3002\u5bf9\u79f0\u5bc6\u94a5\u52a0\u5bc6\u53ef\u4ee5\u9009\u62e9AES\uff0c\u6bd4DES\u66f4\u4f18\u79c0\u3002
\nopenssl\u5e93\u6765\u81eahttp:\/\/www.openssl.org\/\uff0c\u4e0b\u8f7d\u5230openssl\u6e90\u7801\u4e4b\u540e\uff0c\u5f00\u59cb\u7f16\u8bd1\uff1a
\n\u4ea7\u751f\u52a8\u6001\u5e93\u7684\u505a\u6cd5\uff1a<\/strong>
\n1\u3001\u5b89\u88c5ActivePerl
\n2\u3001\u8fdb\u5165OpenSSL\u6240\u5728\u6587\u4ef6\u5939\uff0c\u8fd0\u884c\uff1aperl Configure VC-WIN32 --prefix=C:\\openssl-dll
\n3\u3001\u8fdb\u5165VC\/BIN\u76ee\u5f55\uff0c\u8fd0\u884c VCVARS32.BAT \u8bbe\u7f6e\u73af\u5883\u53d8\u91cf
\n4\u3001\u8fd4\u56deOpenSSL\u76ee\u5f55\uff0c\u8fd0\u884c ms\\do_ms
\n5\u3001\u5728OpenSSL\u76ee\u5f55\u4e0b\u6267\u884c\u7f16\u8bd1 nmake -f ms\\ntdll.mak
\n6\u3001\u628a\u5fc5\u8981\u751f\u6210\u7269\u62f7\u8d1d\u5230prefix\u5b9a\u4e49\u7684\u76ee\u5f55\u4e2d nmake -f ms\\ntdll.mak install
\n\u6ce8\u610f\uff1a\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539ntdll.mak\u6587\u4ef6\u4e2d\u7684CFLAG\uff0c\u786e\u5b9a\u7f16\u8bd1MT\u3001MD\u5e93
\n\u4ea7\u751f\u9759\u6001\u5e93\u7684\u505a\u6cd5\uff1a<\/strong>
\n1\u3001\u5b89\u88c5ActivePerl
\n2\u3001perl configure VC-WIN32 --prefix=C:\\openssl-lib
\n3\u3001ms\\do_ms.bat
\n4\u3001nmake -f ms\\nt.mak
\n5\u3001nmake -f ms\\nt.mak install
\n\u6ce8\u610f\uff1a\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539nt.mak\u6587\u4ef6\u4e2d\u7684CFLAG\uff0c\u786e\u5b9a\u7f16\u8bd1MT\u3001MD\u5e93\u3002\u91cd\u7f16\u7684\u65f6\u5019\u628a\u751f\u6210\u7269\u5220\u6389\u3002
\nRSA\u52a0\u89e3\u5bc6\u9700\u8981\u5148\u7528openssl\u5de5\u5177\u751f\u6210RSA\u516c\u94a5\u548cRSA\u79c1\u94a5\u3002<\/strong>\u65b9\u6cd5\uff1a
\n1\u3001\u4ea7\u751f\u79c1\u94a5\uff1aopenssl genrsa -out privkey.pem 1024\uff1b
\n2\u3001\u6839\u636e\u79c1\u94a5\u4ea7\u751f\u516c\u94a5\uff1aopenssl rsa -in privkey.pem -pubout\u3002
\n1024\u53ea\u662f\u6d4b\u8bd5\u7528\uff0c\u4f7f\u75282048\u4f4d\u624d\u6bd4\u8f83\u5b89\u5168\u3002
\nRSA\u52a0\u5bc6\u90e8\u5206\u4ee3\u7801demo\uff1a<\/strong><\/p>\n

std::string EncodeRSAKeyFile( const std::string& strPemFileName, const std::string& strData )\r\n    {\r\n        if (strPemFileName.empty() || strData.empty())\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        FILE* hPubKeyFile = NULL;\r\n        if(fopen_s(&hPubKeyFile, strPemFileName.c_str(), \"rb\") || hPubKeyFile == NULL)\r\n        {\r\n            assert(false);\r\n            return \"\"; \r\n        }\r\n        std::string strRet;\r\n        RSA* pRSAPublicKey = RSA_new();\r\n        if(PEM_read_RSA_PUBKEY(hPubKeyFile, &pRSAPublicKey, 0, 0) == NULL)\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n\r\n        int nLen = RSA_size(pRSAPublicKey);\r\n        char* pEncode = new char[nLen + 1];\r\n        int ret = RSA_public_encrypt(strData.length(), (const unsigned char*)strData.c_str(), (unsigned char*)pEncode, pRSAPublicKey, RSA_PKCS1_PADDING);\r\n        if (ret >= 0)\r\n        {\r\n            strRet = std::string(pEncode, ret);\r\n        }\r\n        delete[] pEncode;\r\n        RSA_free(pRSAPublicKey);\r\n        fclose(hPubKeyFile);\r\n        CRYPTO_cleanup_all_ex_data(); \r\n        return strRet;\r\n    }<\/pre>\n
RSA\u89e3\u5bc6\u90e8\u5206\u4ee3\u7801demo\uff1a<\/strong><\/p>\n
std::string DecodeRSAKeyFile( const std::string& strPemFileName, const std::string& strData )\r\n    {\r\n        if (strPemFileName.empty() || strData.empty())\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        FILE* hPriKeyFile = NULL;\r\n        if(fopen_s(&hPriKeyFile, strPemFileName.c_str(),\"rb\") || hPriKeyFile == NULL)\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        std::string strRet;\r\n        RSA* pRSAPriKey = RSA_new();\r\n        if(PEM_read_RSAPrivateKey(hPriKeyFile, &pRSAPriKey, 0, 0) == NULL)\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        int nLen = RSA_size(pRSAPriKey);\r\n        char* pDecode = new char[nLen+1];\r\n\r\n        int ret = RSA_private_decrypt(strData.length(), (const unsigned char*)strData.c_str(), (unsigned char*)pDecode, pRSAPriKey, RSA_PKCS1_PADDING);\r\n        if(ret >= 0)\r\n        {\r\n            strRet = std::string((char*)pDecode, ret);\r\n        }\r\n        delete [] pDecode;\r\n        RSA_free(pRSAPriKey);\r\n        fclose(hPriKeyFile);\r\n        CRYPTO_cleanup_all_ex_data(); \r\n        return strRet;\r\n    }<\/pre>\n
RSA\u7684API\u4e2d\u5f53\u4f7f\u7528\u53c2\u6570RSA_PKCS1_PADDING\u65f6\uff0c\u660e\u6587\u957f\u5ea6\u4e0d\u80fd\u5927\u4e8e\u5bc6\u6587\u957f\u5ea6-11\uff1b\u5f53\u4f7f\u7528\u53c2\u6570RSA_NO_PADDING\u65f6\uff0c\u660e\u6587\u957f\u5ea6\u9700\u8981\u6b63\u597d\u662f128\u3002
\nAES\u52a0\u5bc6\u90e8\u5206\u4ee3\u7801\uff1a<\/strong><\/p>\n
std::string EncodeAES( const std::string& password, const std::string& data )\r\n    {\r\n        AES_KEY aes_key;\r\n        if(AES_set_encrypt_key((const unsigned char*)password.c_str(), password.length() * 8, &aes_key) < 0)\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        std::string strRet;\r\n        std::string data_bak = data;\r\n        unsigned int data_length = data_bak.length();\r\n        int padding = 0;\r\n        if (data_bak.length() % AES_BLOCK_SIZE > 0)\r\n        {\r\n            padding =  AES_BLOCK_SIZE - data_bak.length() % AES_BLOCK_SIZE;\r\n        }\r\n        data_length += padding;\r\n        while (padding > 0)\r\n        {\r\n            data_bak += '\\0';\r\n            padding--;\r\n        }\r\n        for(unsigned int i = 0; i < data_length\/AES_BLOCK_SIZE; i++)\r\n        {\r\n            std::string str16 = data_bak.substr(i*AES_BLOCK_SIZE, AES_BLOCK_SIZE);\r\n            unsigned char out[AES_BLOCK_SIZE];\r\n            ::memset(out, 0, AES_BLOCK_SIZE);\r\n            AES_encrypt((const unsigned char*)str16.c_str(), out, &aes_key);\r\n            strRet += std::string((const char*)out, AES_BLOCK_SIZE);\r\n        }\r\n        return strRet;\r\n    }<\/pre>\n
AES\u89e3\u5bc6\u90e8\u5206\u4ee3\u7801\uff1a<\/strong><\/p>\n
std::string DecodeAES( const std::string& strPassword, const std::string& strData )\r\n    {\r\n        AES_KEY aes_key;\r\n        if(AES_set_decrypt_key((const unsigned char*)strPassword.c_str(), strPassword.length() * 8, &aes_key) < 0)\r\n        {\r\n            assert(false);\r\n            return \"\";\r\n        }\r\n        std::string strRet;\r\n        for(unsigned int i = 0; i < strData.length()\/AES_BLOCK_SIZE; i++)\r\n        {\r\n            std::string str16 = strData.substr(i*AES_BLOCK_SIZE, AES_BLOCK_SIZE);\r\n            unsigned char out[AES_BLOCK_SIZE];\r\n            ::memset(out, 0, AES_BLOCK_SIZE);\r\n            AES_decrypt((const unsigned char*)str16.c_str(), out, &aes_key);\r\n            strRet += std::string((const char*)out, AES_BLOCK_SIZE);\r\n        }\r\n        return strRet;\r\n    }<\/pre>\n
AES\u52a0\u5bc6\uff0c\u5757\u5927\u5c0f\u5fc5\u987b\u4e3a128\u4f4d\uff0816\u5b57\u8282\uff09\uff0c\u5982\u679c\u4e0d\u662f\uff0c\u5219\u8981\u8865\u9f50\uff0c\u5bc6\u94a5\u957f\u5ea6\u53ef\u4ee5\u9009\u62e9128\u4f4d\u3001192\u4f4d\u3001256\u4f4d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
openssl\u662f\u53ef\u4ee5\u5f88\u65b9\u4fbf\u52a0\u5bc6\u89e3\u5bc6\u7684\u5e93\uff0c\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5bf9\u9700\u8981\u5728\u7f51\u7edc\u4e2d\u4f20\u8f93\u7684\u6570\u636e\u52a0\u5bc6\u3002\u53ef\u4ee5\u4f7f\u7528\u975e\u5bf9\u79f0\u52a0\u5bc6\uff1a\u516c\u94a5\u52a0\u5bc6 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-591","post","type-post","status-publish","format-standard","hentry","category-Technical_literature"],"views":2151,"_links":{"self":[{"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/posts\/591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/comments?post=591"}],"version-history":[{"count":0,"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/posts\/591\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/media?parent=591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/categories?post=591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.datarelab.com\/blog\/wp-json\/wp\/v2\/tags?post=591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}