热门标签
热门文章
- 1WordPress配置文件wp-config.php自定义路径(提高安全性必做)_wordpress 设置文件路径
- 2python笔记——jieba库_jieba.cut
- 3ICRA2021会议-----SLAM方向汇总_5252b.con
- 4自然语言处理: 第十七章RAG的评估技术RAGAS
- 5机器学习 - 图像识别_机器学习 图形识别
- 6命名实体识别代码阅读_datasets.load_from_disk
- 7【AIGC调研系列】Grok1.5相比Grok1的优势在哪
- 8日常pytho3练习脚本之--分词及自然语言处理
- 9Azure AI 服务之语音识别
- 10微信公众号自动回复聊天机器人实现(PHP)_php 自动对话
当前位置: article > 正文
基于OpenSSL,实现C语言SM2的PKCS8的公私钥编码_在线sm2私钥pkcs8转换工具
作者:Monodyee | 2024-04-05 04:00:47
赞
踩
在线sm2私钥pkcs8转换工具
本专栏订阅后可查看以下文章
基于OpenSSL,实现C语言RSA的PKCS10的证书请求
基于OpenSSL,实现C语言SM2的PKCS10的证书请求
基于OpenSSL,实现C语言RSA的PKCS8的公私钥编码
在日常工作中使用密码,就一定会接触到OpenSSL,这个算法库带给我们的东西太多太多,不管是密码算法层面,还有代码框架和使用技巧上更是值得我们去学习和专研。
在接触密码学中,就会涉及到证书,我们在虚拟网络中产生信任,就要有一个信任源,而在密码层面,信任源就是颁布证书的认证中心,从而,证书就是我们可以相信的虚拟对象。
在自己的学习过程中,可以参考网络中,自己创建一个CA中心,自己产生一个证书请求,自己用CA中心颁发一个自签名的证书,这样在验证过程中,就可以验证此证书了。这里的证书请求就是PKCS10,简称为P10。下面我将给出针对C语言产生P10的实例。
主要函数如下:
- // 获得内存中公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_memory_prikey(unsigned char *pucPrikey, unsigned int uiKeylen, unsigned char **ppucDer, unsigned int *puiLen);
- // 获得内存中公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_memory_pubkey(unsigned char *pucPubkey, unsigned int uiKeylen, unsigned char **ppucDer, unsigned int *puiLen);
- // 从PKCS8编码中获得私钥
- int lbxx_pkcs8_d2i_sm2_prikey(unsigned char *pucDer, unsigned int puiLen, unsigned char *pucPrikey, unsigned int *uiKeylen);
- // 从PKCS8编码中获得公钥
- int lbxx_pkcs8_d2i_sm2_pubkey(unsigned char *pucDer, unsigned int puiLen, unsigned char *pucPubkey, unsigned int *uiKeylen);
- // 获得新密钥私钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_generate_prikey(unsigned char **ppucDer, unsigned int *puiLen);
- // 获得新密钥公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_generate_pubkey(unsigned char **ppucDer, unsigned int *puiLen);
具体调用方式如下,我添加了一些注释,便于理解,这里需要使用带有国密算法SM2/3/4的OpenSSL库编译,否则会报错误。
- /****************************************************************
- * FileName: pkcs8_sm2.c
- * Author: labixiaoxin1849
- * Date: 2023-04-23
- * Description: SM2 key for pkcs8 algorithm call of OpenSSL
- ****************************************************************/
-
- #include <string.h>
- #include <openssl/ec.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
-
- static unsigned char sPrikey[] = {
- 0xfc, 0x0b, 0xe0, 0x52, 0x8b, 0x6e, 0xab, 0x7c, 0xf8, 0x92, 0xf0, 0x5c, 0xc2, 0xfe, 0x94, 0xa0,
- 0x47, 0x1a, 0x12, 0x8b, 0x29, 0xb5, 0xcb, 0xb8, 0x92, 0x99, 0x0c, 0x7f, 0x4c, 0x2a, 0x2b, 0x7b
- };
- static unsigned int sPrikeyLen = 32;
-
-
- static unsigned char sPubkey[] = {
- 0x04, 0x90, 0x0b, 0x0d, 0x87, 0xc0, 0xbd, 0x5d, 0x57, 0x60, 0x7a, 0x2a, 0xe1, 0x43, 0x14, 0x4d,
- 0xa4, 0xe1, 0x2f, 0xe5, 0x9d, 0xbd, 0x02, 0x2c, 0xc3, 0x97, 0x8a, 0x71, 0xb1, 0x52, 0xc6, 0xf2,
- 0xb4, 0x52, 0x14, 0xaa, 0x1e, 0xee, 0x78, 0x5f, 0x1f, 0xe8, 0x5b, 0x44, 0x63, 0x68, 0x2b, 0x6e,
- 0x07, 0x80, 0x7a, 0xfd, 0x61, 0x9e, 0xca, 0x94, 0xcb, 0x41, 0x7d, 0xe7, 0xe4, 0x49, 0xbf, 0x3c,
- 0xda,
- };
- static unsigned int sPubkeyLen = 65;
-
-
- // 获得内存中公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_memory_prikey(unsigned char *pucPrikey, unsigned int uiKeylen, unsigned char **ppucDer, unsigned int *puiLen)
- {
- int ret = -1;
- EC_KEY *pSM2 = NULL;
- EVP_PKEY *pKey = NULL;
- PKCS8_PRIV_KEY_INFO *p8 = NULL;
-
- do{
- /* 根据nid创建EC_KEY */
- pSM2 = EC_KEY_new_by_curve_name(EVP_PKEY_SM2);
- if (!pSM2) {
- break;
- }
- /* 从内存设置私钥 */
- ret = EC_KEY_oct2priv(pSM2, pucPrikey, uiKeylen);
- if (ret != 1) {
- break;
- }
-
- const EC_GROUP *ecGroup = EC_KEY_get0_group(pSM2);
- EC_POINT *ecPubPoint = EC_POINT_new(ecGroup);
- const BIGNUM *ecPriKey = EC_KEY_get0_private_key(pSM2);
- ret = EC_POINT_mul(ecGroup, ecPubPoint, ecPriKey, NULL, NULL, NULL);
- if (ret) {
- EC_KEY_set_public_key(pSM2, ecPubPoint);
- }
- EC_POINT_free(ecPubPoint);
-
- /* 创建EVP_PKEY并设置密钥 */
- pKey = EVP_PKEY_new();
- if (!pKey) {
- break;
- }
- if (!EVP_PKEY_set1_EC_KEY(pKey, pSM2)){
- break;
- }
-
- /* EVP_PKEY转为PKCS8 */
- p8 = EVP_PKEY2PKCS8(pKey);
- if (!p8) {
- break;
- }
- *puiLen = i2d_PKCS8_PRIV_KEY_INFO(p8, ppucDer);
-
- ret = 0;
-
- }while(0);
-
- EC_KEY_free(pSM2);
- EVP_PKEY_free(pKey);
- PKCS8_PRIV_KEY_INFO_free(p8);
-
- return ret;
- }
-
- // 获得内存中公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_memory_pubkey(unsigned char *pucPubkey, unsigned int uiKeylen, unsigned char **ppucDer, unsigned int *puiLen)
- {
- int ret = -1;
- EC_KEY *pSM2 = NULL;
- EVP_PKEY *pKey = NULL;
-
- do{
- /* 根据nid创建EC_KEY */
- pSM2 = EC_KEY_new_by_curve_name(EVP_PKEY_SM2);
- if (!pSM2) {
- break;
- }
- /* 从内存设置公钥 */
- const unsigned char *pp = pucPubkey;
- if (!o2i_ECPublicKey(&pSM2, &pp, (long)uiKeylen)) {
- break;
- }
-
- /* 创建EVP_PKEY并设置密钥 */
- pKey = EVP_PKEY_new();
- if (!pKey) {
- break;
- }
- if (!EVP_PKEY_set1_EC_KEY(pKey, pSM2)){
- break;
- }
-
- /* EVP_PKEY转为PKCS8 */
- *puiLen = i2d_PUBKEY(pKey, ppucDer);
-
- ret = 0;
-
- }while(0);
-
- EC_KEY_free(pSM2);
- EVP_PKEY_free(pKey);
-
- return ret;
- }
-
- // 从PKCS8编码中获得私钥
- int lbxx_pkcs8_d2i_sm2_prikey(unsigned char *pucDer, unsigned int puiLen, unsigned char *pucPrikey, unsigned int *uiKeylen)
- {
- EC_KEY *pSM2 = NULL;
- EVP_PKEY *pKey = NULL;
- unsigned char *buf = NULL;
- unsigned int len = 0;
-
- pKey = d2i_AutoPrivateKey(NULL, (const unsigned char **)&pucDer, puiLen);
- if(!pKey) {
- return 1;
- }
- if (EVP_PKEY_id(pKey) != EVP_PKEY_EC && EVP_PKEY_id(pKey) != EVP_PKEY_SM2){
- return 1;
- }
- pSM2 = (EC_KEY *)EVP_PKEY_get0(pKey);
- if(!pSM2) {
- return 1;
- }
- len = EC_KEY_priv2buf(pSM2, &buf);
- if(*uiKeylen < len) {
- return 1;
- }
- memcpy(pucPrikey, buf, len);
- *uiKeylen = len;
-
- return 0;
- }
-
- // 从PKCS8编码中获得公钥
- int lbxx_pkcs8_d2i_sm2_pubkey(unsigned char *pucDer, unsigned int puiLen, unsigned char *pucPubkey, unsigned int *uiKeylen)
- {
- int len = 0;
- unsigned char *buf = NULL;
- EVP_PKEY *pKey = NULL;
-
- pKey = d2i_PUBKEY(NULL, (const unsigned char **)&pucDer, puiLen);
- if(!pKey) {
- return 1;
- }
- len = i2o_ECPublicKey((EC_KEY *)EVP_PKEY_get0(pKey), &buf);
- if(*uiKeylen < len) {
- return 1;
- }
- memcpy(pucPubkey, buf, len);
- *uiKeylen = len;
-
- return 0;
- }
-
- // 获得新密钥私钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_generate_prikey(unsigned char **ppucDer, unsigned int *puiLen)
- {
- int ret = -1;
- EVP_PKEY *pKey = NULL;
- EVP_PKEY_CTX *pkey_ctx = NULL;
- PKCS8_PRIV_KEY_INFO *p8 = NULL;
-
- do{
- /*
- * 创建ECC类型的EVP用于生成SM2密钥对
- * 使用ECC类型是因为SM2操作函数中并没有提供生成算法
- * 在生成密钥对时,设置group同样可以产生SM2类型密钥对
- */
- pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
- if (!pkey_ctx) {
- break;
- }
- /* 必须调用init,内部设置操作类型 */
- if (EVP_PKEY_keygen_init(pkey_ctx) <= 0){
- break;
- }
- /* 设置SM2类型GROUP */
- EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx, EVP_PKEY_SM2);
- /* 获取密钥对,结果存放于pKey中 */
- if (EVP_PKEY_keygen(pkey_ctx, &pKey) <= 0) {
- break;
- }
-
- /* EVP_PKEY转为PKCS8 */
- p8 = EVP_PKEY2PKCS8(pKey);
- if (!p8) {
- break;
- }
- *puiLen = i2d_PKCS8_PRIV_KEY_INFO(p8, ppucDer);
-
- ret = 0;
-
- }while(0);
-
- EVP_PKEY_free(pKey);
- EVP_PKEY_CTX_free(pkey_ctx);
- PKCS8_PRIV_KEY_INFO_free(p8);
-
- return ret;
- }
-
- // 获得新密钥公钥的PKCS8编码字符串
- // 调用者需要释放ppucDer变量的内存
- int lbxx_pkcs8_i2d_sm2_generate_pubkey(unsigned char **ppucDer, unsigned int *puiLen)
- {
- int ret = -1;
- EVP_PKEY *pKey = NULL;
- EVP_PKEY_CTX *pkey_ctx = NULL;
-
- do{
- /*
- * 创建ECC类型的EVP用于生成SM2密钥对
- * 使用ECC类型是因为SM2操作函数中并没有提供生成算法
- * 在生成密钥对时,设置group同样可以产生SM2类型密钥对
- */
- pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
- if (!pkey_ctx) {
- break;
- }
- /* 必须调用init,内部设置操作类型 */
- if (EVP_PKEY_keygen_init(pkey_ctx) <= 0){
- break;
- }
- /* 设置SM2类型GROUP */
- EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx, EVP_PKEY_SM2);
- /* 获取密钥对,结果存放于pKey中 */
- if (EVP_PKEY_keygen(pkey_ctx, &pKey) <= 0) {
- break;
- }
-
- /* EVP_PKEY转为PKCS8 */
- *puiLen = i2d_PUBKEY(pKey, ppucDer);
-
- ret = 0;
-
- }while(0);
-
- EVP_PKEY_free(pKey);
- EVP_PKEY_CTX_free(pkey_ctx);
-
- return ret;
- }
-
- int main(int argc, char *argv[])
- {
- int ret = 0;
- // 必须为NULL
- unsigned char *pucDer = NULL;
- unsigned int uiDerlen = 0;
- unsigned char buf[128] = { 0 };
- unsigned int len = sizeof(buf);
-
- ret = lbxx_pkcs8_i2d_sm2_generate_prikey(&pucDer, &uiDerlen);
- if(ret != 0) {
- printf("call lbxx_pkcs8_i2d_sm2_generate_prikey() error\n");
- return 1;
- }
- OPENSSL_free(pucDer);
- pucDer = NULL;
-
- ret = lbxx_pkcs8_i2d_sm2_generate_pubkey(&pucDer, &uiDerlen);
- if(ret != 0) {
- printf("call lbxx_pkcs8_i2d_sm2_generate_pubkey() error\n");
- return 1;
- }
- OPENSSL_free(pucDer);
- pucDer = NULL;
-
- ret = lbxx_pkcs8_i2d_sm2_memory_prikey(sPrikey, sPrikeyLen, &pucDer, &uiDerlen);
- if(ret != 0) {
- printf("call lbxx_pkcs8_i2d_sm2_memory_prikey() error\n");
- return 1;
- }
- ret = lbxx_pkcs8_d2i_sm2_prikey(pucDer, uiDerlen, buf, &len);
- if(ret != 0) {
- printf("call lbxx_pkcs8_d2i_sm2_prikey() error\n");
- return 1;
- }
- if(sPrikeyLen != len || memcmp(sPrikey, buf, len) != 0) {
- printf("sm2 pkcs8 private key encode or decode error!!!!\n");
- return 1;
- }
- OPENSSL_free(pucDer);
- pucDer = NULL;
-
- memset(buf, 0x00, sizeof(buf));
- len = sizeof(buf);
- ret = lbxx_pkcs8_i2d_sm2_memory_pubkey(sPubkey, sPubkeyLen, &pucDer, &uiDerlen);
- if(ret != 0) {
- printf("call lbxx_pkcs8_i2d_sm2_memory_pubkey() error\n");
- return 1;
- }
- ret = lbxx_pkcs8_d2i_sm2_pubkey(pucDer, uiDerlen, buf, &len);
- if(ret != 0) {
- printf("call lbxx_pkcs8_d2i_sm2_pubkey() error\n");
- return 1;
- }
- if(sPubkeyLen != len || memcmp(sPubkey, buf, len) != 0) {
- printf("sm2 pkcs8 public key encode or decode error!!!!\n");
- return 1;
- }
- OPENSSL_free(pucDer);
- pucDer = NULL;
-
- printf("sm2 pkcs8 test success!!!\n");
- return 0;
- }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Monodyee/article/detail/363208
推荐阅读
相关标签
