加密和解密错误0x0407106B使用OpenSSL

2018-06-20 01:52:40

我正在用C编写一个例程，用公钥读取一个base64字符串，并继续对一个字符串进行加密。我也测试相同的字符串的解密，但当我试图做解码时，我得到错误0x0407106B：

$ openssl errstr 0x0407106B
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02

这是代码

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>

//#define PADDING RSA_PKCS1_OAEP_PADDING
#define PADDING RSA_PKCS1_PADDING
//#define PADDING RSA_NO_PADDING

main() {

// public key
char *b64_pKey = "-----BEGIN PUBLIC KEY-----nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp2w+8HUdECo8V5yuKYrWJmUbLntD6nSyVifN543axXvNSFzQfWNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6nhsZA81AblAOOXKaUaxvFC+ZKRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68EpnnaOLepTZw+GLTnusQgwIDAQABn-----END PUBLIC KEY-----n";

// private key
char *b64priv_key = "-----BEGIN RSA PRIVATE KEY-----nMIICXAIBAAKBgQCp2w+8HUdECo8V5yuKYrWJmUbLtD6nSyVifN543axXvNSFzQfWnNOGVkMsCo6W4hpl5eHv1p9Hqdcf/ZYQDWCK726u6hsZA81AblAOOXKaUaxvFC+ZKnRJf+MtUGnv0v7CrGoblm1mMC/OQI1JfSsYi68EpnaOLepTZw+GLTnusQgwIDAQABnAoGBAKDuq3PikblH/9YS11AgwjwC++7ZcltzeZJdGTSPY1El2n6Dip9ML0hUjeSMnROIWtac/nsNcJCnvOnUjK/c3NIAaGJcfRPiH/S0Ga6ROiDfFj2UXAmk/v4wRRUzrn5lsA0jgEt5qcq2Xr/JPQVGB4wUgL/yQK0dDhW0EdrJ707e3BAkEA1aIHbmcVfCP8nY/uWuK0lvWxrIWfR5MlHhI8tD9lvkot2kyXiV+jB6/gktwk1QaFsy7dCXn7w03+knxrjEGGN+kQJBAMuKf55lDtU9K2Js3YSStTZAXP+Hz7XpoLxmbWFyGvBx806WjgADn624irwS+0tBxkERbRcisfb2cXmAx8earT9MCQDZuVCpjBWxd1t66qYpgQ29iAmG+njBIY3qn9uOOC6RSTiCCx1FvFqDMxRFmGdRVFxeyZwsVE3qNksF0Zko0MPKECQCEenoDV97DP2iCCz5je0R5hUUM2jo8DOC0GcyR+aGZgWcqjPBrwp5x08t43mHxeb4wW8ndFZ6+trnntO4TMxkA9ECQB+yCPgO1zisJWYuD46KISoesYhwHe5C1BQElQgi9bionU39fFo88w1pok23a2CZBEXguSvCvexeB68OggdDXvy0=n-----END RSA PRIVATE KEY-----n";

// String to encrypt
char *str = "1234";

ERR_load_crypto_strings();  

BIO *bpo = BIO_new_mem_buf(b64_pKey, -1);
RSA *pubKey = PEM_read_bio_RSA_PUBKEY(bpo, NULL, NULL, NULL);

if ( !pubKey ) {
    printf("%sn", ERR_error_string(ERR_get_error(), NULL));
    return;
}

int rsa_length = RSA_size(pubKey);

BIO *b64 = NULL;
BIO *bmem = NULL;
BUF_MEM *bptr = NULL;

unsigned char encrypted[2560] = { 0 };
unsigned char retencrypted[2560] = { 0 };

int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);
if ( resultEncrypt == -1 ) {
    printf("%sn", ERR_error_string(ERR_get_error(), NULL));
    return;
}

/*
 * Show base 64 encrypted string  
 */ 
b64 = BIO_new((BIO_METHOD *)BIO_f_base64());
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_write(b64, encrypted, resultEncrypt);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bptr);

memcpy(retencrypted, bptr->data, bptr->length);
BIO_free(b64);
BIO_free(bpo);
RSA_free(pubKey);

printf("Encrypted string:%sn",retencrypted);

/*
 * Now decrypt this very string with the private key
 */ 

BIO *bpop = BIO_new_mem_buf(b64priv_key, -1);
RSA *privKey = PEM_read_bio_RSAPrivateKey(bpop, NULL, NULL, NULL);

if ( !privKey ) {
    printf("%sn", ERR_error_string(ERR_get_error(), NULL));
    return;
}

rsa_length = RSA_size(privKey);

unsigned char decrypted[2560] = { 0 };

int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);

if ( resultDecrypt == -1 ) {
    printf("%sn", ERR_error_string(ERR_get_error(), NULL));
    return;
}

printf("resultDecrypt=%dndecrypted string: %sn",resultDecrypt,decrypted);
BIO_free(bpop);
RSA_free(privKey);
ERR_free_strings();
}

注意：我使用导出私钥

openssl rsa -in rsa_privatekey.pem -check

和公钥：

openssl rsa -in rsa_privatekey.pem -pubout

为什么我会收到错误？

问题是你试图解密base64编码的结果。您应该尝试解密加密的结果。

那就是，而不是：

int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), retencrypted, decrypted, privKey, PADDING);

你应该打电话给：

int resultDecrypt = RSA_private_decrypt( RSA_size(privKey), encrypted, decrypted, privKey, PADDING);

此外，加密呼叫还有一个问题：

int resultEncrypt = RSA_public_encrypt(PADDING, str, encrypted, pubKey, PADDING);

你为什么把PADDING当成flen ？这应该是字符串的长度（即4或5，取决于您是否要加密空字符）。

如果你想把加密的字符串写成ASCII（用base64编码），那很好。但是在解密之前你必须解码它。

你得到的错误是块类型不是02。

虽然Omri是正确的，你传递了错误的数据，而你只打算加密1个字节，但错误是因为sizeof( encrypted )太大（2560）。换句话说， RSA_public_encrypt的数据接收器必须是普通的unsigned char*指针， 而不是 unsigned char[2560] 。

你在哪里

unsigned char encrypted[2560] = { 0 }; //X 2560?? RSA_public_encrypt fails.

你应该使用

unsigned char *encrypted = (unsigned char*)malloc( rsa_length ) ;
RSA_public_encrypt( DATALEN, (const unsigned char*)str, encrypted, pubKey, PADDING ) ;

请注意，Omri指出的错误是，您使用PADDING作为RSA_public_encrypt的第一个参数，而它应该是DATALEN数据长度。

如果您解决了这个问题，那么您将在私钥解密后得到类似的错误。修复它，你就在路上。

链接地址: http://www.djcxy.com/p/56477.html

上一篇: Encryption and decryption error 0x0407106B using OpenSSL

下一篇: PyCharm (1.5.4) and Pandas 0.6.0