可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I am learning to use OpenSSL library in my program. Here in the code I generate a private key and immediately I am encrypting a message using that key. But always it fails. Kindly help me.
private_key = RSA_generate_key(RSA_KEY_LENGTH, RSA_3, NULL, NULL); if (RSA_check_key(private_key) < 1) { printf("generate_key: key generation failed\n"); exit(-1); } unsigned char msg[25]; unsigned char cipher[128]; strcpy((char*)msg, "hello"); int ret = RSA_private_encrypt(25, msg, cipher, private_key, RSA_PKCS1_OAEP_PADDING); if (ret < 0) { printf("encryption in key generation failed\n"); printf ("%s\n", ERR_error_string (ERR_get_error (), (char *) cipher)); exit (-1); }
This always fails and this is the error I am getting with ERR_error_string.
error:04066076:lib(4):func(102):reason(118)
回答1:
error:04066076:lib(4):func(102):reason(118)
You can use OpenSSL's errstr to give you meaningful error messages (in most cases):
$ openssl errstr 0x04066076 error:04066076:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:unknown padding type
Even though you narrowed it down to RSA_PKCS1_OAEP_PADDING/RSA_PKCS1_PADDING, you should still use RSA_PKCS1_OAEP_PADDING with RSA encryption. So your next task is to figure out what's still wrong with your code.
Here's a good blog entry on why you should avoid PKCS 1.5 padding for RSA encryption: A bad couple of years for the cryptographic token industry.
回答2:
See documentation:
man RSA_private_encrypt
RSA_private_encrypt() signs the flen bytes at from (usually a message digest with an algorithm identifier) using the private key rsa and stores the signature in to. to must point to RSA_size(rsa) bytes of memory. padding denotes one of the following modes: RSA_PKCS1_PADDING PKCS #1 v1.5 padding. This function does not handle the algorithmIdentifier specified in PKCS #1. When generating or verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used. RSA_NO_PADDING Raw RSA signature. This mode should only be used to implement cryptographically sound padding modes in the application code. Signing user data directly with RSA is insecure.
I do not know where you got RSA_PKCS1_OAEP_PADDING from, but the only supported paddings are listed above.
回答3:
I have found the reason for this problem. Actually the padding method RSA_PKCS1_OAEP_PADDING is not working for me in my both centos and ubuntu machines. Once I changed it to RSA_PKCS1_PADDING, it started working fine. But I am not sure why this is happening.
