问题描述
我正在尝试使用 OpenSSL 的库开发数字签名工具,但从我的代码创建的签名与我从命令行获得的签名不同。
我检查并验证了 SHA256 摘要是正确的。
这是我用来验证签名的命令示例:
this.data.push(data);
根据我下面的代码,是否有明显我做错的地方?
openssl rsautl -sign -inkey privateKey.pem -in hash.txt > signature
这些是我用来编译它的标志:
#include <iostream>
#include <string>
#include <sstream>
#include <fstream>
#include <iomanip>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
using namespace std;
RSA * generateKeys()
{
RSA *rsa = RSA_new();
BIGNUM *bignum = NULL;
bignum = BN_new();
BN_set_word(bignum,RSA_F4);
FILE *file;
bool exists;
if ((file = fopen("privateKey.pem","r")))
{
exists = true;
fclose(file);
}
if (!exists)
{
FILE *pkey = fopen("privateKey.pem","wb");
RSA_generate_key_ex(rsa,2048,bignum,NULL);
PEM_write_RSAPrivateKey(pkey,rsa,NULL,NULL);
fclose(pkey);
}else{
FILE *pkey = fopen("privateKey.pem","rb");
PEM_read_RSAPrivateKey(
pkey,&rsa,NULL);
fclose(pkey);
}
return rsa;
}
// Sign document
void sign(const char *filepath)
{
FILE *file = fopen(filepath,"r");
// SHA256 digest
unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
char *buffer[1024];
int bytesRead = 0;
while ((bytesRead = fread(buffer,1,1024,file)))
{
SHA256_Update(&sha256,buffer,bytesRead);
}
fclose(file);
SHA256_Final(hash,&sha256);
// Retrieve keys (create keys if it does not exist)
RSA *rsa = generateKeys();
// Sign
const int size = RSA_size(rsa);
unsigned char *sign = new unsigned char[size];
unsigned int outlen = 0;
RSA_sign(NID_sha256,hash,SHA256_DIGEST_LENGTH,sign,&outlen,rsa);
FILE *signedDoc = fopen("signedDocument.signed","wb");
fputs((const char *) sign,signedDoc);
fclose(signedDoc);
}
// Validate document
// int validate(FILE *file){
// return 0;
// }
int main(int argc,char *argv[])
{
// Input validation
if (argc == 1)
{
cout << "Usage: sign -sv document" << endl
<< "-s sign document" << endl
<< "-v validate document signature" << endl;
return 0;
}
if (argc > 3 || (string(argv[1]) != "-s" && string(argv[1]) != "-v"))
{
cout << "Error: Wrong arguments given." << endl
<< "sign for help" << endl;
return -1;
}
FILE *document = fopen(argv[2],"r");
if (document == NULL)
{
cout << "File open error.." << endl;
return -1;
}
// Sign document
if ((string(argv[1]) == "-s"))
{
sign(argv[2]);
}
// // Validate signature
// if((string(argv[1]) == "-v")){
// validate(document);
// }
}
提前致谢。
解决方法
我已经实现了 RSA_verify 函数,并且根据我的代码所做的签名,RSA_verify 起作用并且它返回它是有效的。我还添加了保存公钥的代码。
我最好的猜测是我的代码并不完全代表命令。