本软件是一个gui密码算法工具. 基于gmssl , 支持sm2/3/4和des/aes/rsa算法.
- 所有数据均为16进制.
- 使用qt, 在高分屏上支持良好.
- 自带一些字符处理功能
使用qt5编译. 也可下载我编译好的版本
本软件是一个gui密码算法工具. 基于gmssl , 支持sm2/3/4和des/aes/rsa算法.
使用qt5编译. 也可下载我编译好的版本
解密时,崩溃不是你的问题,而是GmSSL中一个函数的问题。
GmSSL要说也是一个大牌了,不知道为什么还有这么一个低级的问题。
@tan00 您好!
请教个问题,如何通过原生字符串秘钥生成EVP_PKEY结构?
我的方式如下:
EVP_PKEY* covert_string_evp_pkey_new(unsigned char* buf,int is_public)
{
if (NULL == buf)
{
return NULL;
}
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_sm2p256v1);
long keylen=0;
unsigned char *key = NULL;
if (!(key = OPENSSL_hexstr2buf((char *)buf, &keylen)))
{
return NULL;
}
/*
if (keylen != 32 )
{
printf("__LINE__=%ld\n",__LINE__);
// OPENSSL_cleanse(key, keylen);
}*/
if(is_public)
{
if(!EC_KEY_oct2key(eckey,key, keylen,NULL))
{
OPENSSL_cleanse(key, keylen);
}
}
else
{
if (!EC_KEY_oct2priv(eckey, key, keylen))
{
OPENSSL_cleanse(key, keylen);
}
}
OPENSSL_cleanse(key, keylen);
EVP_PKEY *evp_key = EVP_PKEY_new();
if(!EVP_PKEY_set1_EC_KEY(evp_key,eckey))
{
OPENSSL_cleanse(key, keylen);
return NULL;
}
return evp_key;
}
采用这种方式确实可以生成EVP_PKEY,且我内部加验签也可以成功,加验签如下:
struct AlgorithmParams
{
const unsigned char *public_key;
const unsigned char *private_key;
int pri_key_len;
int pub_key_len;
const unsigned char *str_in;
int str_in_len;
unsigned char *str_out;
int str_out_len;
const unsigned char *iv;
int pendding; //0 不填充 默认填充
};
int sm2_sign(struct AlgorithmParams *param)
{
if(NULL == param)
{
fprintf(stderr, "%s() failed to sm2_sign\n", func);
return -1;
}
char szErr[1024];
int nRet = 0;
int value = 0;
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
EVP_MD_CTX *mdctx = NULL;
if(!(pkey = covert_string_evp_pkey_new(param->private_key,0)))
{
printf("LINE=%d\n",LINE);
return -1;
}
md = EVP_sm3();
if(!(mdctx=EVP_MD_CTX_new()))
{
fprintf(stderr, "%s() failed to call EVP_MD_CTX_new\n", __func__);
nRet = -1;
goto sign_ret;
}
if(!EVP_DigestSignInit(mdctx, NULL,md, NULL,pkey))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_SignUpdate failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -1;
goto sign_ret;
}
if(!EVP_DigestSignUpdate(mdctx, param->str_in, param->str_in_len))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_SignUpdate failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -2;
goto sign_ret;
}
if(!EVP_DigestSignFinal(mdctx, param->str_out, &(param->str_out_len)))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_SignFinal failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -3;
goto sign_ret;
}
sign_ret:
/if( !EVP_MD_CTX_cleanup(mdctx) ) {
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_ctx_cleanup failed: \nopenssl return %d, %s\n", value, szErr );
}/
EVP_PKEY_free(pkey);
EVP_MD_CTX_destroy(mdctx);
return nRet;
}
int sm2_verify(struct AlgorithmParams *param)
{
if(NULL == param)
{
fprintf(stderr, "%s() failed to sm2_verify\n", func);
return -1;
}
char szErr[1024];
int nRet = 0;
int value = 0;
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
EVP_MD_CTX *mdctx = NULL;
if(! (pkey = covert_string_evp_pkey_new(param->public_key,1)))
{
return -1;
}
md = EVP_sm3();
if(!(mdctx=EVP_MD_CTX_new()))
{
fprintf(stderr, "%s() failed to call EVP_MD_CTX_new\n", __func__);
nRet = -1;
goto verify_ret;
}
if(!EVP_DigestVerifyInit(mdctx, NULL,md, NULL,pkey))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_DigestVerifyInit failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -1;
goto verify_ret;
}
if(!EVP_DigestVerifyUpdate(mdctx, param->str_in, param->str_in_len))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_DigestVerifyUpdate failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -2;
goto verify_ret;
}
if(!EVP_DigestVerifyFinal(mdctx, param->str_out, param->str_out_len))
{
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_DigestVerifyFinal failed: \nopenssl return %d, %s\n", value, szErr );
nRet = -3;
goto verify_ret;
}
verify_ret:
/if( !EVP_MD_CTX_cleanup(mdctx) ) {
value = ERR_get_error();
ERR_error_string( value, szErr );
fprintf( stderr,"OpenSSL_Sign: EVP_ctx_cleanup failed: \nopenssl return %d, %s\n", value, szErr );
}/
EVP_PKEY_free(pkey);
EVP_MD_CTX_destroy(mdctx);
return nRet;
}
确实可以加验签成功,但是,采用java bc加签的签名,我这边无法验签成功,反之亦然。是sm2的参数设置有误还是?请指教!
验证java bc的签名报错结果如下:
openssl return 269181073, error:100B6091:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.