[英]How do I use use openssl to encrypt (not sign) using the private key, as is possible in Java?
I have a java program which RSA encrypts data with a private key: 我有一个java程序,RSA使用私钥加密数据:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
PrivateKey privateKey = null;
PublicKey publicKey = null;
// Load certificate from keystore
try {
FileInputStream keystoreFileInputStream = new FileInputStream("keystore.jks");
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(keystoreFileInputStream, "passphrase".toCharArray());
try {
privateKey = (PrivateKey) keystore.getKey("idm_key", "passphrase".toCharArray());
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (Exception e) {
// TODO broad exception block
e.printStackTrace();
}
// Make the encrypted data.
byte[] toEncrypt = "Data to encrypt".getBytes();
byte[] encryptedData = null;
// Perform private key encryption
try {
// Encrypt the data
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
encryptedData = cipher.doFinal(toEncrypt);
} catch (Exception e) {
// TODO broad exception block
e.printStackTrace();
}
I have the need to do the same thing using openssl. 我需要使用openssl做同样的事情。 Here is the code I tried: 这是我试过的代码:
uint8_t *encryptedBytes = NULL;
const char* data = "Data to enrypt";
char *private_key_file_name = "privatekey.pem"
FILE *fp = fopen(private_key_file_name, "r");
RSA *rsa = RSA_new();
PEM_read_RSAPrivateKey(fp, &rsa, 0, "passphase");
size_t encryptedBytesSize = RSA_size(rsa);
encryptedBytes = malloc(encryptedBytesSize * sizeof(uint8_t));
memset((void *)encryptedBytes, 0x0, encryptedBytesSize);
fclose(fp);
int result = RSA_private_encrypt(strlen(data), data, encryptedBytes, rsa,RSA_PKCS1_PADDING);
This is not producing the same output as the Java implementation. 这不会产生与Java实现相同的输出。 Instead, it produces the output that is gotten by signing the data in Java, ie, 相反,它产生通过用Java签名数据获得的输出,即
Signature rsa = Signature.getInstance("RSA");
rsa.initSign(privateKey);
rsa.update(toEncrypt);
byte [] signed = rsa.sign();
Though this is what I would expect given the documentation for RSA_private_encrypt, it's not what I need. 虽然这是我期望的RSA_private_encrypt的文档,但它不是我需要的。 Is there a way to replicate what the java code is doing with openssl? 有没有办法复制java代码用openssl做的事情?
I think you are confused. 我觉得你很困惑。 you don't "encrypt" data with a private key. 您不使用私钥 “加密”数据。 That's worthless, as anyone can decrypt it. 这是毫无价值的,因为任何人都可以解密它。 You sign with the private key (so anyone can verify it) and encrypt with the public key (so that only the holder of the private key can decrypt it). 你用私钥 (这样任何人都可以验证) 签署 ,并与公共密钥(因此只有私钥的持有者可以将其解密) 加密 。 That is why the openssl API has RSA_public_encrypt
which does encryption and RSA_private_encrypt
which does signing. 这就是为什么OpenSSL的API有RSA_public_encrypt
这确实加密和RSA_private_encrypt
这不签约。
You don't need to use OpenSSL in Java at all, whatever it is that you're trying to do. 您根本不需要在Java中使用OpenSSL,无论您正在尝试做什么。 Java has its own crypto libraries. Java有自己的加密库。 See the JCE reference and the javax.crypto package. 请参阅JCE参考和javax.crypto包。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.