c++ - OpenSSL 生成 ED25519 密钥对 C++
问题描述
我想创建一个 x509 证书并使用 eddsa(ed25519) 私钥对其进行自签名!
所以我从文档中尝试了以下示例: https ://www.openssl.org/docs/man1.1.1/man7/Ed25519.html
EVP_PKEY* server::generate_privatekey()
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
if(EVP_PKEY_keygen_init(pctx) <= 0){
std::cout << "keygen init fail\n" << std::endl;
}
//EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_ED25519);
//gives return value -1 in combination with EVP_PKEY_CTX_new_id(EVP_PKEY_EC , NULL);
//EVP_PKEY_EC != eddsa (ecdsa/ecdh only?)
//gives return value 0 in combination with EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519 , NULL);
if(EVP_PKEY_keygen(pctx, &pkey) <= 0){
std::cout << "keygen fail\n" << std::endl;
}
//////////KEYPAIR CHECK///////////
int chk = EVP_PKEY_check(pctx);
if(chk == 1){
std::cout << "key pair valid: " << chk << std::endl;
}
else if(chk == -2){
std::cout << "algorithm not supported: " << chk << std::endl;
}
else{
std::cout << "keypair error: " << chk << std::endl;
}
//////////////////////////////////
EVP_PKEY_CTX_free(pctx);
return pkey;
}
https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_check.html
EVP_PKEY_check()给出返回值 0(“密钥对错误”)!
EVP_PKEY_public_check()是相同的结果。
我认为这就是为什么我得到X509_sign()一个返回值 0(失败):
string server::Generate_x509(EVP_PKEY* pkey)
{
//////////////////////////////////////////////////////
//set expiration = 10 years
time_t exp;
time(&exp);
exp += 315360000;
//create x509 structure
X509* x509= X509_new();
//set serial to 420
if(ASN1_INTEGER_set(X509_get_serialNumber(x509), 420) == 0){
std::cout << "asn1 set serial number fail\n" << std::endl;
}
//set start & expiration time
if(X509_time_adj_ex(X509_getm_notBefore(x509), 0, 0, 0) == NULL){
std::cout << "set time fail\n" << std::endl;
}
if(X509_time_adj_ex(X509_getm_notAfter(x509), 0, 0, &exp) == NULL){
std::cout << "set end time fail\n" << std::endl;
}
//set public key
if(X509_set_pubkey(x509, pkey) == 0){
std::cout << "set pubkey fail\n" << std::endl;
}
//sign certificate with private key
if(X509_sign(x509, pkey, EVP_sha512()) == 0){
std::cout << "sign fail\n" << std::endl;
return "Creating certificate failed...\n";
}
FILE*f;
f = fopen("key.pem", "wb");
PEM_write_PrivateKey(
f, /* write the key to the file we've opened */
pkey, /* our key from earlier */
EVP_aes_256_cbc(), /* default cipher for encrypting the key on disk */
(unsigned char*)"aaa", /* passphrase required for decrypting the key on disk */
3, /* length of the passphrase string */
NULL, /* callback for requesting a password */
NULL /* data to pass to the callback */
);
fclose(f);
f = fopen("cert.pem", "wb");
PEM_write_X509(
f, /* write the certificate to the file we've opened */
x509 /* our certificate */
);
fclose(f);
return "Certificate created succesfully\n";
}
使用生成的 RSA 密钥一切正常。
此示例也适用,但不适用于我的参数(请参见上面的代码):
使用 OpenSSL 1.1 生成 EC 密钥时仅使用 1 个 EVP_PKEY
我正在使用 OpenSSL v1.1.1i
我希望这个问题不会太愚蠢..
此致
解决方案
推荐阅读
- php - WooCommerce 再次订购和用于价格计算的自定义商品数据
- node.js - PDFToolKit 正在发送奇怪的数据
- udp - 如何检测 UDP 流完成?
- c# - 如何为钩子使用参数化方法 - SpecFlow
- scala - 映射函数中的数组操作:Spark 1.6
- delphi - Delphi FMX TListBox 对于大型列表很慢
- python - 基于单词及其加权概率从矩阵生成文本语料库
- python - 我怎样才能让我的程序拒绝字母输入,只接受数字输入?
- c# - 由于 Hyper-V 问题,Xamarin 初始设置无法正常工作
- python - 无法将 Postgres 插入速度与 Python 中的 SQLite3 相匹配