Current location - Quotes Website - Personality signature - RSA usage of OpenSSL
RSA usage of OpenSSL
RSA public key cryptosystem is a cryptosystem that uses different encryption keys and decryption keys, and "it is computationally infeasible to derive decryption keys from known encryption keys". In a public key cryptosystem, the encryption key PK is public information, while the decryption key SK needs to be kept secret. An encryption algorithm e and a decryption algorithm d are also disclosed. Although the decryption key SK is determined by the public key PK, it cannot be calculated from PK.

Based on this theory, the famous RSA algorithm appeared in 1978, which is usually a pair of RSA keys, one of which is a secret key and kept by the user. The other is the public key, which can be made public or even registered on the network server. In order to improve the security strength, RSA keys should be at least 500 bits long, and it is generally recommended to use 1024 bits. This makes the calculation of encryption very large. In order to reduce the amount of calculation, when transmitting information, the traditional encryption method is often combined with the public key encryption method, that is, the information is encrypted with the improved DES or IDEA dialogue key, and then the dialogue key and message digest are encrypted with RSA key. After receiving the message, the other party can decrypt it with different keys and view the message summary.

RSA algorithm is a widely used public key algorithm. Its key includes public key and private key. It can be used for digital signature, identity authentication and key exchange. The RSA key length is generally 1024 bits or higher. RSA key information mainly includes:

N: modulus

E: public key index

D: private key index

The first big prime number

The first big prime number

Where the public keys are n and e; The private keys are n and d.

This article assumes that you have installed OpenSSL and have a copy of the source code of 1. 1. 1

RSA-related header files are in rsa.h and source files are in crypto/rsa directory.

This structure defines the internal data information of RSA. Main field meaning:

Version-version.

Method -RSA operation abstract method set.

N, e, d, p, q, dmp 1, dmq 1, iQMP-key related large numbers.

This structure defines a collection of abstract methods of various operations in RSA. Main field meaning:

Name-Name description.

RSA _ pub _ enc- public key encryption method.

RSA _ pub _ dec- public key decryption method.

RSA _ priv _ enc- private key encryption method.

RSA _ priv _ dec- public key decryption method.

RSA _ sign- signature method.

RSA _ verify- signature verification method.

RSA _ Keygen- Method for generating key pairs.

In 1. 1. 1, most data structures are no longer open to users, which is more reasonable from the packaging point of view. If you can't find the structure definition in the header file, you might as well search in the source code.

RSA * RSA _ new(void);

Use the default rsa_pkcs 1_ossl_meth method to generate the RSA key structure.

void RSA _ free(RSA * r);

Publish RSA structure.

RSA *RSA_generate_key(int bits, unsigned E Long, void (*callback) (int, int, void *), void * CB _ arg);

Generate RSA key (old version).

Bits is the number of key bits and e is the public key index.

Callback is an intervening callback function in the process of key generation, and usually NULL is passed in. Cb_arg is the callback parameter.

RSA pointer was returned successfully, and NULL was returned on failure.

int RSA_generate_key_ex(RSA *rsa,int bits,BIGNUM *e,BN _ GENCB * CB);

Generate RSA key (new version).

Rsa is an RSA object pointer. Bits is the location of the key, and e is a pointer in the form of a large number of public key exponents. Cb is an intervention callback function, and usually NULL is passed in.

1 returned successfully, and 0 failed.

Regarding the public key exponent e, there are mainly two values:

# Define RSA_3 0x3L

# define RSA_F4 0x 1000 1L

RSA * RSA public key _ dup(RSA * RSA);

Copy the RSA public key part.

RSA pointer was returned successfully, and NULL was returned on failure.

RSA * RSA private key _ dup(RSA * RSA);

Copy the RSA private key part.

RSA pointer was returned successfully, and NULL was returned on failure.

int RSA _ bits(const RSA * RSA);

Gets the number of RSA key bits.

int RSA _ size(const RSA * RSA);

Gets the RSA key length.

int RSA _ check _ key(const RSA *);

int RSA_check_key_ex(const RSA *,BN _ GENCB * CB);

To check the validity of RSA, it must be a complete key pair.

1 returned successfully, and 0 failed.

int RSA_print(BIO *bp,const RSA *r,int offset);

int RSA_print_fp(FILE *fp,const RSA *r,int offset);

Output RSA information to bp/fp, and off is the offset of output information in bp/fp, such as screen bp/fp, indicating the distance from the position of printed information to the left edge of the screen.

int RSA_public_encrypt(int flen,const unsigned char *from,

Unsigned char *to, RSA *rsa, int padding);

RSA public key encryption.

The ciphertext length was returned successfully, and-1 failed.

int RSA_public_decrypt(int flen,const unsigned char *from,

Unsigned char *to, RSA *rsa, int padding);

RSA public key decryption.

The plaintext length was returned successfully, and-1 was returned if it failed.

int RSA_private_encrypt(int flen,const unsigned char *from,

Unsigned char *to, RSA *rsa, int padding);

RSA private key encryption.

The ciphertext length was returned successfully, and-1 failed.

int RSA_private_decrypt(int flen,const unsigned char *from,

Unsigned char *to, RSA *rsa, int padding);

RSA private key decryption.

The plaintext length was returned successfully, and-1 was returned if it failed.

Regarding the filling method, the values are:

The padding size of PKCS 1 is 1 1 byte, so the length of encrypted plaintext should not be greater than (key size-1 1 byte).

# define RSA _ pkcs 1 _ PADDING _ SIZE 1 1

Int RSA_sign(int type, const unsigned char *m, unsigned int m_length,

unsigned char *sigret,unsigned int *siglen,RSA * RSA);

Generate RSA signature for data m, and the generated signature length is the same as that of key. For example, a 5 12-bit key generates a 64-byte signature.

Type specifies the NID of the summarization algorithm, such as NID_sha 1.

1 returned successfully, and 0 failed.

Int RSA_verify(int type, const unsigned char *m, unsigned int m_length,

const unsigned char *sigbuf,unsigned int siglen,RSA * RSA);

Verify RSA signature on data m

Type specifies the NID of the summarization algorithm, such as NID_sha 1.

1 returned successfully, and 0 failed.

The following functions are defined in x509.h:

int i2d _ RSAPrivateKey _ BIO(BIO * BP,RSA *rsa)

{

Returns ASN1_ item _ i2d _ bio (ASN1_ item _ rptr (RSA private key), bp, RSA);

}

Convert RSA public key into DER code and write it into bp abstract IO.

1 returned successfully, and 0 failed.

RSA * d2i _ RSAPrivateKey _ BIO(BIO * BP,RSA **rsa)

{

Returns ASN1_ item _ d2i _ bio (ASN1_ item _ rptr (RSA private key), bp, RSA);

}

Read DER code from bp abstract IO and convert it into rsa structure private key.

A valid specification was returned successfully, and NULL was returned on failure.

int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa)

{

Returns ASN1_ item _ i2d _ bio (ASN1_ item _ rptr (RSA public key), bp, RSA);

}

Convert RSA public key into DER code and write it into bp abstract IO.

1 returned successfully, and 0 failed.

RSA * d2i _ RSA public key _ BIO(BIO * BP,RSA **rsa)

{

Returns ASN1_ item _ d2i _ bio (ASN1_ item _ rptr (RSA public key), bp, RSA);

}

Read DER code from bp abstract IO and convert it into rsa structure public key.

A valid specification was returned successfully, and NULL was returned on failure.

The following examples demonstrate the generation of RSA key pairs, the replication of public and private keys, and the usage of public key encryption and private key decryption.

Output:

The following examples demonstrate the separate storage and reading of public and private keys, as well as encryption and decryption using public and private keys.

Output:

RSA _ generate _ key _ ex()ret: 1

i2d _ RSAPrivateKey _ bio()ret: 1

i2d _ RSA public key _ bio()ret: 1

Copy private key size: 64

Copy public key size: 64

RSA public encryption () ret:64

RSA private decryption () ret: 10

Text: [1234567890]

The following example demonstrates the operation of signature generation and verification.

Output:

ret: 1

RSA_sign() ret: 1

Sign 64

4 EC 0 af 099 c 49646 b 72 FDA 88 a 4 FB 1 1 E8 deb 3898 da 9 C3 f 6 1 1 a5 f 25 f 05d 9d 00563 1 858239 BBB 732 CD 5060 DBC 975363 fc 1 B9 CDF D5 a 0454 165438

RSA_verify() ret: 1