1
我正在嘗試一個小示例程序來解密已經簽名並使用openSSL加密的消息。它在命令行中運行良好。然而在OpenSSL中的「演示」文件夾修改後的代碼嘗試編碼,譯碼失敗openssl解密已簽名和加密的消息
這裏是解密代碼:
int decrypt_smime(){
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
//PKCS7 *cms = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
int flags = CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
printf("decrypt...\n");
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
printf("decrypt...\n");
/* Open S/MIME message to decrypt */
in = BIO_new_file("smencsign.txt", "r");
if (!in)
goto err;
printf("keys read...\n");
/* Parse message */
cms = SMIME_read_CMS(in, NULL); //here is the problem I think
if (!cms)
goto err;
printf("keys read...\n");
out = BIO_new_file("decout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, NULL, out, flags))
goto err;
ret = 0;
err:
if (ret)
{
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
//PKCS7_free(cms);
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}
我得到的錯誤是: 錯誤驗證數據 * 3074258568:錯誤:0D0D40D1:ASN1編碼程序:SMIME_read_ASN1:沒有內容類型:asn_mime.c:451:*
The commands on openssl that worked:
openssl cms -sign -in encr.txt -signer signer.pem -text | openssl cms -encrypt -out smencsign.txt signer.pem
openssl smime -decrypt -in smencsign.txt -recip signer.pem -inkey signer.pem
所以很明顯的OpenSSL使用'CMS的效用進行簽名和加密,但似乎用 'SMIME'用於解密的實用程序。那麼代碼是什麼?
仍然一樣。任何其他想法?其實我知道如果我使用它的加密內容解密。只有經過簽名和加密,解密程序纔會拋出錯誤:( – user900785
我一直在遇到類似的問題,我有一個經過簽名和加密的CMS文件,我可以解密並驗證Java的彈性城堡沒有問題, .NET 2.0。然而,openssl無法處理它沒有錯誤 –
@Chris它可能是文件的東西,像BOM部門? – 2013-10-08 17:16:16