Original link: http://www.cnblogs.com/cswuyg/p/3187462.html
OpenSSL is a library that is easy to encrypt and decrypt, and can be used to encrypt data that needs to be transmitted over the network. Asymmetric encryption can be used: Public key encryption, private key decryption. OpenSSL provides support for RSA, but RSA has low computational efficiency, so it is common practice to encrypt the data using a symmetric key and then pass it on to the target party only after the current valid temporarily generated symmetric key is encrypted with the public key of the asymmetric key. The target party uses the agreed-on asymmetric key to solve the secret key, get the data encryption key, and then decrypt the data, get the data, this use is very common, it can be considered as the clipping of HTTPS. Symmetric key encryption can choose AES, which is better than DES.
The OpenSSL library is from http://www.openssl.org/, and after downloading to the OpenSSL source, start compiling:
1, Install ActivePerl
2, enter the folder where OpenSSL is located, run: Perl Configure vc-win32--prefix=c:\ Openssl-dll
3, go to Vc/bin directory, run VCVARS32. BAT SET environment variable
5, perform compilation nmake-f Ms\ntdll.mak in the OpenSSL directory
6, copy the necessary build to the prefix defined directory nmake-f ms\ntdll.mak install
Note: You can determine the compilation of MT, MD library
by modifying the Cflag in the Ntdll.mak file
The practice of generating a static library:
1, installation ActivePerl
2. Perl Configure Vc-win32--prefix=c:\openssl-lib
3, Ms\do_ms.bat
4, Nmake-f Ms\nt.mak
5, nmake-f Ms\nt.mak Install
Note: You can determine the compilation of MT, MD libraries by modifying the Cflag in the Nt.mak file. When re-compiling, delete the generated object.
RSA Plus decryption requires the use of the OpenSSL tool to generate RSA public and RSA private keys first. Method:
1. Generate key file (including public and private key): OpenSSL genrsa-out Privkey.pem 1024
2. Extract the public key from the key file: OpenSSL rsa-in privkey.pem-pubout
1024 is only used for testing, 2048-bit is more safe.
RSA Encryption Part code demo:
std::string encodersakeyfile (const std::string& strpemfilename, const std::string& strdata)
{
if (strpemfilename.empty () | | strdata.empty ())
{
assert (false);
return "";
}
file* hpubkeyfile = NULL;
if (fopen_s (&hpubkeyfile, Strpemfilename.c_str (), "RB") | | hpubkeyfile = = NULL)
{
assert (false);
return "";
}
std::string strret;
rsa* Prsapublickey = Rsa_new ();
if (Pem_read_rsa_pubkey (hpubkeyfile, &prsapublickey, 0, 0) = = NULL)
{
assert (false);
return "";
}
int nlen = rsa_size (Prsapublickey);
char* Pencode = new Char[nlen + 1];
int ret = Rsa_public_encrypt (Strdata.length (), (const unsigned char*) strdata.c_str (), (unsigned char*) Pencode, Prsapublickey, rsa_pkcs1_padding);
if (ret >= 0)
{
strret = std::string (Pencode, ret);
}
delete[] Pencode;
Rsa_free (prsapublickey);
fclose (hpubkeyfile);
Crypto_cleanup_all_ex_data ();
return strret;
}
RSA Decryption Part code demo:
std::string decodersakeyfile (const std::string& strpemfilename, const std::string& strdata)
{
if (strpemfilename.empty () | | strdata.empty ())
{
assert (false);
return "";
}
file* hprikeyfile = NULL;
if (fopen_s (&hprikeyfile, Strpemfilename.c_str (), "RB") | | hprikeyfile = = NULL)
{
assert (false);
return "";
}
std::string strret;
rsa* Prsaprikey = Rsa_new ();
if (Pem_read_rsaprivatekey (hprikeyfile, &prsaprikey, 0, 0) = = NULL)
{
assert (false);
return "";
}
int nlen = rsa_size (Prsaprikey);
char* Pdecode = new char[nlen+1];
int ret = Rsa_private_decrypt (Strdata.length (), (const unsigned char*) strdata.c_ STR (), (unsigned char*) pdecode, Prsaprikey, rsa_pkcs1_padding);
if (ret >= 0)
Strret = std::string ((char*) Pdecode, ret);
}
delete [] Pdecode;
Rsa_free (Prsaprikey);
fclose (hprikeyfile);
Crypto_cleanup_all_ex_data ();
return strret;
In the RSA API, when using the parameter rsa_pkcs1_padding, the plaintext length cannot be greater than the cipher length-11;
When using the parameter rsa_no_padding, the clear text length needs to be exactly 128.
Openssl-rsa and decryption routines