devbox
infabc
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

openssl3.2 - 官方demo学习 - pkey - EVP_PKEY_RSA_keygen.c

作者:infabc | 2024-01-17 09:22:00

openssl3.2 - 官方demo学习 - pkey - EVP_PKEY_RSA_keygen.c

文章目录

openssl3.2 - 官方demo学习 - pkey - EVP_PKEY_RSA_keygen.c

概述

官方指出 : RSA key 如果小于2048位, 就属于弱key
官方demo中, 给出的默认key长度为4096位

从名字生成上下文
初始化上下文
设置上下的key位数
设置质数数量为2
产生RSA Key. (在我的本本上, 单步调试时, 感觉产生 RSA key时, 卡了一下, 大概不到1秒钟)
打印rsa key内容(可以得到 n, e, d, p, q, key的位数, 公钥, 私钥)
PEM_write_x时, 如果文件句柄是具体的文件, 就是将公钥/密钥保存成了PEM文件.

笔记

/*!
\file EVP_PKEY_RSA_keygen.c
\note
openssl3.2 - 官方demo学习 - pkey - EVP_PKEY_RSA_keygen.c

官方指出 : RSA key 如果小于2048位, 就属于弱key
官方demo中, 给出的默认key长度为4096位

从名字生成上下文
初始化上下文
设置上下的key位数
设置质数数量为2
产生RSA Key. (在我的本本上, 单步调试时, 感觉产生 RSA key时, 卡了一下, 大概不到1秒钟)
打印rsa key内容(可以得到 n, e, d, p, q, key的位数, 公钥, 私钥)
PEM_write_x时, 如果文件句柄是具体的文件, 就是将公钥/密钥保存成了PEM文件.
*/

/*-
 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

 /*
  * Example showing how to generate an RSA key pair.
  *
  * When generating an RSA key, you must specify the number of bits in the key. A
  * reasonable value would be 4096. Avoid using values below 2048. These values
  * are reasonable as of 2022.
  */

#include <string.h>
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/core_names.h>
#include <openssl/pem.h>

#include "my_openSSL_lib.h"

  /* A property query used for selecting algorithm implementations. */
static const char* propq = NULL;

/*
 * Generates an RSA public-private key pair and returns it.
 * The number of bits is specified by the bits argument.
 *
 * This uses the long way of generating an RSA key.
 */
static EVP_PKEY* generate_rsa_key_long(OSSL_LIB_CTX* libctx, unsigned int bits)
{
	EVP_PKEY_CTX* genctx = NULL;
	EVP_PKEY* pkey = NULL;
	unsigned int primes = 2;

	/* Create context using RSA algorithm. "RSA-PSS" could also be used here. */
	genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", propq);
	if (genctx == NULL) {
		fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n");
		goto cleanup;
	}

	/* Initialize context for key generation purposes. */
	if (EVP_PKEY_keygen_init(genctx) <= 0) {
		fprintf(stderr, "EVP_PKEY_keygen_init() failed\n");
		goto cleanup;
	}

	/*
	 * Here we set the number of bits to use in the RSA key.
	 * See comment at top of file for information on appropriate values.
	 */
	if (EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, bits) <= 0) {
		fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_bits() failed\n");
		goto cleanup;
	}

	/*
	 * It is possible to create an RSA key using more than two primes.
	 * Do not do this unless you know why you need this.
	 * You ordinarily do not need to specify this, as the default is two.
	 *
	 * Both of these parameters can also be set via EVP_PKEY_CTX_set_params, but
	 * these functions provide a more concise way to do so.
	 */
	if (EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) <= 0) {
		fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_primes() failed\n");
		goto cleanup;
	}

	/*
	 * Generating an RSA key with a number of bits large enough to be secure for
	 * modern applications can take a fairly substantial amount of time (e.g.
	 * one second). If you require fast key generation, consider using an EC key
	 * instead.
	 *
	 * If you require progress information during the key generation process,
	 * you can set a progress callback using EVP_PKEY_set_cb; see the example in
	 * EVP_PKEY_generate(3).
	 */
	fprintf(stderr, "Generating RSA key, this may take some time...\n");
	if (EVP_PKEY_generate(genctx, &pkey) <= 0) {
		fprintf(stderr, "EVP_PKEY_generate() failed\n");
		goto cleanup;
	}

	/* pkey is now set to an object representing the generated key pair. */

cleanup:
	EVP_PKEY_CTX_free(genctx);
	return pkey;
}

/*
 * Generates an RSA public-private key pair and returns it.
 * The number of bits is specified by the bits argument.
 *
 * This uses a more concise way of generating an RSA key, which is suitable for
 * simple cases. It is used if -s is passed on the command line, otherwise the
 * long method above is used. The ability to choose between these two methods is
 * shown here only for demonstration; the results are equivalent.
 */
static EVP_PKEY* generate_rsa_key_short(OSSL_LIB_CTX* libctx, unsigned int bits)
{
	EVP_PKEY* pkey = NULL;

	fprintf(stderr, "Generating RSA key, this may take some time...\n");
	pkey = EVP_PKEY_Q_keygen(libctx, propq, "RSA", (size_t)bits);

	if (pkey == NULL)
		fprintf(stderr, "EVP_PKEY_Q_keygen() failed\n");

	return pkey;
}

/*
 * Prints information on an EVP_PKEY object representing an RSA key pair.
 */
static int dump_key(const EVP_PKEY* pkey)
{
	int ret = 0;
	int bits = 0;
	BIGNUM* n = NULL, * e = NULL, * d = NULL, * p = NULL, * q = NULL;

	/*
	 * Retrieve value of n. This value is not secret and forms part of the
	 * public key.
	 *
	 * Calling EVP_PKEY_get_bn_param with a NULL BIGNUM pointer causes
	 * a new BIGNUM to be allocated, so these must be freed subsequently.
	 */
	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n) == 0) {
		fprintf(stderr, "Failed to retrieve n\n");
		goto cleanup;
	}

	/*
	 * Retrieve value of e. This value is not secret and forms part of the
	 * public key. It is typically 65537 and need not be changed.
	 */
	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e) == 0) {
		fprintf(stderr, "Failed to retrieve e\n");
		goto cleanup;
	}

	/*
	 * Retrieve value of d. This value is secret and forms part of the private
	 * key. It must not be published.
	 */
	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d) == 0) {
		fprintf(stderr, "Failed to retrieve d\n");
		goto cleanup;
	}

	/*
	 * Retrieve value of the first prime factor, commonly known as p. This value
	 * is secret and forms part of the private key. It must not be published.
	 */
	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p) == 0) {
		fprintf(stderr, "Failed to retrieve p\n");
		goto cleanup;
	}

	/*
	 * Retrieve value of the second prime factor, commonly known as q. This value
	 * is secret and forms part of the private key. It must not be published.
	 *
	 * If you are creating an RSA key with more than two primes for special
	 * applications, you can retrieve these primes with
	 * OSSL_PKEY_PARAM_RSA_FACTOR3, etc.
	 */
	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q) == 0) {
		fprintf(stderr, "Failed to retrieve q\n");
		goto cleanup;
	}

	/*
	 * We can also retrieve the key size in bits for informational purposes.
	 */
	if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_BITS, &bits) == 0) {
		fprintf(stderr, "Failed to retrieve bits\n");
		goto cleanup;
	}

	/* Output hexadecimal representations of the BIGNUM objects. */
	fprintf(stdout, "\nNumber of bits: %d\n\n", bits);
	fprintf(stderr, "Public values:\n");
	fprintf(stdout, "  n = 0x");
	BN_print_fp(stdout, n);
	fprintf(stdout, "\n");

	fprintf(stdout, "  e = 0x");
	BN_print_fp(stdout, e);
	fprintf(stdout, "\n\n");

	fprintf(stdout, "Private values:\n");
	fprintf(stdout, "  d = 0x");
	BN_print_fp(stdout, d);
	fprintf(stdout, "\n");

	fprintf(stdout, "  p = 0x");
	BN_print_fp(stdout, p);
	fprintf(stdout, "\n");

	fprintf(stdout, "  q = 0x");
	BN_print_fp(stdout, q);
	fprintf(stdout, "\n\n");

	/* Output a PEM encoding of the public key. */
	if (PEM_write_PUBKEY(stdout, pkey) == 0) {
		fprintf(stderr, "Failed to output PEM-encoded public key\n");
		goto cleanup;
	}

	/*
	 * Output a PEM encoding of the private key. Please note that this output is
	 * not encrypted. You may wish to use the arguments to specify encryption of
	 * the key if you are storing it on disk. See PEM_write_PrivateKey(3).
	 */
	if (PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL) == 0) {
		fprintf(stderr, "Failed to output PEM-encoded private key\n");
		goto cleanup;
	}

	ret = 1;
cleanup:
	BN_free(n); /* not secret */
	BN_free(e); /* not secret */
	BN_clear_free(d); /* secret - scrub before freeing */
	BN_clear_free(p); /* secret - scrub before freeing */
	BN_clear_free(q); /* secret - scrub before freeing */
	return ret;
}

int main(int argc, char** argv)
{
	int ret = EXIT_FAILURE;
	OSSL_LIB_CTX* libctx = NULL;
	EVP_PKEY* pkey = NULL;
	unsigned int bits = 4096;
	int bits_i, use_short = 0;

	/* usage: [-s] [<bits>] */
	if (argc > 1 && strcmp(argv[1], "-s") == 0) {
		--argc;
		++argv;
		use_short = 1;
	}

	if (argc > 1) {
		bits_i = atoi(argv[1]);
		if (bits < 512) {
			fprintf(stderr, "Invalid RSA key size\n");
			return EXIT_FAILURE;
		}

		bits = (unsigned int)bits_i;
	}

	/* Avoid using key sizes less than 2048 bits; see comment at top of file. */
	if (bits < 2048)
		fprintf(stderr, "Warning: very weak key size\n\n");

	/* Generate RSA key. */
	if (use_short)
		pkey = generate_rsa_key_short(libctx, bits);
	else
		pkey = generate_rsa_key_long(libctx, bits);

	if (pkey == NULL)
		goto cleanup;

	/* Dump the integers comprising the key. */
	if (dump_key(pkey) == 0) {
		fprintf(stderr, "Failed to dump key\n");
		goto cleanup;
	}

	ret = EXIT_SUCCESS;
cleanup:
	EVP_PKEY_free(pkey);
	OSSL_LIB_CTX_free(libctx);
	return ret;
}


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309

END

本文内容由网友自发贡献,转载请注明出处:https://www.wpsshop.cn/article/detail/40837
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号