I want to know how to generate RSA private key using OpenSSL library in my C source file. I know how to generate it using terminal command.
我想知道如何在我的C源文件中使用OpenSSL库来生成RSA私钥。我知道如何使用终端命令生成它。
Actually my server.c file will generate a private key and send to client.c Please help me with some source code if possible, otherwise any help will be appreciated.
实际上我的服务器。c文件将生成一个私钥并发送给客户端。如果可能的话,请帮我写一些源代码,否则会有帮助的。
I'm working on Linux machine.
我在Linux机器上工作。
4 个解决方案
#1
33
#include <openssl/rsa.h>
#include <openssl/pem.h>
const int kBits = 1024;
const int kExp = 3;
int keylen;
char *pem_key;
RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0);
/* To get the C-string PEM form: */
BIO *bio = BIO_new(BIO_s_mem());
PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
keylen = BIO_pending(bio);
pem_key = calloc(keylen+1, 1); /* Null-terminate */
BIO_read(bio, pem_key, keylen);
printf("%s", pem_key);
BIO_free_all(bio);
RSA_free(rsa);
free(pem_key);
#2
18
I want to know how to generate RSA private key using openssl library in my c source file?
我想知道如何在我的c源文件中使用openssl库来生成RSA私钥?
Generating the key is easy. Just use RSA_generate_key_ex. The program below shows you how to do it.
生成密钥很容易。只使用RSA_generate_key_ex。下面的程序告诉你如何做。
Saving the public and private key is a different matter because you need to know the format. The program below shows you how to do it in a number of formats.
保存公钥和私钥是另一回事,因为您需要知道格式。下面的程序向您展示了如何以多种格式进行操作。
Here are the various functions and formats.
这里是各种功能和格式。
Related, see What is the differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”. It dicusses the difference between SubjectPublicKeyInfo, PrivateKeyInfo, and the public and private keys.
相关的,看看“开始RSA私钥”和“开始私钥”之间的区别。它讨论了主控信息、私钥信息和公钥和私钥之间的区别。
PEM_write_bio_RSAPublicKey (PKCS PEM format). Notice BEGIN RSA PUBLIC KEY:
PEM_write_bio_RSAPublicKey(PKCS PEM格式)。注意开始RSA公钥:
$ cat rsa-public-1.pem
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAmkD+kwlbsmvyUYOBuVkyWDyBNxGQNJrKUZu97Z+hBG3OA85fY6oV
CdyoT+KDmtAFgTgY76KRkHVYQH3HYFpec5vNptLJNd6OVJCXR6NFUR2b7aHLkres
qyPMrAHNU16wp85qdHALNd72EoUPkVItHqaBOldx7J9vyUF3bpAWq4XxRlbiK9iv
Yuci4/jr4ppRoso6LZm9Inzm53zYt2AqHUZQ+3WgK+czZyk8tLGEN7rtLZ7opvVA
aAiRGWiUWACtRwmpAq2L5PuWZkYdQ7WQigkx5c3x8iBkeEh022zqYkGOTh2Ue4Uf
rIYuSqjLb2d+jkfZQ1S4LQLQPtMxNV/FqwIDAQAB
-----END RSA PUBLIC KEY-----
PEM_write_bio_PUBKEY (Traditional PEM format). Notice BEGIN PUBLIC KEY:
PEM_write_bio_PUBKEY(传统PEM格式)。注意开始公共密钥:
$ cat rsa-public-2.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkD+kwlbsmvyUYOBuVky
WDyBNxGQNJrKUZu97Z+hBG3OA85fY6oVCdyoT+KDmtAFgTgY76KRkHVYQH3HYFpe
c5vNptLJNd6OVJCXR6NFUR2b7aHLkresqyPMrAHNU16wp85qdHALNd72EoUPkVIt
HqaBOldx7J9vyUF3bpAWq4XxRlbiK9ivYuci4/jr4ppRoso6LZm9Inzm53zYt2Aq
HUZQ+3WgK+czZyk8tLGEN7rtLZ7opvVAaAiRGWiUWACtRwmpAq2L5PuWZkYdQ7WQ
igkx5c3x8iBkeEh022zqYkGOTh2Ue4UfrIYuSqjLb2d+jkfZQ1S4LQLQPtMxNV/F
qwIDAQAB
-----END PUBLIC KEY-----
PEM_write_bio_PrivateKey (PEM). Notice BEGIN PRIVATE KEY:
PEM_write_bio_PrivateKey(PEM)。注意开始的私钥:
$ cat rsa-private-1.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaQP6TCVuya/JR
g4G5WTJYPIE3EZA0mspRm73tn6EEbc4Dzl9jqhUJ3KhP4oOa0AWBOBjvopGQdVhA
fcdgWl5zm82m0sk13o5UkJdHo0VRHZvtocuSt6yrI8ysAc1TXrCnzmp0cAs13vYS
hQ+RUi0epoE6V3Hsn2/JQXdukBarhfFGVuIr2K9i5yLj+OvimlGiyjotmb0ifObn
fNi3YCodRlD7daAr5zNnKTy0sYQ3uu0tnuim9UBoCJEZaJRYAK1HCakCrYvk+5Zm
Rh1DtZCKCTHlzfHyIGR4SHTbbOpiQY5OHZR7hR+shi5KqMtvZ36OR9lDVLgtAtA+
0zE1X8WrAgMBAAECggEAWybDCJJEHGgLdj22v5dE171RQgBf7aX2nkjg7/UfSiW0
0qz100gjTIOW9jXNPQNl7Vj/60NuryWYc+ufkIF2ROyxlr4CZpHQG4qhypRhlrBf
fwnX6Sgeobby8EXUVkqjK1YftBStmzTYxlLYwzADN5R+0sHvsTr57LyB3dTJgKsn
4iAuJXfR4EthZ6iEM+D8FrmXt5lJ2d1FoMLKiC09M7nMuY9ARqR6O5Tr/Tq4vqfw
La6Mv3mWrD2nIznyTJtxUkAxvCRi1tfHOw2YCl6u2JqqWRjLBeaGNyydhGeVH5PT
utPHtDciCxpUgGuQ8wNBEstiGYXklpLJFS48+bWVCQKBgQDLC4DNeZ/Tc9g+WUFU
ypVCTKfCYt2YmLcNeKDqIPdt14PmV3odIxZGJ1OWrNK1LA50pet0xxY1HRjcBsN+
XUIc5Xa/0nWazdz7c0nqzZgOpVYfPcApQ1K/dqsoWzRY+rlz2PEOYJwMaKW/kkVV
8EPEg38Ck/qr5iKsBYljTteHhQKBgQDCe+iKtPjlFPJ4WX8vTu5QVpRjYmqj87/j
4JFpSh7Lv2PsxSCGQR/7JoyB8Zaz9dyP+RV8/ySJuwGqSseU+W495h8oHe1DtIxU
lTR1GB4YI4BU+txvydzQiaFyEUdEFqJblCxXg+XDAcwCUYESLbR661ljbVV/0Qep
HMTeXgfnbwKBgDPMYHSK1ZItGHp3bKpD8CX0xktZy2xVcUV3g52XAWg9NcH6iQWL
4O/Oso1a03oynhF2DoZBD9JG9QOUmiTPh8E1bMDs4OG4KOrg83d6MZNy7HCV4ULl
kOOVU369HbKha9Q5AO4JCWZFABvKJfQRkkg8v5cZxzY5RJkb5Hu4LlW9AoGACvxg
2GT8okQapj23934n7BXX7/1BNN2x+zdWP3JWZv/6rwc7nRnUqqU0zqpM7wF2YhOZ
6SOodrc/ktUCjSHB3nE/VU7LdkWen7CF9A9Ws9pdh29cQFxQwt7jZcQgGHKG3VFz
Z8Yllmxlj8P23IYEaeUdeYZVjBDMs/rSDBWXsLUCgYEAw4TTKH/4BdnRIKhNLp63
n8oGo7Cc/idSQD8XbUVpPbLmychOs2no3Y0XT+xRTAuXjm0GYdmY3Sk3/polGMu5
NHmi5293eAxJ+9ikSD+bYCaLCXFI2PmgJkm+uS1WucqQOSAKOXS6mfsv2pn9YXKw
QCMIqX4p7BmO7OD1CFEu6ho=
-----END PRIVATE KEY-----
PEM_write_bio_PKCS8PrivateKey (PEM). Notice BEGIN PRIVATE KEY:
PEM_write_bio_PKCS8PrivateKey(PEM)。注意开始的私钥:
$ cat rsa-private-2.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaQP6TCVuya/JR
g4G5WTJYPIE3EZA0mspRm73tn6EEbc4Dzl9jqhUJ3KhP4oOa0AWBOBjvopGQdVhA
fcdgWl5zm82m0sk13o5UkJdHo0VRHZvtocuSt6yrI8ysAc1TXrCnzmp0cAs13vYS
hQ+RUi0epoE6V3Hsn2/JQXdukBarhfFGVuIr2K9i5yLj+OvimlGiyjotmb0ifObn
fNi3YCodRlD7daAr5zNnKTy0sYQ3uu0tnuim9UBoCJEZaJRYAK1HCakCrYvk+5Zm
Rh1DtZCKCTHlzfHyIGR4SHTbbOpiQY5OHZR7hR+shi5KqMtvZ36OR9lDVLgtAtA+
0zE1X8WrAgMBAAECggEAWybDCJJEHGgLdj22v5dE171RQgBf7aX2nkjg7/UfSiW0
0qz100gjTIOW9jXNPQNl7Vj/60NuryWYc+ufkIF2ROyxlr4CZpHQG4qhypRhlrBf
fwnX6Sgeobby8EXUVkqjK1YftBStmzTYxlLYwzADN5R+0sHvsTr57LyB3dTJgKsn
4iAuJXfR4EthZ6iEM+D8FrmXt5lJ2d1FoMLKiC09M7nMuY9ARqR6O5Tr/Tq4vqfw
La6Mv3mWrD2nIznyTJtxUkAxvCRi1tfHOw2YCl6u2JqqWRjLBeaGNyydhGeVH5PT
utPHtDciCxpUgGuQ8wNBEstiGYXklpLJFS48+bWVCQKBgQDLC4DNeZ/Tc9g+WUFU
ypVCTKfCYt2YmLcNeKDqIPdt14PmV3odIxZGJ1OWrNK1LA50pet0xxY1HRjcBsN+
XUIc5Xa/0nWazdz7c0nqzZgOpVYfPcApQ1K/dqsoWzRY+rlz2PEOYJwMaKW/kkVV
8EPEg38Ck/qr5iKsBYljTteHhQKBgQDCe+iKtPjlFPJ4WX8vTu5QVpRjYmqj87/j
4JFpSh7Lv2PsxSCGQR/7JoyB8Zaz9dyP+RV8/ySJuwGqSseU+W495h8oHe1DtIxU
lTR1GB4YI4BU+txvydzQiaFyEUdEFqJblCxXg+XDAcwCUYESLbR661ljbVV/0Qep
HMTeXgfnbwKBgDPMYHSK1ZItGHp3bKpD8CX0xktZy2xVcUV3g52XAWg9NcH6iQWL
4O/Oso1a03oynhF2DoZBD9JG9QOUmiTPh8E1bMDs4OG4KOrg83d6MZNy7HCV4ULl
kOOVU369HbKha9Q5AO4JCWZFABvKJfQRkkg8v5cZxzY5RJkb5Hu4LlW9AoGACvxg
2GT8okQapj23934n7BXX7/1BNN2x+zdWP3JWZv/6rwc7nRnUqqU0zqpM7wF2YhOZ
6SOodrc/ktUCjSHB3nE/VU7LdkWen7CF9A9Ws9pdh29cQFxQwt7jZcQgGHKG3VFz
Z8Yllmxlj8P23IYEaeUdeYZVjBDMs/rSDBWXsLUCgYEAw4TTKH/4BdnRIKhNLp63
n8oGo7Cc/idSQD8XbUVpPbLmychOs2no3Y0XT+xRTAuXjm0GYdmY3Sk3/polGMu5
NHmi5293eAxJ+9ikSD+bYCaLCXFI2PmgJkm+uS1WucqQOSAKOXS6mfsv2pn9YXKw
QCMIqX4p7BmO7OD1CFEu6ho=
-----END PRIVATE KEY-----
PEM_write_bio_RSAPrivateKey (PEM). Notice BEGIN RSA PRIVATE KEY:
PEM_write_bio_RSAPrivateKey(PEM)。注意开始RSA私钥:
$ cat rsa-private-3.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtRZEW6EXwMv2j4mZOhPv3GHcVTi2k8rNlaHc//wUfIYxmNPE
zzPd0JBUyT/dbRzwrPMrnmzgdFRidbpyplatCNhq+Httog+Cxd6MdxqGAqOI/X5p
6uxFK8/ptR7E84XpclUQSw+X8VxaG4SFDeMYAuGgw4bIezfFoIySdL16UVIjtSzj
aRoG1R8kZFtfKONukoqmQUPwFpLvbxE0u6/pzWk873EiM9w6+zZ3c4NAc0ehzfzA
0maQfjbmVSRihplbocreRXLCaaCYUqAf0K3l4NOYBzVOxBeG03wzsZ0J+nWc5zIW
b6auwqBYTO7gMRFXO5vFQZXKaSsEc+B/KwztUwIDAQABAoIBAQCjKDTe+f4Uz7CP
E0LjeSMcRW/nuPmHn6orr3MXkWBD8gSt1d/1cJ3iVKiPyuMOdIzExzP9wctaBM3R
lPPHu0CcP6Hh0BOveJoy/ZlBlrw3lHDRNRzpdYe9Oc8wSVDauUTkpo/PkXUtGjB1
qqjXIk14CyJ2CPKJUm7VgNJULIQQz5Uh7rMZjK1FvlcLU+v06nHHC4y0w9X/ygXq
UoFKKlEADcPqHR/imhrozQxqC4wtn6xFiT/cDngazoGqMX5NCZpso1OZChu3vdAa
PYOz/Wv22C+JIK0xgDIfgTh01IyAedeI2ABQeKrak0nU6Faer2Y6cMvHhidG95/v
lmIfSqwBAoGBANroQDoZDVYQ7ToYPNd9MIgb217Ug7I6j/NEpGJjUktxeRzgZKDv
U5rdbaAArhLXY4FZ0UTZ3WytN1wwV1yXo3Ey5l5CzCXN4GYmv41Z57D218fE7mnx
T8OKD4SxznYcayCWtbjlTXC13rz3gYT3XgyKwTpuywabhOMjDpaos+wTAoGBANPF
c2uTIPNq+RUouqTnxyBg+/ujwcF32F5n2Rad9cv1NdtZ22JdotKIpSEnvifqbtGG
od7vWg5gWgtoG67852K5Q5oBELkcPz4r9PmbSo9H9VWuYotCwB3hvZnIA5GFkfW6
7pLY3j1gdLqMUm0yHPx4or53ScgU9pnYRFJ6UKHBAoGATTE05MfMwhq57JB7c+l7
YaOhGbGKtyCbfkcoSGGJtXzQHnSqR23dZ3DJpXBX8eDt/8DyYHsK77WtHd8WD1qR
ketG/NpFLteIV702MtwPLYH92T4CbG1hmSxoCHzCtzeSNy2t6wNA6YvYfX4xt/ea
vIV5WeeTxEK2+3lzPYFD4O0CgYA+KGJsXM77I5bgowfFh1JnKpBLmBEy3B5h91E8
1jhjGSIptAI0qQ81hG4TgTrLNIA6d63jZZWlSpqjZndZsVmpHH+/IDjsXGIjuXs6
GF6WF6Tm9Txva7RAERY5oP+LIw1odum3qHfyw/D/IFjBPEhNworiJNk/JQgMt/G1
07j/AQKBgHF2AoovqkCVx0TyggVkwBxwrQvR4jmUYmLKYWYc+IkDQzESXIUme61b
OZ7OfbTKQHBTz7i8bXK5mWSbNgmhcVsKHnbPyXKIrL7p+j2b2gdSNAaP1c5XFI/l
BvQSuumzUXbzQHbsYjn/4phOv3AK1xGLhnVI69QpaCYYuuPyfm1X
-----END RSA PRIVATE KEY-----
i2d_RSAPublicKey_bio (ASN.1/DER):
i2d_RSAPublicKey_bio(asn . 1 / DER):
$ dumpasn1 rsa-public.der
0 266: SEQUENCE {
4 257: INTEGER
: 00 9A 40 FE 93 09 5B B2 6B F2 51 83 81 B9 59 32
: 58 3C 81 37 11 90 34 9A CA 51 9B BD ED 9F A1 04
: 6D CE 03 CE 5F 63 AA 15 09 DC A8 4F E2 83 9A D0
: 05 81 38 18 EF A2 91 90 75 58 40 7D C7 60 5A 5E
: 73 9B CD A6 D2 C9 35 DE 8E 54 90 97 47 A3 45 51
: 1D 9B ED A1 CB 92 B7 AC AB 23 CC AC 01 CD 53 5E
: B0 A7 CE 6A 74 70 0B 35 DE F6 12 85 0F 91 52 2D
: 1E A6 81 3A 57 71 EC 9F 6F C9 41 77 6E 90 16 AB
: [ Another 129 bytes skipped ]
265 3: INTEGER 65537
: }
0 warnings, 0 errors.
i2d_RSAPrivateKey_bio (ASN.1/DER):
i2d_RSAPrivateKey_bio(asn . 1 / DER):
$ dumpasn1 rsa-private.der
0 1187: SEQUENCE {
4 1: INTEGER 0
7 257: INTEGER
: 00 9A 40 FE 93 09 5B B2 6B F2 51 83 81 B9 59 32
: 58 3C 81 37 11 90 34 9A CA 51 9B BD ED 9F A1 04
: 6D CE 03 CE 5F 63 AA 15 09 DC A8 4F E2 83 9A D0
: 05 81 38 18 EF A2 91 90 75 58 40 7D C7 60 5A 5E
: 73 9B CD A6 D2 C9 35 DE 8E 54 90 97 47 A3 45 51
: 1D 9B ED A1 CB 92 B7 AC AB 23 CC AC 01 CD 53 5E
: B0 A7 CE 6A 74 70 0B 35 DE F6 12 85 0F 91 52 2D
: 1E A6 81 3A 57 71 EC 9F 6F C9 41 77 6E 90 16 AB
: [ Another 129 bytes skipped ]
268 3: INTEGER 65537
273 256: INTEGER
: 5B 26 C3 08 92 44 1C 68 0B 76 3D B6 BF 97 44 D7
: BD 51 42 00 5F ED A5 F6 9E 48 E0 EF F5 1F 4A 25
: B4 D2 AC F5 D3 48 23 4C 83 96 F6 35 CD 3D 03 65
: ED 58 FF EB 43 6E AF 25 98 73 EB 9F 90 81 76 44
: EC B1 96 BE 02 66 91 D0 1B 8A A1 CA 94 61 96 B0
: 5F 7F 09 D7 E9 28 1E A1 B6 F2 F0 45 D4 56 4A A3
: 2B 56 1F B4 14 AD 9B 34 D8 C6 52 D8 C3 30 03 37
: 94 7E D2 C1 EF B1 3A F9 EC BC 81 DD D4 C9 80 AB
: [ Another 128 bytes skipped ]
...
The program is written in C++, even though you have a C tag. It allows us to avoid a lot of error checking and cleanup because its automatic. And its easy enough to convert back to C.
这个程序是用c++写的,即使你有一个C标签。它允许我们避免很多错误检查和清理,因为它是自动的。它很容易转换成C。
#include <memory>
using std::unique_ptr;
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <cassert>
#define ASSERT assert
using BN_ptr = std::unique_ptr<BIGNUM, decltype(&::BN_free)>;
using RSA_ptr = std::unique_ptr<RSA, decltype(&::RSA_free)>;
using EVP_KEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
using BIO_FILE_ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
int main(int argc, char* argv[])
{
int rc;
RSA_ptr rsa(RSA_new(), ::RSA_free);
BN_ptr bn(BN_new(), ::BN_free);
BIO_FILE_ptr pem1(BIO_new_file("rsa-public-1.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem2(BIO_new_file("rsa-public-2.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem3(BIO_new_file("rsa-private-1.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem4(BIO_new_file("rsa-private-2.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem5(BIO_new_file("rsa-private-3.pem", "w"), ::BIO_free);
BIO_FILE_ptr der1(BIO_new_file("rsa-public.der", "w"), ::BIO_free);
BIO_FILE_ptr der2(BIO_new_file("rsa-private.der", "w"), ::BIO_free);
rc = BN_set_word(bn.get(), RSA_F4);
ASSERT(rc == 1);
// Generate key
rc = RSA_generate_key_ex(rsa.get(), 2048, bn.get(), NULL);
ASSERT(rc == 1);
// Convert RSA to PKEY
EVP_KEY_ptr pkey(EVP_PKEY_new(), ::EVP_PKEY_free);
rc = EVP_PKEY_set1_RSA(pkey.get(), rsa.get());
ASSERT(rc == 1);
//////////
// Write public key in ASN.1/DER
rc = i2d_RSAPublicKey_bio(der1.get(), rsa.get());
ASSERT(rc == 1);
// Write public key in PKCS PEM
rc = PEM_write_bio_RSAPublicKey(pem1.get(), rsa.get());
ASSERT(rc == 1);
// Write public key in Traditional PEM
rc = PEM_write_bio_PUBKEY(pem2.get(), pkey.get());
ASSERT(rc == 1);
//////////
// Write private key in ASN.1/DER
rc = i2d_RSAPrivateKey_bio(der2.get(), rsa.get());
ASSERT(rc == 1);
// Write private key in PKCS PEM.
rc = PEM_write_bio_PrivateKey(pem3.get(), pkey.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
// Write private key in PKCS PEM
rc = PEM_write_bio_PKCS8PrivateKey(pem4.get(), pkey.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
// Write private key in Traditional PEM
rc = PEM_write_bio_RSAPrivateKey(pem5.get(), rsa.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
return 0;
}
#3
6
kExp=3 can be a security hole, please use 65537 instead. The problem is called "Small RSA Exponent" ,see e.g. http://en.wikipedia.org/wiki/Coppersmith%27s_Attack and http://www.usna.edu/Users/math/wdj/book/node45.html Also please use more than 1024 bits.
kExp=3可以是一个安全漏洞,请改用65537。这个问题被称为“小RSA指数”,参见http://en.wikipedia.org/wiki/Coppersmith%27s_Attack和http://www.usna.edu/Users/math/wdj/book/node45.html也请使用超过1024位。
#4
6
You would use RSA_generate_key_ex, after properly seeding the PRNG using RAND_add
您将使用RSA_generate_key_ex,在正确地使用RAND_add来播种PRNG之后。
#1
33
#include <openssl/rsa.h>
#include <openssl/pem.h>
const int kBits = 1024;
const int kExp = 3;
int keylen;
char *pem_key;
RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0);
/* To get the C-string PEM form: */
BIO *bio = BIO_new(BIO_s_mem());
PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
keylen = BIO_pending(bio);
pem_key = calloc(keylen+1, 1); /* Null-terminate */
BIO_read(bio, pem_key, keylen);
printf("%s", pem_key);
BIO_free_all(bio);
RSA_free(rsa);
free(pem_key);
#2
18
I want to know how to generate RSA private key using openssl library in my c source file?
我想知道如何在我的c源文件中使用openssl库来生成RSA私钥?
Generating the key is easy. Just use RSA_generate_key_ex. The program below shows you how to do it.
生成密钥很容易。只使用RSA_generate_key_ex。下面的程序告诉你如何做。
Saving the public and private key is a different matter because you need to know the format. The program below shows you how to do it in a number of formats.
保存公钥和私钥是另一回事,因为您需要知道格式。下面的程序向您展示了如何以多种格式进行操作。
Here are the various functions and formats.
这里是各种功能和格式。
Related, see What is the differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”. It dicusses the difference between SubjectPublicKeyInfo, PrivateKeyInfo, and the public and private keys.
相关的,看看“开始RSA私钥”和“开始私钥”之间的区别。它讨论了主控信息、私钥信息和公钥和私钥之间的区别。
PEM_write_bio_RSAPublicKey (PKCS PEM format). Notice BEGIN RSA PUBLIC KEY:
PEM_write_bio_RSAPublicKey(PKCS PEM格式)。注意开始RSA公钥:
$ cat rsa-public-1.pem
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAmkD+kwlbsmvyUYOBuVkyWDyBNxGQNJrKUZu97Z+hBG3OA85fY6oV
CdyoT+KDmtAFgTgY76KRkHVYQH3HYFpec5vNptLJNd6OVJCXR6NFUR2b7aHLkres
qyPMrAHNU16wp85qdHALNd72EoUPkVItHqaBOldx7J9vyUF3bpAWq4XxRlbiK9iv
Yuci4/jr4ppRoso6LZm9Inzm53zYt2AqHUZQ+3WgK+czZyk8tLGEN7rtLZ7opvVA
aAiRGWiUWACtRwmpAq2L5PuWZkYdQ7WQigkx5c3x8iBkeEh022zqYkGOTh2Ue4Uf
rIYuSqjLb2d+jkfZQ1S4LQLQPtMxNV/FqwIDAQAB
-----END RSA PUBLIC KEY-----
PEM_write_bio_PUBKEY (Traditional PEM format). Notice BEGIN PUBLIC KEY:
PEM_write_bio_PUBKEY(传统PEM格式)。注意开始公共密钥:
$ cat rsa-public-2.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkD+kwlbsmvyUYOBuVky
WDyBNxGQNJrKUZu97Z+hBG3OA85fY6oVCdyoT+KDmtAFgTgY76KRkHVYQH3HYFpe
c5vNptLJNd6OVJCXR6NFUR2b7aHLkresqyPMrAHNU16wp85qdHALNd72EoUPkVIt
HqaBOldx7J9vyUF3bpAWq4XxRlbiK9ivYuci4/jr4ppRoso6LZm9Inzm53zYt2Aq
HUZQ+3WgK+czZyk8tLGEN7rtLZ7opvVAaAiRGWiUWACtRwmpAq2L5PuWZkYdQ7WQ
igkx5c3x8iBkeEh022zqYkGOTh2Ue4UfrIYuSqjLb2d+jkfZQ1S4LQLQPtMxNV/F
qwIDAQAB
-----END PUBLIC KEY-----
PEM_write_bio_PrivateKey (PEM). Notice BEGIN PRIVATE KEY:
PEM_write_bio_PrivateKey(PEM)。注意开始的私钥:
$ cat rsa-private-1.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaQP6TCVuya/JR
g4G5WTJYPIE3EZA0mspRm73tn6EEbc4Dzl9jqhUJ3KhP4oOa0AWBOBjvopGQdVhA
fcdgWl5zm82m0sk13o5UkJdHo0VRHZvtocuSt6yrI8ysAc1TXrCnzmp0cAs13vYS
hQ+RUi0epoE6V3Hsn2/JQXdukBarhfFGVuIr2K9i5yLj+OvimlGiyjotmb0ifObn
fNi3YCodRlD7daAr5zNnKTy0sYQ3uu0tnuim9UBoCJEZaJRYAK1HCakCrYvk+5Zm
Rh1DtZCKCTHlzfHyIGR4SHTbbOpiQY5OHZR7hR+shi5KqMtvZ36OR9lDVLgtAtA+
0zE1X8WrAgMBAAECggEAWybDCJJEHGgLdj22v5dE171RQgBf7aX2nkjg7/UfSiW0
0qz100gjTIOW9jXNPQNl7Vj/60NuryWYc+ufkIF2ROyxlr4CZpHQG4qhypRhlrBf
fwnX6Sgeobby8EXUVkqjK1YftBStmzTYxlLYwzADN5R+0sHvsTr57LyB3dTJgKsn
4iAuJXfR4EthZ6iEM+D8FrmXt5lJ2d1FoMLKiC09M7nMuY9ARqR6O5Tr/Tq4vqfw
La6Mv3mWrD2nIznyTJtxUkAxvCRi1tfHOw2YCl6u2JqqWRjLBeaGNyydhGeVH5PT
utPHtDciCxpUgGuQ8wNBEstiGYXklpLJFS48+bWVCQKBgQDLC4DNeZ/Tc9g+WUFU
ypVCTKfCYt2YmLcNeKDqIPdt14PmV3odIxZGJ1OWrNK1LA50pet0xxY1HRjcBsN+
XUIc5Xa/0nWazdz7c0nqzZgOpVYfPcApQ1K/dqsoWzRY+rlz2PEOYJwMaKW/kkVV
8EPEg38Ck/qr5iKsBYljTteHhQKBgQDCe+iKtPjlFPJ4WX8vTu5QVpRjYmqj87/j
4JFpSh7Lv2PsxSCGQR/7JoyB8Zaz9dyP+RV8/ySJuwGqSseU+W495h8oHe1DtIxU
lTR1GB4YI4BU+txvydzQiaFyEUdEFqJblCxXg+XDAcwCUYESLbR661ljbVV/0Qep
HMTeXgfnbwKBgDPMYHSK1ZItGHp3bKpD8CX0xktZy2xVcUV3g52XAWg9NcH6iQWL
4O/Oso1a03oynhF2DoZBD9JG9QOUmiTPh8E1bMDs4OG4KOrg83d6MZNy7HCV4ULl
kOOVU369HbKha9Q5AO4JCWZFABvKJfQRkkg8v5cZxzY5RJkb5Hu4LlW9AoGACvxg
2GT8okQapj23934n7BXX7/1BNN2x+zdWP3JWZv/6rwc7nRnUqqU0zqpM7wF2YhOZ
6SOodrc/ktUCjSHB3nE/VU7LdkWen7CF9A9Ws9pdh29cQFxQwt7jZcQgGHKG3VFz
Z8Yllmxlj8P23IYEaeUdeYZVjBDMs/rSDBWXsLUCgYEAw4TTKH/4BdnRIKhNLp63
n8oGo7Cc/idSQD8XbUVpPbLmychOs2no3Y0XT+xRTAuXjm0GYdmY3Sk3/polGMu5
NHmi5293eAxJ+9ikSD+bYCaLCXFI2PmgJkm+uS1WucqQOSAKOXS6mfsv2pn9YXKw
QCMIqX4p7BmO7OD1CFEu6ho=
-----END PRIVATE KEY-----
PEM_write_bio_PKCS8PrivateKey (PEM). Notice BEGIN PRIVATE KEY:
PEM_write_bio_PKCS8PrivateKey(PEM)。注意开始的私钥:
$ cat rsa-private-2.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaQP6TCVuya/JR
g4G5WTJYPIE3EZA0mspRm73tn6EEbc4Dzl9jqhUJ3KhP4oOa0AWBOBjvopGQdVhA
fcdgWl5zm82m0sk13o5UkJdHo0VRHZvtocuSt6yrI8ysAc1TXrCnzmp0cAs13vYS
hQ+RUi0epoE6V3Hsn2/JQXdukBarhfFGVuIr2K9i5yLj+OvimlGiyjotmb0ifObn
fNi3YCodRlD7daAr5zNnKTy0sYQ3uu0tnuim9UBoCJEZaJRYAK1HCakCrYvk+5Zm
Rh1DtZCKCTHlzfHyIGR4SHTbbOpiQY5OHZR7hR+shi5KqMtvZ36OR9lDVLgtAtA+
0zE1X8WrAgMBAAECggEAWybDCJJEHGgLdj22v5dE171RQgBf7aX2nkjg7/UfSiW0
0qz100gjTIOW9jXNPQNl7Vj/60NuryWYc+ufkIF2ROyxlr4CZpHQG4qhypRhlrBf
fwnX6Sgeobby8EXUVkqjK1YftBStmzTYxlLYwzADN5R+0sHvsTr57LyB3dTJgKsn
4iAuJXfR4EthZ6iEM+D8FrmXt5lJ2d1FoMLKiC09M7nMuY9ARqR6O5Tr/Tq4vqfw
La6Mv3mWrD2nIznyTJtxUkAxvCRi1tfHOw2YCl6u2JqqWRjLBeaGNyydhGeVH5PT
utPHtDciCxpUgGuQ8wNBEstiGYXklpLJFS48+bWVCQKBgQDLC4DNeZ/Tc9g+WUFU
ypVCTKfCYt2YmLcNeKDqIPdt14PmV3odIxZGJ1OWrNK1LA50pet0xxY1HRjcBsN+
XUIc5Xa/0nWazdz7c0nqzZgOpVYfPcApQ1K/dqsoWzRY+rlz2PEOYJwMaKW/kkVV
8EPEg38Ck/qr5iKsBYljTteHhQKBgQDCe+iKtPjlFPJ4WX8vTu5QVpRjYmqj87/j
4JFpSh7Lv2PsxSCGQR/7JoyB8Zaz9dyP+RV8/ySJuwGqSseU+W495h8oHe1DtIxU
lTR1GB4YI4BU+txvydzQiaFyEUdEFqJblCxXg+XDAcwCUYESLbR661ljbVV/0Qep
HMTeXgfnbwKBgDPMYHSK1ZItGHp3bKpD8CX0xktZy2xVcUV3g52XAWg9NcH6iQWL
4O/Oso1a03oynhF2DoZBD9JG9QOUmiTPh8E1bMDs4OG4KOrg83d6MZNy7HCV4ULl
kOOVU369HbKha9Q5AO4JCWZFABvKJfQRkkg8v5cZxzY5RJkb5Hu4LlW9AoGACvxg
2GT8okQapj23934n7BXX7/1BNN2x+zdWP3JWZv/6rwc7nRnUqqU0zqpM7wF2YhOZ
6SOodrc/ktUCjSHB3nE/VU7LdkWen7CF9A9Ws9pdh29cQFxQwt7jZcQgGHKG3VFz
Z8Yllmxlj8P23IYEaeUdeYZVjBDMs/rSDBWXsLUCgYEAw4TTKH/4BdnRIKhNLp63
n8oGo7Cc/idSQD8XbUVpPbLmychOs2no3Y0XT+xRTAuXjm0GYdmY3Sk3/polGMu5
NHmi5293eAxJ+9ikSD+bYCaLCXFI2PmgJkm+uS1WucqQOSAKOXS6mfsv2pn9YXKw
QCMIqX4p7BmO7OD1CFEu6ho=
-----END PRIVATE KEY-----
PEM_write_bio_RSAPrivateKey (PEM). Notice BEGIN RSA PRIVATE KEY:
PEM_write_bio_RSAPrivateKey(PEM)。注意开始RSA私钥:
$ cat rsa-private-3.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtRZEW6EXwMv2j4mZOhPv3GHcVTi2k8rNlaHc//wUfIYxmNPE
zzPd0JBUyT/dbRzwrPMrnmzgdFRidbpyplatCNhq+Httog+Cxd6MdxqGAqOI/X5p
6uxFK8/ptR7E84XpclUQSw+X8VxaG4SFDeMYAuGgw4bIezfFoIySdL16UVIjtSzj
aRoG1R8kZFtfKONukoqmQUPwFpLvbxE0u6/pzWk873EiM9w6+zZ3c4NAc0ehzfzA
0maQfjbmVSRihplbocreRXLCaaCYUqAf0K3l4NOYBzVOxBeG03wzsZ0J+nWc5zIW
b6auwqBYTO7gMRFXO5vFQZXKaSsEc+B/KwztUwIDAQABAoIBAQCjKDTe+f4Uz7CP
E0LjeSMcRW/nuPmHn6orr3MXkWBD8gSt1d/1cJ3iVKiPyuMOdIzExzP9wctaBM3R
lPPHu0CcP6Hh0BOveJoy/ZlBlrw3lHDRNRzpdYe9Oc8wSVDauUTkpo/PkXUtGjB1
qqjXIk14CyJ2CPKJUm7VgNJULIQQz5Uh7rMZjK1FvlcLU+v06nHHC4y0w9X/ygXq
UoFKKlEADcPqHR/imhrozQxqC4wtn6xFiT/cDngazoGqMX5NCZpso1OZChu3vdAa
PYOz/Wv22C+JIK0xgDIfgTh01IyAedeI2ABQeKrak0nU6Faer2Y6cMvHhidG95/v
lmIfSqwBAoGBANroQDoZDVYQ7ToYPNd9MIgb217Ug7I6j/NEpGJjUktxeRzgZKDv
U5rdbaAArhLXY4FZ0UTZ3WytN1wwV1yXo3Ey5l5CzCXN4GYmv41Z57D218fE7mnx
T8OKD4SxznYcayCWtbjlTXC13rz3gYT3XgyKwTpuywabhOMjDpaos+wTAoGBANPF
c2uTIPNq+RUouqTnxyBg+/ujwcF32F5n2Rad9cv1NdtZ22JdotKIpSEnvifqbtGG
od7vWg5gWgtoG67852K5Q5oBELkcPz4r9PmbSo9H9VWuYotCwB3hvZnIA5GFkfW6
7pLY3j1gdLqMUm0yHPx4or53ScgU9pnYRFJ6UKHBAoGATTE05MfMwhq57JB7c+l7
YaOhGbGKtyCbfkcoSGGJtXzQHnSqR23dZ3DJpXBX8eDt/8DyYHsK77WtHd8WD1qR
ketG/NpFLteIV702MtwPLYH92T4CbG1hmSxoCHzCtzeSNy2t6wNA6YvYfX4xt/ea
vIV5WeeTxEK2+3lzPYFD4O0CgYA+KGJsXM77I5bgowfFh1JnKpBLmBEy3B5h91E8
1jhjGSIptAI0qQ81hG4TgTrLNIA6d63jZZWlSpqjZndZsVmpHH+/IDjsXGIjuXs6
GF6WF6Tm9Txva7RAERY5oP+LIw1odum3qHfyw/D/IFjBPEhNworiJNk/JQgMt/G1
07j/AQKBgHF2AoovqkCVx0TyggVkwBxwrQvR4jmUYmLKYWYc+IkDQzESXIUme61b
OZ7OfbTKQHBTz7i8bXK5mWSbNgmhcVsKHnbPyXKIrL7p+j2b2gdSNAaP1c5XFI/l
BvQSuumzUXbzQHbsYjn/4phOv3AK1xGLhnVI69QpaCYYuuPyfm1X
-----END RSA PRIVATE KEY-----
i2d_RSAPublicKey_bio (ASN.1/DER):
i2d_RSAPublicKey_bio(asn . 1 / DER):
$ dumpasn1 rsa-public.der
0 266: SEQUENCE {
4 257: INTEGER
: 00 9A 40 FE 93 09 5B B2 6B F2 51 83 81 B9 59 32
: 58 3C 81 37 11 90 34 9A CA 51 9B BD ED 9F A1 04
: 6D CE 03 CE 5F 63 AA 15 09 DC A8 4F E2 83 9A D0
: 05 81 38 18 EF A2 91 90 75 58 40 7D C7 60 5A 5E
: 73 9B CD A6 D2 C9 35 DE 8E 54 90 97 47 A3 45 51
: 1D 9B ED A1 CB 92 B7 AC AB 23 CC AC 01 CD 53 5E
: B0 A7 CE 6A 74 70 0B 35 DE F6 12 85 0F 91 52 2D
: 1E A6 81 3A 57 71 EC 9F 6F C9 41 77 6E 90 16 AB
: [ Another 129 bytes skipped ]
265 3: INTEGER 65537
: }
0 warnings, 0 errors.
i2d_RSAPrivateKey_bio (ASN.1/DER):
i2d_RSAPrivateKey_bio(asn . 1 / DER):
$ dumpasn1 rsa-private.der
0 1187: SEQUENCE {
4 1: INTEGER 0
7 257: INTEGER
: 00 9A 40 FE 93 09 5B B2 6B F2 51 83 81 B9 59 32
: 58 3C 81 37 11 90 34 9A CA 51 9B BD ED 9F A1 04
: 6D CE 03 CE 5F 63 AA 15 09 DC A8 4F E2 83 9A D0
: 05 81 38 18 EF A2 91 90 75 58 40 7D C7 60 5A 5E
: 73 9B CD A6 D2 C9 35 DE 8E 54 90 97 47 A3 45 51
: 1D 9B ED A1 CB 92 B7 AC AB 23 CC AC 01 CD 53 5E
: B0 A7 CE 6A 74 70 0B 35 DE F6 12 85 0F 91 52 2D
: 1E A6 81 3A 57 71 EC 9F 6F C9 41 77 6E 90 16 AB
: [ Another 129 bytes skipped ]
268 3: INTEGER 65537
273 256: INTEGER
: 5B 26 C3 08 92 44 1C 68 0B 76 3D B6 BF 97 44 D7
: BD 51 42 00 5F ED A5 F6 9E 48 E0 EF F5 1F 4A 25
: B4 D2 AC F5 D3 48 23 4C 83 96 F6 35 CD 3D 03 65
: ED 58 FF EB 43 6E AF 25 98 73 EB 9F 90 81 76 44
: EC B1 96 BE 02 66 91 D0 1B 8A A1 CA 94 61 96 B0
: 5F 7F 09 D7 E9 28 1E A1 B6 F2 F0 45 D4 56 4A A3
: 2B 56 1F B4 14 AD 9B 34 D8 C6 52 D8 C3 30 03 37
: 94 7E D2 C1 EF B1 3A F9 EC BC 81 DD D4 C9 80 AB
: [ Another 128 bytes skipped ]
...
The program is written in C++, even though you have a C tag. It allows us to avoid a lot of error checking and cleanup because its automatic. And its easy enough to convert back to C.
这个程序是用c++写的,即使你有一个C标签。它允许我们避免很多错误检查和清理,因为它是自动的。它很容易转换成C。
#include <memory>
using std::unique_ptr;
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <cassert>
#define ASSERT assert
using BN_ptr = std::unique_ptr<BIGNUM, decltype(&::BN_free)>;
using RSA_ptr = std::unique_ptr<RSA, decltype(&::RSA_free)>;
using EVP_KEY_ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
using BIO_FILE_ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
int main(int argc, char* argv[])
{
int rc;
RSA_ptr rsa(RSA_new(), ::RSA_free);
BN_ptr bn(BN_new(), ::BN_free);
BIO_FILE_ptr pem1(BIO_new_file("rsa-public-1.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem2(BIO_new_file("rsa-public-2.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem3(BIO_new_file("rsa-private-1.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem4(BIO_new_file("rsa-private-2.pem", "w"), ::BIO_free);
BIO_FILE_ptr pem5(BIO_new_file("rsa-private-3.pem", "w"), ::BIO_free);
BIO_FILE_ptr der1(BIO_new_file("rsa-public.der", "w"), ::BIO_free);
BIO_FILE_ptr der2(BIO_new_file("rsa-private.der", "w"), ::BIO_free);
rc = BN_set_word(bn.get(), RSA_F4);
ASSERT(rc == 1);
// Generate key
rc = RSA_generate_key_ex(rsa.get(), 2048, bn.get(), NULL);
ASSERT(rc == 1);
// Convert RSA to PKEY
EVP_KEY_ptr pkey(EVP_PKEY_new(), ::EVP_PKEY_free);
rc = EVP_PKEY_set1_RSA(pkey.get(), rsa.get());
ASSERT(rc == 1);
//////////
// Write public key in ASN.1/DER
rc = i2d_RSAPublicKey_bio(der1.get(), rsa.get());
ASSERT(rc == 1);
// Write public key in PKCS PEM
rc = PEM_write_bio_RSAPublicKey(pem1.get(), rsa.get());
ASSERT(rc == 1);
// Write public key in Traditional PEM
rc = PEM_write_bio_PUBKEY(pem2.get(), pkey.get());
ASSERT(rc == 1);
//////////
// Write private key in ASN.1/DER
rc = i2d_RSAPrivateKey_bio(der2.get(), rsa.get());
ASSERT(rc == 1);
// Write private key in PKCS PEM.
rc = PEM_write_bio_PrivateKey(pem3.get(), pkey.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
// Write private key in PKCS PEM
rc = PEM_write_bio_PKCS8PrivateKey(pem4.get(), pkey.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
// Write private key in Traditional PEM
rc = PEM_write_bio_RSAPrivateKey(pem5.get(), rsa.get(), NULL, NULL, 0, NULL, NULL);
ASSERT(rc == 1);
return 0;
}
#3
6
kExp=3 can be a security hole, please use 65537 instead. The problem is called "Small RSA Exponent" ,see e.g. http://en.wikipedia.org/wiki/Coppersmith%27s_Attack and http://www.usna.edu/Users/math/wdj/book/node45.html Also please use more than 1024 bits.
kExp=3可以是一个安全漏洞,请改用65537。这个问题被称为“小RSA指数”,参见http://en.wikipedia.org/wiki/Coppersmith%27s_Attack和http://www.usna.edu/Users/math/wdj/book/node45.html也请使用超过1024位。
#4
6
You would use RSA_generate_key_ex, after properly seeding the PRNG using RAND_add
您将使用RSA_generate_key_ex,在正确地使用RAND_add来播种PRNG之后。