首頁 探索 說明
登入
OWEALs
/
openssl
镜像来自 git://git.openssl.org/openssl.git
2
0
複刻 0
檔案 問題管理 1 Wiki
目錄樹: 63262bd276
分支列表 標籤列表
openssl
/
demos
/
sign
/
sig.txt

sig.txt 6.0 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
    2. 

  2. Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
    3. 

  3.   (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
    4. 

  4. Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
    5. 

  5. Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
    6. 

  6. Received: by minbne.mincom.oz.au id AA22230
    7. 

  7.   (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
    8. 

  8. Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
    9. 

  9. Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
    10. 

  10. Date: Mon, 30 Sep 1996 01:37:40 +0100
    11. 

  11. Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
    12. 

  12. From: Sampo Kellomaki <sampo@neuronio.pt>
    13. 

  13. To: ssl-users@mincom.com
    14. 

  14. Cc: sampo@brutus.neuronio.pt
    15. 

  15. Subject: Signing with envelope routines
    16. 

  16. Sender: ssl-lists-owner@mincom.com
    17. 

  17. Precedence: bulk
    18. 

  18. Status: RO
    19. 

  19. X-Status: D
    20. 

  20. 

  21. 

  22. I have been trying to figure out how to produce signatures with EVP_
    23. 

  23. routines. I seem to be able to read in private key and sign some
    24. 

  24. data ok, but I can't figure out how I am supposed to read in
    25. 

  25. public key so that I could verify my signature. I use self signed
    26. 

  26. certificate.
    27. 

  27. 

  28. I figured I should use
    29. 

  29. 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
    30. 

  30. 	                               fp, NULL, NULL);
    31. 

  31. to read in private key and this seems to work Ok.
    32. 

  32. 

  33. However when I try analogous
    34. 

  34. 	EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
    35. 

  35. 	                               fp, NULL, NULL);
    36. 

  36. the program fails with
    37. 

  37. 

  38. error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
    39. 

  39. error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
    40. 

  40. 

  41. I figured that the second argument to PEM_ASN1_read should match the
    42. 

  42. name in my PEM encoded object, hence PEM_STRING_X509.
    43. 

  43. PEM_STRING_EVP_PKEY seems to be somehow magical
    44. 

  44. because it matches whatever private key there happens to be. I could
    45. 

  45. not find a similar constant to use with getting the certificate, however.
    46. 

  46. 

  47. Is my approach of using PEM_ASN1_read correct? What should I pass in
    48. 

  48. as name?  Can I use normal (or even self signed) X509 certificate for
    49. 

  49. verifying the signature?
    50. 

  50. 

  51. When will SSLeay documentation be written ;-)? If I would contribute
    52. 

  52. comments to the code, would Eric take time to review them and include
    53. 

  53. them in distribution?
    54. 

  54. 

  55. I'm using SSLeay-0.6.4. My program is included below along with the
    56. 

  56. key and cert that I use.
    57. 

  57. 

  58. --Sampo
    59. 

  59. 

  60. -----------------------------------
    61. 

  61. /* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
    62. 

  62.    29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
    63. 

  63. 

  64. #include <stdio.h>
    65. 

  65. #include "rsa.h"
    66. 

  66. #include "evp.h"
    67. 

  67. #include "objects.h"
    68. 

  68. #include "x509.h"
    69. 

  69. #include "err.h"
    70. 

  70. #include "pem.h"
    71. 

  71. #include "ssl.h"
    72. 

  72. 

  73. void main ()
    74. 

  74. {
    75. 

  75.   int err;
    76. 

  76.   int sig_len;
    77. 

  77.   unsigned char sig_buf [4096];
    78. 

  78.   const char certfile[] = "plain-cert.pem";
    79. 

  79.   const char keyfile[]  = "plain-key.pem";
    80. 

  80.   const char data[]     = "I owe you...";
    81. 

  81.   EVP_MD_CTX     md_ctx;
    82. 

  82.   EVP_PKEY*      pkey;
    83. 

  83.   FILE*          fp;
    84. 

  84. 

  85.   SSL_load_error_strings();
    86. 

  86.   
    87. 

  87.   /* Read private key */
    88. 

  88.   
    89. 

  89.   fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
    90. 

  90.   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
    91. 

  91. 				   PEM_STRING_EVP_PKEY,
    92. 

  92. 				   fp,
    93. 

  93. 				   NULL, NULL);
    94. 

  94.   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
    95. 

  95.   fclose (fp);
    96. 

  96.   
    97. 

  97.   /* Do the signature */
    98. 

  98.   
    99. 

  99.   EVP_SignInit   (&md_ctx, EVP_md5());
    100. 

  100.   EVP_SignUpdate (&md_ctx, data, strlen(data));
    101. 

  101.   sig_len = sizeof(sig_buf);
    102. 

  102.   err = EVP_SignFinal (&md_ctx,
    103. 

  103. 		       sig_buf, 
    104. 

  104. 		       &sig_len,
    105. 

  105. 		       pkey);
    106. 

  106.   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
    107. 

  107.   EVP_PKEY_free (pkey);
    108. 

  108.   
    109. 

  109.   /* Read public key */
    110. 

  110.   
    111. 

  111.   fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
    112. 

  112.   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
    113. 

  113. 				   PEM_STRING_X509,
    114. 

  114. 				   fp,
    115. 

  115. 				   NULL, NULL);
    116. 

  116.   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
    117. 

  117.   fclose (fp);
    118. 

  118.   
    119. 

  119.   /* Verify the signature */
    120. 

  120.   
    121. 

  121.   EVP_VerifyInit   (&md_ctx, EVP_md5());
    122. 

  122.   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
    123. 

  123.   err = EVP_VerifyFinal (&md_ctx,
    124. 

  124. 			 sig_buf,
    125. 

  125. 			 sig_len,
    126. 

  126. 			 pkey);
    127. 

  127.   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
    128. 

  128.   EVP_PKEY_free (pkey);
    129. 

  129.   printf ("Signature Verified Ok.\n");
    130. 

  130. }
    131. 

  131. /* EOF */
    132. 

  132. --------------- plain-cert.pem -----------------
    133. 

  133. -----BEGIN CERTIFICATE-----
    134. 

  134. MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
    135. 

  135. VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
    136. 

  136. bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
    137. 

  137. dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
    138. 

  138. DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
    139. 

  139. EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
    140. 

  140. dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
    141. 

  141. EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
    142. 

  142. MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
    143. 

  143. L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
    144. 

  144. BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
    145. 

  145. 9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
    146. 

  146. -----END CERTIFICATE-----
    147. 

  147. ---------------- plain-key.pem -----------------
    148. 

  148. -----BEGIN RSA PRIVATE KEY-----
    149. 

  149. MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
    150. 

  150. 2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
    151. 

  151. oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
    152. 

  152. 8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
    153. 

  153. a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
    154. 

  154. WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
    155. 

  155. 6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
    156. 

  156. -----END RSA PRIVATE KEY-----
    157. 

  157. ------------------------------------------------
    158. 

  158.