用openssl库RSA加密解密

#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>

//加密
int my_encrypt(const char *input, int input_len,  char *output, int *output_len, const char *pri_key_fn)
{
        RSA  *p_rsa = NULL;
        FILE *file = NULL;
        int ret = 0;

        if((file = fopen(pri_key_fn, "rb")) == NULL)
        {
                ret = -1;
                goto End;
        }

        if((p_rsa = PEM_read_RSAPrivateKey(file, NULL,NULL,NULL )) == NULL)
        {
                ret = -2;
                goto End;
        }

        if((*output_len = RSA_private_encrypt(input_len, (unsigned char*)input, (unsigned char*)output, p_rsa, RSA_PKCS1_PADDING)) < 0)
        {
                ret = -4;
                goto End;
        }

End:
        if(p_rsa != NULL)
                RSA_free(p_rsa);
        if(file != NULL)
                fclose(file);

        return ret;
}

//解密
int my_decrypt(const char *input, int input_len,  char *output, int *output_len, const char *pri_key_fn)
{
        RSA  *p_rsa = NULL;
        FILE *file = NULL;
        int ret = 0;

        file = fopen(pri_key_fn, "rb");
        if(!file)
        {
                ret = -1;
                goto End;
        }

        if((p_rsa = PEM_read_RSA_PUBKEY(file, NULL,NULL,NULL )) == NULL)
        {
                ret = -2;
                goto End;
        }

        if((*output_len=RSA_public_decrypt(input_len, (unsigned char*)input, (unsigned char*)output, p_rsa, RSA_PKCS1_PADDING)) < 0)
        {
                ret = -3;
                goto End;
        }
End:
        if(p_rsa != NULL)
                RSA_free(p_rsa);
        if(file != NULL)
                fclose(file);

        return ret;
}

int main(int argc, char**argv)
{
        char src[256];
        char dst[256];
        int src_len;
        int dst_len;
        int ret;
        FILE *f;

        src_len = fread(src, 1, 256, stdin);

        if(argv[1][0] == 'e') {
                ret = my_encrypt(src, src_len,  dst, &dst_len, argv[2]);
        }else {
                ret = my_decrypt(src, src_len,  dst, &dst_len, argv[2]);
        }

        if(ret) {
                fprintf(stderr, "Error
");
        }
        fwrite(dst,1,dst_len,stdout);
        return ret;
}

以上是一个示例，测试了私钥加密(签名)/公钥解密(验证)，main函数是一个测试

测试一下，先生成2048位公钥、私钥对

colin@colin-VirtualBox:/tmp$ openssl genrsa -out pri2048.pem 2048
Generating RSA private key, 2048 bit long modulus
................................+++
.............+++
e is 65537 (0x10001)
colin@colin-VirtualBox:/tmp$ openssl rsa -in pri2048.pem -pubout -out pub2048.pem
writing RSA key

编译、文件测试

colin@colin-VirtualBox:/tmp$ gcc t.c -lssl -lcrypto -lm
colin@colin-VirtualBox:/tmp$ ./a.out en pri2048.pem <data >data.en
colin@colin-VirtualBox:/tmp$ ./a.out enc pri2048.pem <data >data.en
colin@colin-VirtualBox:/tmp$ ./a.out dec pub2048.pem <data.en >data2
colin@colin-VirtualBox:/tmp$ openssl rsautl -verify -in data.en -inkey pub2048.pem -pubin -out data3

对比一下

colin@colin-VirtualBox:/tmp$ cmp data data2
colin@colin-VirtualBox:/tmp$ cmp data data3
colin@colin-VirtualBox:/tmp$ md5sum data data2 data3
7a71146998ad521bab336a49f65c90c4  data
7a71146998ad521bab336a49f65c90c4  data2
7a71146998ad521bab336a49f65c90c4  data3

公钥加密、私钥解密就不写了，对着看就会很明白了。

int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);