java翻譯lua+c+openssl簽名項目
阿新 • • 發佈:2017-09-01
desc ckey logs {} form pan return lua 代碼
OpenSSL> rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem #生成公鑰
OpenSSL> exit #退出OpenSSL程序
原來項目中用openresty nginx+lua實現server,lua調用c動態鏈接庫,來使用openss做簽名,並生成130字節(128簽名+2位自定義字節)長度的文件。
nginx: location /get/key { content_by_lua_file ‘/data/www/sign.lua‘; } sign.lua local ffi = require "ffi" --動態鏈接gen_sig_ex_x.c,load("")名字規則,lib***.so local gs = ffi.load("sin") ffi.cdef[[int gen_main(char *param,unsigned char *signature) ]] local param_ = ngx.var.arg_param if param_ then local signature = ffi.new("unsigned char[130]", {}) local cpsn = ffi.new("char[20]", param_) gs.gen_main(param_, signature) ngx.header["Content-Disposition"] = "attachment; filename=" .. string.format("%s.%d.key", psn, key) ngx.header["Content-Length"] = 130 ngx.say(ffi.string(signature, 130)) else ngx.header.content_type = "text/html" ngx.say("the param is not empty") end
對於sin.so用c與openssl實現了私鑰簽名,並使用RSA結構秘鑰,為順利得到pkcs8,在程序中通過如下代碼逆化了該格式的私鑰。並通過命令得到公鑰。
OpenSSL> genrsa -out rsa_private_key.pem 1024 #生成私鑰
OpenSSL> rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem #生成公鑰
OpenSSL> exit #退出OpenSSL程序
//根據RSA結構私鑰構建KEY對象,獲取私鑰公鑰base64: FILE *filename = NULL; filename = fopen("/data/www/unlock.lua/privateKey.pem", "wb"); //生成私鑰接口 PEM_write_RSAPrivateKey(filename, key, NULL, NULL, 0, NULL, NULL); fclose(filename); unsigned char *n_b = (unsigned char *)calloc(RSA_size(key), sizeof(unsigned char)); unsigned char *e_b = (unsigned char *)calloc(RSA_size(key), sizeof(unsigned char)); int n_size = BN_bn2bin(key->n, n_b); int b_size = BN_bn2bin(key->e, e_b); RSA *pubrsa = RSA_new(); pubrsa->n = BN_bin2bn(n_b, n_size, NULL); pubrsa->e = BN_bin2bn(e_b, b_size, NULL); FILE *publicKey = NULL; publicKey = fopen("/data/www/unlock.lua/publicKey.pem", "wb"); PEM_write_RSAPublicKey(publicKey, pubrsa); fclose(publicKey); RSA_free(pubrsa);
====java實現簽名核心代碼: package com.smartisan.genkey_sig.util; import org.apache.commons.codec.binary.Base64; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; /** * desc: * * @author [email protected]*********.com * @since 2017/8/11 */ public class RsaUtil { public static final String KEY_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; public static byte[] sign(byte[] data, String privateKey) { try { byte[] keyBytes = Base64.decodeBase64((privateKey)); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取私鑰匙對象 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 用私鑰對信息生成數字簽名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return signature.sign(); } catch (Exception ex) { throw new RuntimeException(ex); } } public static byte[] sign(String data, String privateKey) { return sign(data.getBytes(StandardCharsets.UTF_8), privateKey); } }
java翻譯lua+c+openssl簽名項目