openssl3.2 - 官方demo学习 - cms - cms_ver.c

文章目录

openssl3.2 - 官方demo学习 - cms - cms_ver.c

概述

CMS验签, 将单独签名和联合签名出来的签名文件都试试.

验签成功后, 将签名数据明文写入了文件供查看.

也就是说, 只有验签成功后, 才能看到签名数据的明文.

验签时, 使用的是上一级的证书(这里是CA证书)

签名时, 使用的是低级证书(接收者证书, 或者说是签名者证书, 这些证书都是CA证书发出来的)

运行结果

不管是单独签名, 还是联合签名, 验签都是一个API搞定.

笔记

c 复制代码
/*!
\file cms_ver.c
\note openssl3.2 - 官方demo学习 - cms - cms_ver.c
CMS验签, 将单独签名和联合签名出来的签名文件都试试.
验签成功后, 将签名数据明文写入了文件供查看. 
也就是说, 只有验签成功后, 才能看到签名数据的明文.
验签时, 使用的是上一级的证书(这里是CA证书)
签名时, 使用的是低级证书(接收者证书)
*/

/*
 * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>

#include "my_openSSL_lib.h"

/*
 * print any signingTime attributes.
 * signingTime is when each party purportedly signed the message.
 */
static void print_signingTime(CMS_ContentInfo *cms)
{
    STACK_OF(CMS_SignerInfo) *sis;
    CMS_SignerInfo *si;
    X509_ATTRIBUTE *attr;
    ASN1_TYPE *t;
    ASN1_UTCTIME *utctime;
    ASN1_GENERALIZEDTIME *gtime;
    BIO *b;
    int i, loc;
    int iSignCnt = 0;

    b = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
    sis = CMS_get0_SignerInfos(cms);
    iSignCnt = sk_CMS_SignerInfo_num(sis);
    for (i = 0; i < iSignCnt; i++) {
        si = sk_CMS_SignerInfo_value(sis, i);
        loc = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1);
        attr = CMS_signed_get_attr(si, loc);
        t = X509_ATTRIBUTE_get0_type(attr, 0);
        if (t == NULL)
            continue;
        switch (t->type) {
        case V_ASN1_UTCTIME:
            utctime = t->value.utctime;
            ASN1_UTCTIME_print(b, utctime);
            break;
        case V_ASN1_GENERALIZEDTIME:
            gtime = t->value.generalizedtime;
            ASN1_GENERALIZEDTIME_print(b, gtime);
            break;
        default:
            fprintf(stderr, "unrecognized signingTime type\n");
            break;
        }
        BIO_printf(b, ": signingTime from SignerInfo %i\n", i);
    }
    BIO_free(b);
    return;
}

int verify_sign()
{
    BIO* in = NULL, * out = NULL, * tbio = NULL, * cont = NULL;
    X509_STORE* st = NULL;
    X509* cacert = NULL;
    CMS_ContentInfo* cms = NULL;
    int ret = EXIT_FAILURE;

    //OpenSSL_add_all_algorithms();
    //ERR_load_crypto_strings();

    /* Set up trusted CA certificate store */

    st = X509_STORE_new();
    if (st == NULL)
        goto err;

    /* Read in CA certificate */
    tbio = BIO_new_file("cacert.pem", "r");

    if (tbio == NULL)
        goto err;

    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);

    if (cacert == NULL)
        goto err;

    if (!X509_STORE_add_cert(st, cacert))
        goto err;

    /* Open message being verified */

    in = BIO_new_file("smout.txt", "r");

    if (in == NULL)
        goto err;

    /* parse message */
    cms = SMIME_read_CMS(in, &cont);

    if (cms == NULL)
        goto err;

    print_signingTime(cms);

    /* File to output verified content to */
    out = BIO_new_file("smver.txt", "w");
    if (out == NULL)
        goto err;

    if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
        fprintf(stderr, "Verification Failure\n");
        goto err;
    }

    printf("Verification Successful\n");

    ret = EXIT_SUCCESS;

err:
    if (ret != EXIT_SUCCESS) {
        fprintf(stderr, "Error Verifying Data\n");
        ERR_print_errors_fp(stderr);
    }

    X509_STORE_free(st);
    CMS_ContentInfo_free(cms);
    X509_free(cacert);
    BIO_free(in);
    BIO_free(out);
    BIO_free(tbio);
    return ret;

}

int verify_sign2()
{
    BIO* in = NULL, * out = NULL, * tbio = NULL, * cont = NULL;
    X509_STORE* st = NULL;
    X509* cacert = NULL;
    CMS_ContentInfo* cms = NULL;
    int ret = EXIT_FAILURE;

    //OpenSSL_add_all_algorithms();
    //ERR_load_crypto_strings();

    /* Set up trusted CA certificate store */

    st = X509_STORE_new();
    if (st == NULL)
        goto err;

    /* Read in CA certificate */
    tbio = BIO_new_file("cacert.pem", "r");

    if (tbio == NULL)
        goto err;

    cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);

    if (cacert == NULL)
        goto err;

    if (!X509_STORE_add_cert(st, cacert))
        goto err;

    /* Open message being verified */

    in = BIO_new_file("smout2.txt", "r");

    if (in == NULL)
        goto err;

    /* parse message */
    cms = SMIME_read_CMS(in, &cont);

    if (cms == NULL)
        goto err;

    print_signingTime(cms);

    /* File to output verified content to */
    out = BIO_new_file("smver2.txt", "w");
    if (out == NULL)
        goto err;

    if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
        fprintf(stderr, "Verification Failure\n");
        goto err;
    }

    printf("Verification Successful\n");

    ret = EXIT_SUCCESS;

err:
    if (ret != EXIT_SUCCESS) {
        fprintf(stderr, "Error Verifying Data\n");
        ERR_print_errors_fp(stderr);
    }

    X509_STORE_free(st);
    CMS_ContentInfo_free(cms);
    X509_free(cacert);
    BIO_free(in);
    BIO_free(out);
    BIO_free(tbio);
    return ret;

}

#define LINE10 "----------"
#define LINE60 LINE10 LINE10 LINE10 LINE10 LINE10 LINE10

int main(int argc, char **argv)
{
    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    printf("%s\n", LINE60);
    printf(">> veirfy sign\n");
    if (EXIT_SUCCESS != verify_sign())
    {
        return -1;
    }

    printf("%s\n", LINE60);
    printf(">> veirfy sign2\n");
    if (EXIT_SUCCESS != verify_sign2())
    {
        return -1;
    }

    printf("END\n");
    return 0;
}

END

相关推荐
紫火桑葚7 天前
windows openssl编译x64版libssl.lib,编译x64版本libcurl.lib,支持https,vs2015编译器
windows·网络协议·https·静态库·openssl·libcurl
花落已飘15 天前
openssl中的SM3
c语言·算法·哈希算法·openssl
花落已飘24 天前
openssl使用哈希算法生成随机密钥
算法·哈希算法·openssl
花落已飘25 天前
openssl哈希算法
算法·哈希算法·openssl
zwm_yy25 天前
openssl生成ca证书
openssl·ca
甄齐才1 个月前
解决windows下php8.x及以上版本,在Apache2.4中无法加载CURL扩展的问题
php·openssl·php7.4·php8开启curl扩展·system32·dynamic library·php_curl.dll
胡西风_foxww1 个月前
Linux下编译安装Nginx
linux·运维·nginx·编译·安装·openssl·pcre
Ho_pe1 个月前
ubuntu下openssl签名证书制作流程及验证demo
服务器·ubuntu·openssl
花落已飘1 个月前
openssl对称加密代码讲解实战
加密·openssl
花落已飘2 个月前
openssl加密算法简介
加密·openssl