openssl3.2 - 官方demo学习 - smime - smsign2.c

文章目录

    • [openssl3.2 - 官方demo学习 - smime - smsign2.c](#openssl3.2 - 官方demo学习 - smime - smsign2.c)
    • 概述
    • 笔记
    • END

openssl3.2 - 官方demo学习 - smime - smsign2.c

概述

PKCS7联合签名

从N张证书中, 分别得到N对(x509和私钥 )

对明文进行签名(只是指定了bio_in和flag), 得到pkcs7*

对此pkcs7进行附加签名者的操作(指定证书和私钥 ), 有几个联合签名者, 就进行几次操作

将签名数据pkcs7写为密文

笔记

c 复制代码
/*!
\file smsign2.c
\note
openssl3.2 - 官方demo学习 - smime - smsign2.c

PKCS7联合签名
从N张证书中, 分别得到N对(x509*和私钥*)
对明文进行签名(只是指定了bio_in和flag), 得到pkcs7*
对此pkcs7进行附加签名者的操作(指定证书*和私钥*), 有几个联合签名者, 就进行几次操作
将签名数据pkcs7写为密文
*/

/*
 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>

#include "my_openSSL_lib.h"

int main(int argc, char **argv)
{
    BIO *_bio_in = NULL, *_bio_out = NULL, *_bio_cert = NULL;
    X509 *_x509_cert1 = NULL, *_x509_cert2 = NULL;
    EVP_PKEY *_evp_pkey1 = NULL, *_evp_pkey2 = NULL;
    PKCS7 *_pkcs7 = NULL;
    int ret = EXIT_FAILURE;

    OpenSSL_add_all_algorithms();
    ERR_load_crypto_strings();

    _bio_cert = BIO_new_file("signer.pem", "r");

    if (!_bio_cert)
        goto err;

    _x509_cert1 = PEM_read_bio_X509(_bio_cert, NULL, 0, NULL);

    BIO_reset(_bio_cert);

    _evp_pkey1 = PEM_read_bio_PrivateKey(_bio_cert, NULL, 0, NULL);

    BIO_free(_bio_cert);

    _bio_cert = BIO_new_file("signer2.pem", "r");

    if (!_bio_cert)
        goto err;

    _x509_cert2 = PEM_read_bio_X509(_bio_cert, NULL, 0, NULL);

    BIO_reset(_bio_cert);

    _evp_pkey2 = PEM_read_bio_PrivateKey(_bio_cert, NULL, 0, NULL);

    if (!_x509_cert2 || !_evp_pkey2)
        goto err;

    _bio_in = BIO_new_file("sign.txt", "r");

    if (!_bio_in)
        goto err;

    _pkcs7 = PKCS7_sign(NULL, NULL, NULL, _bio_in, PKCS7_STREAM | PKCS7_PARTIAL);

    if (!_pkcs7)
        goto err;

    /* Add each signer in turn */

    if (!PKCS7_sign_add_signer(_pkcs7, _x509_cert1, _evp_pkey1, NULL, 0))
        goto err;

    if (!PKCS7_sign_add_signer(_pkcs7, _x509_cert2, _evp_pkey2, NULL, 0))
        goto err;

    _bio_out = BIO_new_file("smout.txt", "w");
    if (!_bio_out)
        goto err;

    /* NB: content included and finalized by SMIME_write_PKCS7 */

    if (!SMIME_write_PKCS7(_bio_out, _pkcs7, _bio_in, PKCS7_STREAM))
        goto err;

    ret = EXIT_SUCCESS;

 err:
    if (ret != EXIT_SUCCESS) {
        fprintf(stderr, "Error Signing Data\n");
        ERR_print_errors_fp(stderr);
    }
    PKCS7_free(_pkcs7);
    X509_free(_x509_cert1);
    EVP_PKEY_free(_evp_pkey1);
    X509_free(_x509_cert2);
    EVP_PKEY_free(_evp_pkey2);
    BIO_free(_bio_in);
    BIO_free(_bio_out);
    BIO_free(_bio_cert);
    return ret;
}

END

相关推荐
深耕AI5 天前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水6 天前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技16 天前
openssl升级
openssl
Lazy Dave1 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼2 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马2 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发3 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑3 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl