文章目录
openssl3.2 - 官方demo学习 - smime - smsign2.c
概述
PKCS7联合签名
从N张证书中, 分别得到N对(x509和私钥 )
对明文进行签名(只是指定了bio_in和flag), 得到pkcs7*
对此pkcs7进行附加签名者的操作(指定证书和私钥 ), 有几个联合签名者, 就进行几次操作
将签名数据pkcs7写为密文
笔记
c
/*!
\file smsign2.c
\note
openssl3.2 - 官方demo学习 - smime - smsign2.c
PKCS7联合签名
从N张证书中, 分别得到N对(x509*和私钥*)
对明文进行签名(只是指定了bio_in和flag), 得到pkcs7*
对此pkcs7进行附加签名者的操作(指定证书*和私钥*), 有几个联合签名者, 就进行几次操作
将签名数据pkcs7写为密文
*/
/*
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
#include "my_openSSL_lib.h"
int main(int argc, char **argv)
{
BIO *_bio_in = NULL, *_bio_out = NULL, *_bio_cert = NULL;
X509 *_x509_cert1 = NULL, *_x509_cert2 = NULL;
EVP_PKEY *_evp_pkey1 = NULL, *_evp_pkey2 = NULL;
PKCS7 *_pkcs7 = NULL;
int ret = EXIT_FAILURE;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
_bio_cert = BIO_new_file("signer.pem", "r");
if (!_bio_cert)
goto err;
_x509_cert1 = PEM_read_bio_X509(_bio_cert, NULL, 0, NULL);
BIO_reset(_bio_cert);
_evp_pkey1 = PEM_read_bio_PrivateKey(_bio_cert, NULL, 0, NULL);
BIO_free(_bio_cert);
_bio_cert = BIO_new_file("signer2.pem", "r");
if (!_bio_cert)
goto err;
_x509_cert2 = PEM_read_bio_X509(_bio_cert, NULL, 0, NULL);
BIO_reset(_bio_cert);
_evp_pkey2 = PEM_read_bio_PrivateKey(_bio_cert, NULL, 0, NULL);
if (!_x509_cert2 || !_evp_pkey2)
goto err;
_bio_in = BIO_new_file("sign.txt", "r");
if (!_bio_in)
goto err;
_pkcs7 = PKCS7_sign(NULL, NULL, NULL, _bio_in, PKCS7_STREAM | PKCS7_PARTIAL);
if (!_pkcs7)
goto err;
/* Add each signer in turn */
if (!PKCS7_sign_add_signer(_pkcs7, _x509_cert1, _evp_pkey1, NULL, 0))
goto err;
if (!PKCS7_sign_add_signer(_pkcs7, _x509_cert2, _evp_pkey2, NULL, 0))
goto err;
_bio_out = BIO_new_file("smout.txt", "w");
if (!_bio_out)
goto err;
/* NB: content included and finalized by SMIME_write_PKCS7 */
if (!SMIME_write_PKCS7(_bio_out, _pkcs7, _bio_in, PKCS7_STREAM))
goto err;
ret = EXIT_SUCCESS;
err:
if (ret != EXIT_SUCCESS) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
PKCS7_free(_pkcs7);
X509_free(_x509_cert1);
EVP_PKEY_free(_evp_pkey1);
X509_free(_x509_cert2);
EVP_PKEY_free(_evp_pkey2);
BIO_free(_bio_in);
BIO_free(_bio_out);
BIO_free(_bio_cert);
return ret;
}