Visual Studio C++ RSA加解密方案
2017-02-13 20:45
323 查看
本文的应用场景是,Unity c#向vc++ 工程传递用户名和密码,可能会面临的安全性问题:
假如第三方对dll进行替换,c#的账号密码直接往下传,可能导致用户密码泄露的风险。
针对此种情况,对用户名和密码在C#层进行加密,并在C++ dll库中进行解密,从而在一定程度上规避此风险。
cryto++ library
openssl
第一种方案,C++RSA 跟C#版的RSA配套,用起来极为方便,但是依赖.net架构。需要依赖.net环境,将工程设置为支持clr。
后两种方案,是第三方集成库。当前使用较为广泛的方法是openssl,下面着重介绍openssl在RSA上的使用。
d:\openssl-1.0.1e> perl Configure VC-WIN32 no-asm –prefix=d:\openssl_lib (存放编译后的库文文件目录)
d:\openssl-1.0.1e> ms\do_ms
d:\openssl-1.0.1e> nmake -f ms\ntdll.mak (编译动态库)
d:\openssl-1.0.1e> nmake -f ms\nt.mak (编译静态库)
装载openssl到指定的目录d:\opensll_lib中
d:\openssl-1.0.1e> nmake -f ms\ntdll.mak install
d:\openssl-1.0.1e> nmake -f ms\nt.mak install
(b)继续编译, 提示错误:
cryptlib.obj : error LNK2001: unresolved external symbol _OPENSSL_ia32_cpuid
out32dll/libeay32.dll : fatal error LNK1120: 1 unresolved externals
解决办法: 修改do_ms文件如下:
打开Project Property面板:
Configuration Properties——VC++ Directories——Include Directories新增”d:\openssl_lib\include”(存放编译后的库文件的目录中);
VC++ Directories ——”Library files”选择中新增目录”d:\openssl_lib\lib”;
Configuration Properties ——Linker——Input——Additional Dependencies,添加libeay32.lib 和ssleay32.lib两个库即可。
Openssl生成公私密钥和证书
安装openssl,cmd执行openssl
OpenSSL>genrsa -out rsa_private_key.pem 1024
生成的pem文件如下:
2)把RSA私钥转换成PKCS8格式
3) 生成RSA公钥
输入命令rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem,
创建证书请求
C#和c++代码见附件
假如第三方对dll进行替换,c#的账号密码直接往下传,可能导致用户密码泄露的风险。
针对此种情况,对用户名和密码在C#层进行加密,并在C++ dll库中进行解密,从而在一定程度上规避此风险。
C++ RSA加解密方案
支持.net的RSACryptoServiceProvidercryto++ library
openssl
第一种方案,C++RSA 跟C#版的RSA配套,用起来极为方便,但是依赖.net架构。需要依赖.net环境,将工程设置为支持clr。
后两种方案,是第三方集成库。当前使用较为广泛的方法是openssl,下面着重介绍openssl在RSA上的使用。
Openssl编译配置
按顺序执行下列命令d:\openssl-1.0.1e> perl Configure VC-WIN32 no-asm –prefix=d:\openssl_lib (存放编译后的库文文件目录)
d:\openssl-1.0.1e> ms\do_ms
d:\openssl-1.0.1e> nmake -f ms\ntdll.mak (编译动态库)
d:\openssl-1.0.1e> nmake -f ms\nt.mak (编译静态库)
装载openssl到指定的目录d:\opensll_lib中
d:\openssl-1.0.1e> nmake -f ms\ntdll.mak install
d:\openssl-1.0.1e> nmake -f ms\nt.mak install
(b)继续编译, 提示错误:
cryptlib.obj : error LNK2001: unresolved external symbol _OPENSSL_ia32_cpuid
out32dll/libeay32.dll : fatal error LNK1120: 1 unresolved externals
解决办法: 修改do_ms文件如下:
perl util/mkfiles.pl >MINFO perl util/mk1mf.pl debug no-asm VC-WIN32 >ms/nt.mak perl util/mk1mf.pl debug dll no-asm VC-WIN32 >ms/ntdll.mak perl util/mk1mf.pl debug no-asm VC-CE >ms/ce.mak perl util/mk1mf.pl debug dll no-asm VC-CE >ms/cedll.mak perl util/mkdef.pl 32 libeay > ms/libeay32.def perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
集成OpenSSL
打开Project Property面板:
Configuration Properties——VC++ Directories——Include Directories新增”d:\openssl_lib\include”(存放编译后的库文件的目录中);
VC++ Directories ——”Library files”选择中新增目录”d:\openssl_lib\lib”;
Configuration Properties ——Linker——Input——Additional Dependencies,添加libeay32.lib 和ssleay32.lib两个库即可。
Openssl生成公私密钥和证书
安装openssl,cmd执行openssl
OpenSSL>genrsa -out rsa_private_key.pem 1024
生成的pem文件如下:
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDJsiBpRxfPFRh9DbmWizZbm5/HKxhpOOQMlmGo2LIuVWxXuzYj TyQ9Jfn+zDfIGG3NLkAHrpcW0U8figjCXb/dXptc/MabgwPIP1jL1uqTLgIYeVsT Jm6vEzd7c/t81VaOJDjFkQlrlqdOsH5JnAlGtqITqXHSimbgBDUjtJW+qwIDAQAB AoGAICuGGeSZ+pCd0ExhHo7jw6bFzEmmYhoN3agauYiemt9LIY8dqnIUEKC/CBHg j8y9rq1CzzbcqGoIGbq1fPLhCBAn1dkRePKKqSd1BM99oVwDP2YYBqzaUtPz1TYN q0Q9QqKuQgkWkPC+7QugnDzIuzlqO9+/wdugLd2UateZZqECQQD4qtEsMPrSu9g8 yTjJOnyChYhQuUXbLalFlqSRnHWM7eIxqNkMjhPoK3sxGWWMNT410kNhxgWUZnMT bbXjO2E7AkEAz6S5JjIY/GhFxer9vxY3yjUW7Agtnk0zyi70RpbuvttdNjUxeXiG f/q3ilNJE2eWt2PaICb/c32PdCO5P5RBUQJBANZnmiErPikTM/f9W8wNdKupbQaF KNk5fpj0sYKnT6equHwu5K5xlnJ5gyeriSYiBjirydN0xPzWdORMlSaO3V8CQCob c1hljF+THaMXFkHr1YBx56YRun6BlWEIyIyQCvY1Md/ORawmXtARHas1XHpM5Wln HFKs1dyrt62LmQNloyECQAZEeNq5AyRGRq+oAPjMlGEUrKR/7w3zXdCO2nyCYtQX YkE4+ZBUeKBFgPEoHGUqY+yOD9xIg5d6rbf71Hh2kx0= -----END RSA PRIVATE KEY-----
2)把RSA私钥转换成PKCS8格式
OpenSSL> rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem writing RSA key OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM –nocrypt Enter Encryption Password: Verifying - Enter Encryption Password: -----BEGIN ENCRYPTED PRIVATE KEY----- MIICoTAbBgkqhkiG9w0BBQMwDgQIsz6q/2JpXSACAggABIICgHPkfKkuH+Dn18q0 k0xUIDmnKvApJlXlaRF1jo4wF1hbO0RThwr2r//AlScy5yoEeUMyhh5ae4yEzT7r U3nGYcnVV64AkwV/JMthpYNVPpb4OL8xbOyGbmU3UigoAhLo4/bDkiGDs9ZTRyDW p0QyOyFJZ0L7NhvWmkYsDUAahY/xjYQy3Cghk5pvhSQjhbAu3yaF3UtJNZhqGZCN /p7nrwG9Vt0Ys6nzUC4PQFafyZzdfl4l9f0WlCwWSRNy+s3hxLavJySt6ycGAbNL ue3lGpnVPLCgwh5p5I3w9Aym96hDsAvMdqXg92mbeO22Tqz8MccVQqIYO+HpPXn7 uH3aYx4sxjV/p+wUK/XlNL/XEoyw+WVJ4wxBBFGtZvk5lurCODdgFsZbfzGWO9gW 5Y2kXp4FK9iVzhiS1YI5fn6yaKAUPB+jtj5xSrmtxhV7Q7N5YuJeFsGhXNpuQKxy XWyEbU2gbsuI0LYAr+r7M5LWSouYLne3NDfB1Op2oFwoz9j+p+drEgoByDWZQMo6 ay4T928LdHQFgKYajtBkch2Z5lNwwUdaZwe8AalJVTM2otDE9QSpiOq4Sjmyu5Od Kt3SesMEoCQSJ2SM3dqMqEIBf/YDtL4juFId0uffNW2BcpVrq5muJ0+xTtWmC75Z SsULmCwWzYTKe+OiG8r/Z7DVXY30onWfJnPJEGl3vyMGDDgacYQrN3qGMUGoJxzL MeEdt9xfTlpY4XO/DIUAPEWJtLN0XvHSKlqMtk/m124ugugLzi4SmWusYDTs1rS3 MjpnNpSFYw12jBVcM95PCtuLmP7Ts9LXc5zbtpYIv8IP/S5RlasSQpCNfRLlADbB d6pH+PA= -----END ENCRYPTED PRIVATE KEY-----
3) 生成RSA公钥
输入命令rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem,
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJsiBpRxfPFRh9DbmWizZbm5/H KxhpOOQMlmGo2LIuVWxXuzYjTyQ9Jfn+zDfIGG3NLkAHrpcW0U8figjCXb/dXptc /MabgwPIP1jL1uqTLgIYeVsTJm6vEzd7c/t81VaOJDjFkQlrlqdOsH5JnAlGtqIT qXHSimbgBDUjtJW+qwIDAQAB -----END PUBLIC KEY-----
创建证书请求
openssl req -new -out cert.csr -key rsa_private_key.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:86
State or Province Name (full name) [Some-State]:Guangdong
Locality Name (eg, city) []:Shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Xfiction
Organizational Unit Name (eg, section) []:K
Common Name (eg, YOUR name) []:fiction
Email Address []:xfiction@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xfiction8989
An optional company name []:xfiction
自签署根证书(自签署,就是不通过CA认证中心自行进行证书签名,这里用是x509)
openssl x509 -req -in cert.csr -out public.der -outform der -signkey rsa_private_key.pem -days 3650
Signature ok
subject=/C=86/ST=Guangdong/L=Shenzhen/O=Xfiction/OU=K/CN=fiction/emailAddress=xfiction@gmail.com
Getting Private key
XML到PEM的转换:
由于C#的RSACryptoServiceProvider所使用的是xml格式,openssl使用pem格式的秘钥。需要对秘钥进行转换。
可以直接通过线上转换工具RSA Key Converter(https://superdry.apphb.com/tools/online-rsa-key-converter)进行转换。
附上代码
RSAEncryptService rasService = new RSAEncryptService(); string psdEncrpted = rasService.RSAEncryptStr(pwd); RSA* pPrivateRSA = createRSAWithMem(strPrivateKeyPerm); //string strPubEncode = "ZfBe7UOZzjdoKsnf90vQe47klfj9+EmmlBUA86IMhFIpceKB0NxLeGSivw0JUk7s9QN+CFPIRTkr1Z7gXgniGNlkbuZzZcIoao1kWkvRGM81KTPt0YS8v/2RAE83re/c6zby4fGmELx9S+t8HdiUovDQaKZgz2ycgomfCxyI7mw="; string strPubEncode = pwd; string strPrivateDecode; char strOrgData[1024] = { 0 }; Private_Decrypt(pPrivateRSA, strPubEncode, strPrivateDecode); const char* decryptPwd = strPrivateDecode.c_str();
C#和c++代码见附件
参考文章
http://www.jianshu.com/p/faefcc58c79b相关文章推荐
- Visual Studio color schemes的网址(颜色方案)
- Develop 3Ds Max 9 plugin using Visual studio C++ Express Edition(转载自我的Space)
- 对Visual Studio C++ hash_map严谨一点的测试--转载
- VisualStudio C++ 工程比较有用的配置
- Command Line Applications with Visual Studio 2008 and C++ Posted by omniplex in Errors
- Visual Studio .NET 下的受管 C++
- Visual Studio 2008 C++ code slower than Visual Studio 2005
- 【C++】visual studio linking error 2019 error 2001 error1120 已解决
- C++--How to configure Visual Studio for compiling drivers
- Visual Studio 2008 C++ code slower than Visual Studio 2005
- 将 Visual Studio C 和 C++ 项目迁移到 Eclipse CDT
- 将 Visual Studio C 和 C++ 项目迁移到 Eclipse CDT
- 对RSA密码的Wiener的低解密指数攻击的C++实现
- C++--How to configure Visual Studio for compiling drivers
- Visual C++.NET GDI+编程基础方案
- Programming With Microsoft Visual Studio C++.NET 6th Edition 读书 4000 笔记(1) Chapter 5: Windows Message Mapping
- C++--How to configure Visual Studio for compiling drivers
- 将 Visual Studio C 和 C++ 项目迁移到 Eclipse CDT
- ATL-COM Visual Studio 2008 C++ ATL COM VC++ 教程 入门教程
- Safe! Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries