使用OpenSSL的S/MIME來做數位簽章,得到三個不同簽章格式的結果(SMIME、PEM和DER)。
OpenSSL網站參考http://www.openssl.org/
舉例如下:
簽章檔案
Sign.txt
------------------------------檔案內容-----------------------------------
Content-type: text/plain
Test OpenSSL Signed Content
------------------------------檔案內容-----------------------------------
簽章憑證
-----------------------------檔案內容------------------------------------
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
lDiQlgX0JtmLgA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
-----END RSA PRIVATE KEY-----
-----------------------------檔案內容------------------------------------
OpenSSL程式碼參考如下
Smsign.c
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
char *keyFile, *enFile;
keyFile = argv[1];
enFile = argv[2];
printf("Input key file: %s\n",keyFile);
printf("Input sign file: %s\n",enFile);
int flags = PKCS7_DETACHED|PKCS7_NOSMIMECAP;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
tbio = BIO_new_file(keyFile, "r");
if (!tbio) goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey) goto err;
/* Open content being signed */
in = BIO_new_file(enFile, "r");
if (!in) goto err;
/* Sign content */
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
if (!p7) goto err;
out = BIO_new_file("sign_SMIME.txt", "w");
if (!out) goto err;
if (!(flags & PKCS7_STREAM)) BIO_reset(in);
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags)) goto err;
FILE *fp;
fp = fopen("sign_PEM.txt","w");
PEM_write_PKCS7(fp, p7);
fclose(fp);
system("openssl pkcs7 -in sign_PEM.txt -outform DER -out sign_DER.txt");
ret = 0;
err:
if (ret)
{
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in) BIO_free(in);
if (out) BIO_free(out);
if (tbio) BIO_free(tbio);
return ret;
}
檔案輸出
Sign_SMIME.txt
Sign_PEM.txt
Sign_DER.txt
執行結果如圖所示:
對於三種簽章結果格式,可以參考這篇OpenSSL數位簽章格式(SMIME, PEM and DER)
沒有留言:
張貼留言