c - RSA_private_encrypt 总是失败

Question

我正在学习在我的程序中使用 OpenSSL 库。在代码中，我生成了一个私钥，并立即使用该 key 加密了一条消息。但总是失败。请帮助我。

private_key = RSA_generate_key(RSA_KEY_LENGTH, RSA_3, NULL, NULL);
if (RSA_check_key(private_key) < 1) {
    printf("generate_key: key generation failed\n");
    exit(-1);
}

unsigned char msg[25];
unsigned char cipher[128];
strcpy((char*)msg, "hello");
int ret = RSA_private_encrypt(25, msg, cipher, private_key,
                              RSA_PKCS1_OAEP_PADDING);
if (ret < 0) {
    printf("encryption in key generation failed\n");
    printf ("%s\n", ERR_error_string (ERR_get_error (), (char *) cipher));
    exit (-1);
}

这总是失败，这是我使用 ERR_error_string 得到的错误。

error:04066076:lib(4):func(102):reason(118)

Answer 1

查看文档:

人RSA_private_encrypt

RSA_private_encrypt() signs the flen bytes at from (usually a message digest with an algorithm identifier) using the private key rsa and stores the signature in to. to must point to RSA_size(rsa) bytes of memory.

padding denotes one of the following modes:
RSA_PKCS1_PADDING
PKCS #1 v1.5 padding. This function does not handle the algorithmIdentifier specified in PKCS #1. When generating or verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used.

RSA_NO_PADDING
Raw RSA signature. This mode should only be used to implement cryptographically sound padding modes in the application code.  Signing user data directly with RSA is insecure.

我不知道你从哪里得到 RSA_PKCS1_OAEP_PADDING，但上面列出了唯一支持的填充。