一、SSL库和密码学算法库

二、使用OpenSSL

1. 安装OpenSSL-Win32
2. 引入 libeay32.lib 和 ssleay32.lib
3. 设置OpenSSL头文件目录

三、证书的格式

• XML标准格式 ------- C# RSA证书

<RSAKeyValue>
	<Modulus> </Modulus>
	<Exponent> </Exponent>
	<P> </P>
	<Q> </Q>
	<DP> </DP>
	<DQ> </DQ>
	<InverseQ> </InverseQ>
	<D> </D>
</RSAKeyValue>

• PEM PKCS#8非加密格式 ------- Java

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

• PEM PKCS#1格式

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

四、常见加密算法

对称加密算法：

• AES
• DES/3DES（TripleDES）

#pragma comment(lib, "libeay32.lib")

#include <openssl/des.h>
#include <openssl/rand.h>
#include <openssl/rsa.h> 
#include <openssl/pem.h> 
#include <openssl/err.h> 
#include <openssl/bio.h> 
#include <openssl/evp.h>
#include <openssl/x509.h>

/* 3DES加密 * encData: 8*n bytes * encKey: 3倍密钥长度¬24 bytes * encIV: 加密向量¬8bytes,default:{1,2,3,4,5,6,7,8} * out : enc output data * return: error:-1 successful: out length */
int iEVP_Encrypt(byte* data, byte* key, byte* iv, byte* out)//end with 0
{
    
	int					ret;
	int					outLen;
	int					tmpLen;
	EVP_CIPHER_CTX		ctx;

	EVP_CIPHER_CTX_set_padding(&ctx,0);
	EVP_CIPHER_CTX_init(&ctx);

	ret = EVP_EncryptInit_ex(&ctx,EVP_des_ede3_cbc(),NULL,key,iv);
	EVP_CIPHER_CTX_set_padding(&ctx,0);//will reInit enc and dec
	if(ret != 1)
	{
    
		return NULL;//error
	}
	ret = EVP_EncryptUpdate(&ctx,out,&outLen,(unsigned char *)data,8);
	if(ret != 1)
	{
    
		return NULL;//error
	}
	ret = EVP_EncryptFinal_ex(&ctx,out+outLen,&tmpLen);
	if(ret != 1)
	{
    
		return NULL;//Err
	}
	outLen = outLen + tmpLen;	
	
	return outLen;
}

/* 3DES解密 * decData: 8*n bytes * decKey: 3倍密钥长度¬24 bytes * decIV: 加密向量¬8bytes,default:{1,2,3,4,5,6,7,8} * out :dec output data * return: error:-1 successful: out length */
int iEVP_Decrypt(byte* data, byte* key, byte* iv, byte* out)
{
    
	int					ret		= 0;
	int					outLen	= 8;
	int					tmpLen	= 0;
	EVP_CIPHER_CTX		ctx;

	EVP_CIPHER_CTX_set_padding(&ctx,0);
	EVP_CIPHER_CTX_init(&ctx);

	ret = EVP_DecryptInit_ex(&ctx,EVP_des_ede3_cbc(),NULL,key,iv);
	EVP_CIPHER_CTX_set_padding(&ctx,0);//will reInit enc and dec
	if(ret!=1)
	{
    
		return NULL;//Err
	}
	ret = EVP_DecryptUpdate(&ctx,out,&outLen,data,outLen);
	if(ret!=1)
	{
    
		return NULL;//Err
	}
	ret = EVP_DecryptFinal_ex(&ctx,out+outLen,&tmpLen);
	if(ret!=1)
	{
    
		return NULL;//Err
	}
	outLen = outLen + tmpLen;
	
	return outLen;
}

非对称加密算法：

• RSA

//RSA私钥解密
string bio_read_privateKey(string data) 
{
    
	OpenSSL_add_all_algorithms();
    
    BIO* bp = BIO_new( BIO_s_file() );
    BIO_read_filename( bp, "private.pem" );
    RSA* rsaK = PEM_read_bio_RSAPrivateKey( bp, NULL, NULL, NULL );
    
	if (NULL == rsaK) 
	{
    
		return NULL;//Error
	}
	
	int nLen = RSA_size(rsaK);
	if (nLen == NULL)
	{
    
		return NULL;//Error
	}

	char* pEncode = new char[nLen +1];
	memset(pEncode,0,nLen+1);
	int ret = RSA_private_decrypt(data.length(),(byte*)data.c_str(),(byte*)pEncode,rsaK,RSA_PKCS1_PADDING);
	string strRet;
	if (ret >= 0) 
	{
    
		strRet = string(pEncode, ret);
	}
	else
	{
    
		return NULL;
	}
	delete[] pEncode;
	CRYPTO_cleanup_all_ex_data();
	BIO_free_all( bp );
	RSA_free(rsaK);
	return strRet;
}
//rsa公钥加密
string bio_read_publicKey(string data)
{
    
	OpenSSL_add_all_algorithms();
	BIO* bp = BIO_new( BIO_s_file());
	BIO_read_filename( bp, "public.pem" );
	RSA* rsaK ;

    if((rsaK = PEM_read_bio_RSA_PUBKEY(bp,NULL,NULL,NULL)) == NULL)
	{
    
		return NULL;
	}
	if (NULL == rsaK) 
	{
    
		return NULL;//read failed
	}
	
	int nLen = RSA_size(rsaK);
	char *pEncode = new char[nLen + 1];
	memset(pEncode,0,nLen+1);
	int ret = RSA_public_encrypt(data.length(),(const byte*)data.c_str(),(byte*)pEncode,rsaK,RSA_PKCS1_PADDING);
	
	string strRet;
	if (ret >= 0) 
	{
    
		strRet = string(pEncode, ret);
	}
	else
	{
    
		return NULL;
	}

	delete[] pEncode;
	CRYPTO_cleanup_all_ex_data();
	BIO_free_all( bp );
	RSA_free(rsaK);
	return strRet;
}