1

我实际上正在编程和端到端加密日历。为此,我正在使用cryptlib。我或多或少地复制了手册中的代码。但总是,当我尝试生成根 ca. 它在 cryptSignCert() 处以错误代码 -2 失败。(这意味着,根据手册,第二个参数有问题)
这里有一个小代码来重现这个问题。

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/*Generating a root ca*/
auto genRootCA(const char* commonName,const char* keyLabel,const char* country) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );
    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));
    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //This is, what is actually not working
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Save data to disk....(cut out)
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

在此先感谢大卫。

4

1 回答 1

1

我终于找到了解决问题的方法。我忘记将公钥添加到证书中。这是一个工作示例代码:

#include <iostream>
#include <cstring>

#include "cryptlib.h"

/* generating the root ca */
auto genRootCA(const char* commonName,const char* keyLabel, const char* country,const char* path, const char* password) -> int
{
    int status;
    CRYPT_CONTEXT cryptContext;

    cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );

    cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, keyLabel, strlen( keyLabel ) );

    cryptGenerateKey( cryptContext );

    CRYPT_CERTIFICATE cryptCertificate;
    cryptCreateCert(&cryptCertificate,CRYPT_UNUSED,CRYPT_CERTTYPE_CERTIFICATE);

    /* Add the public key */
    status = cryptSetAttribute( cryptCertificate,
    CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptContext );

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COUNTRYNAME,country,strlen(country));

    cryptSetAttributeString(cryptCertificate,CRYPT_CERTINFO_COMMONNAME,commonName,strlen(commonName));

    //Set to self-signed
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_SELFSIGNED,1);
    cryptSetAttribute(cryptCertificate,CRYPT_CERTINFO_CA,1);

    //Sign certificate
    status = cryptSignCert(cryptCertificate,cryptContext); //Works now
    if( cryptStatusError( status ) )
    {
        cryptDestroyContext( cryptContext );
        cryptDestroyCert(cryptCertificate);
        return( status );
    }

    //Saving data to disk (cut out)

    return CRYPT_OK;
}

int main()
{
    cryptInit();
    cryptAddRandom(NULL,CRYPT_RANDOM_FASTPOLL);
    std::cout << "Generating root ca.\n";
    int r = genRootCA("test@example.com","Private key","DE","key.pem","abc");
    std::cout << "Returned value " << r << std::endl;
    cryptEnd();
}

我希望这可以帮助其他有同样问题的人。

于 2017-02-26T13:59:29.623 回答