#pragma comment(lib,"libeay32.lib")
#pragma comment(lib,"ssleay32.lib")
char mainkey[17]="0123456789abcdef";
char *c1="CN";
char *pr1="hunan";
char *ct1="xiangtan";
char *or1="hnust";
char *dp1="computer";
char *co1="Ling";
char *c;
char *pr;
char *ct;
char *or;
char *dp;
char *co;
X509_REQ *req=X509_REQ_new();
X509_NAME *subj=X509_NAME_new();
EVP_PKEY *m_pClientKey=EVP_PKEY_new();
EVP_PKEY *m_pCAKey;
X509 *m_pCACert;
X509 *ptemp=NULL;
X509 *m_pClientCert=X509_new();
BIO *pbio;
FILE *fp;
char *Save="E:\\毕业设计\\openssl_help\\CCert.der";
char *KeyName="E:\\毕业设计\\openssl_help\\RootKey.pem";
char *CerName="E:\\毕业设计\\openssl_help\\RootCert.crt";
char *KeyPwd1="481511220";
char *KeyPwd2="srvca";
char *KeyPwd3="1tian=1day";
char *crp="e:\\毕业设计\\openssl_help\\RootCert.pem";
char *ck="e:\\毕业设计\\openssl_help\\RootKey.pem";
char *country="cn";
--------------------------------------加解密----------------------------------------------
void md5(unsigned char *str,unsigned char *md)
{
EVP_Digest(str, strlen((char *)str), md, NULL, EVP_md5(), NULL);
}
void des_cpy(char *des,char *src)
{
int i;
for(i=0;i<8;i++)
{
des[i]=src[i];
}
}
void des_ini(DES_cblock cb)
{
int i;
for(i=0;i<8;i++)
cb[i]=0x00;
}
void des_e(unsigned char *key,char *input,char **output)
{
char *output1;
char *output2;
int i;
int l=strlen(input);
int m=l/8;
int n=l%8;
DES_cblock des_key;
DES_string_to_key((char *)key, &des_key);
DES_key_schedule schedule;
DES_set_key_checked(&des_key, &schedule);
DES_cblock des_input;
DES_cblock des_output;
if(n==0)
{
output1=(char *)malloc(m*8+1);
output2=(char *)malloc((m*8)*2+1);
output1[m*8]='\0';
output2[m*8*2]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
for(i=0;i<m*8;i++)
{
output2[i*2]=(((output1[i]>>4)&0x0f)|0x40)+1;
output2[i*2+1]=((output1[i]&0x0f)|0x40)+1;
}
}
else
{
output1=(char *)malloc((m+1)*8+1);
output2=(char *)malloc(((m+1)*8)*2+1);
output1[(m+1)*8]='\0';
output2[(m+1)*8*2]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
des_ini(des_input);
for(i=0;i<n;i++)
{
des_input[i]=input[m*8+i];
}
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_ENCRYPT);
des_cpy(output1+m*8,(char *)des_output);
for(i=0;i<(m+1)*8;i++)
{
output2[i*2]=(((output1[i]>>4)&0x0f)|0x40)+1;
output2[i*2+1]=((output1[i]&0x0f)|0x40)+1;
}
}
*output=output2;
}
void des_d(unsigned char *key,char *input,char **output)
{
char *output1;
char *input1;
int l=strlen(input)/2;
input1=(char *)malloc(l+1);
int i;
input1[l]='\0';
int m=l/8;
int n=l%8;
for(i=0;i<l;i++)
{
input[2*i]--;
input[2*i+1]--;
input1[i]=((input[2*i]<<4)&0xf0)|(input[2*i+1]&0x0f);
}
DES_cblock des_key;
DES_string_to_key((char *)key, &des_key);
DES_key_schedule schedule;
DES_set_key_checked(&des_key, &schedule);
DES_cblock des_input;
DES_cblock des_output;
output1=(char *)malloc(l+1);
output1[l]='\0';
for(i=0;i<m;i++)
{
des_cpy((char *)des_input,input1+i*8);
DES_ecb_encrypt(&des_input, &des_output, &schedule, DES_DECRYPT);
des_cpy(output1+i*8,(char *)des_output);
}
*output=output1;
}
void ent()
{
char key[6][17];
unsigned char md[6][16];
int i;
for(i=0;i<6;i++)
{
strcpy(key[i],mainkey);
}
strcat(key[0],REQ_COUNTRY_NAME);
strcat(key[1],REQ_STATA_OR_PROVINCE_NAME);
strcat(key[2],REQ_LOCALITE_NAME);
strcat(key[3],REQ_ORG_NAME);
strcat(key[4],REQ_DEPT_NAME);
strcat(key[5],REQ_COMMON_NAME);
for(i=0;i<6;i++)
{
md5((unsigned char *)key[i],md[i]);
md[i][8]='\0';
}
des_e((unsigned char *)key[0],c1,&c);
des_e((unsigned char *)key[1],pr1,&pr);
des_e((unsigned char *)key[2],ct1,&ct);
des_e((unsigned char *)key[3],or1,&or);
des_e((unsigned char *)key[4],dp1,&dp);
des_e((unsigned char *)key[5],co1,&co);
}
------------------------------------------加解密部分完------------------------------------------------
主函数部分
void main(int argc,char* argv[])
{
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
/*pbio = BIO_new_file((LPSTR)(LPCTSTR)KeyName,"r");
if(pbio==NULL)
{
printf("CA私钥文件读取失败\n");
return;
}
m_pCAKey = PEM_read_bio_PrivateKey(pbio,NULL,0,(unsigned char*)(LPCTSTR)KeyPwd1);
if(m_pCAKey==NULL)
{
printf("CA私钥文件读取失败\n");
return;
}
BIO_free_all(pbio);
pbio = BIO_new_file((LPSTR)(LPCTSTR)CerName,"r");
if(pbio==NULL)
{
printf("CA证书文件读取失败\n");
return;
}
m_pCACert=d2i_X509_bio(pbio,NULL);
if(m_pCACert==NULL)
{
printf("CA证书读取失败\n");
return;
}
BIO_free_all(pbio);*/
/*if(!(pbio = BIO_new_file((LPSTR)(LPCTSTR)crp,"r")))
{
printf("打开CA证书失败");
BIO_free_all(pbio);
return;
}
m_pCACert=d2i_X509_bio(pbio,NULL);
if(m_pCACert==NULL)
{
printf("打开证书失败");
BIO_free_all(pbio);
return;
}
m_pCAKey = PEM_read_bio_PrivateKey(pbio,NULL,0,(unsigned char*)(LPCTSTR)KeyPwd2);
if(m_pCAKey==NULL)
{
printf("打开私钥失败");
BIO_free_all(pbio);
return;
}*/
if (!(pbio = BIO_new_file((LPSTR)(LPCTSTR)crp,"r")))
printf("打开CA文件时出错");
if (!(m_pCACert = PEM_read_bio_X509(pbio,NULL,NULL,NULL)))
printf("从CA证书文件中读取证书时出错");
BIO_free_all(pbio);
if (!(pbio = BIO_new_file((LPSTR)(LPCTSTR)ck,"r")))
printf("打开CA私钥时出错");
if (!(m_pCAKey = PEM_read_bio_PrivateKey(pbio, NULL, NULL,KeyPwd3)))
printf("从文件中读取CA私钥时出错");
BIO_free_all(pbio);
ent();//<-------------------------------------------------------------------------------加密属性值
EVP_PKEY_assign_RSA(m_pClientKey,RSA_generate_key(1024,0x10001,NULL,NULL));
X509_NAME_add_entry_by_txt(subj,REQ_COUNTRY_NAME,MBSTRING_ASC,(unsigned char *)c,-1,-1,0);
X509_NAME_add_entry_by_txt(subj,REQ_STATA_OR_PROVINCE_NAME,MBSTRING_ASC,(unsigned char *)pr,-1,-1,0);
X509_NAME_add_entry_by_txt(subj,REQ_LOCALITE_NAME,MBSTRING_ASC,(unsigned char *)ct,-1,-1,0);
X509_NAME_add_entry_by_txt(subj,REQ_ORG_NAME,MBSTRING_ASC,(unsigned char *)or,-1,-1,0);
X509_NAME_add_entry_by_txt(subj,REQ_DEPT_NAME,MBSTRING_ASC,(unsigned char *)dp,-1,-1,0);
X509_NAME_add_entry_by_txt(subj,REQ_COMMON_NAME,MBSTRING_ASC,(unsigned char *)co,-1,-1,0);
//if(X509_REQ_set_subject_name(req,subj)!=1)
//if(X509_NAME_set(&req->req_info->subject,subj)!=1)
req->req_info->subject=X509_NAME_dup(subj);
if(req->req_info->subject==NULL)
{
printf("加入主体信息失败\n");
return;
}
//加入一个主体公钥(上小节生成的m_pClientKey)
//X509_REQ_set_pubkey(req, m_pClientKey);
X509_PUBKEY_set(&req->req_info->pubkey,m_pClientKey);
//加入一组可选的扩展属性
STACK_OF(X509_EXTENSION) *extlist=sk_X509_EXTENSION_new_null();//<--------------------调试出错在这行
X509_EXTENSION *ext=X509V3_EXT_conf(NULL,NULL,"addr","hunanust");
//生成扩展对象
sk_X509_EXTENSION_push(extlist,ext);
X509_REQ_add_extensions(req,extlist);//加入扩展项目。
//用主体的私钥对上面的req进行签名。在签名是需要选择摘要算法,
EVP_MD const *digest=EVP_md5();//(选择MD5算法)
X509_REQ_sign(req,m_pClientKey,digest);
ptemp=m_pClientCert;
//设置版本号
X509_set_version(ptemp, 2);
//设置证书序列号,这个sn就是CA中心颁发的第N份证书
ASN1_INTEGER_set(X509_get_serialNumber(ptemp),0);
//设置证书开始时间
X509_gmtime_adj(X509_get_notBefore(ptemp),0);
//设置证书结束时间
X509_gmtime_adj(X509_get_notAfter(ptemp), (long)60*60*24*365);
//设置证书的主体名称,req就是刚刚生成的请求证书
X509_set_subject_name(ptemp, X509_REQ_get_subject_name(req));
//设置证书的公钥信息
X509_set_pubkey(ptemp, X509_PUBKEY_get(req->req_info->pubkey));
//设置证书的签发者信息,m_pCACert是CA证书
X509_set_issuer_name(ptemp, X509_get_subject_name(m_pCACert));
//设置扩展项目
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, m_pCACert, m_pClientCert, NULL, NULL, 0);
X509_EXTENSION *x509_ext = X509_EXTENSION_new();
x509_ext = X509V3_EXT_conf(NULL,NULL, "hellomsg","good luck");
X509_add_ext(m_pClientCert,x509_ext,-1);
//设置签名值
X509_sign(m_pClientCert,m_pCAKey,EVP_md5());
pbio = BIO_new_file((LPSTR)(LPCTSTR)Save,"w");
i2d_X509_bio(pbio, m_pClientCert); //DER格式
printf("OK\n");
}