//使用私钥进行解密
int xxxUkey::PrivatekeyDecrypt(unsigned char *encryptedBuf,CK_ULONG encryptedBufLen)
{
CK_RV ckrv = 0;
CK_OBJECT_CLASS dataClass = CKO_PRIVATE_KEY;
BOOL IsToken=true;
CK_ATTRIBUTE pTempl[] =
{
{CKA_CLASS, &dataClass, sizeof(CKO_PRIVATE_KEY)},
{CKA_TOKEN, &IsToken, sizeof(true)}
};
//先查找到ukey里的唯一私钥对象(ukey设备中只有一个证书,一个公钥,一个私钥)
ckrv = m_pToken->C_FindObjectsInit(m_hSession, pTempl, 2);
CK_OBJECT_HANDLE hCKObj;
CK_ULONG ulRetCount = 0;
int numObj=0;
do
{
ckrv = m_pToken->C_FindObjects(m_hSession, &hCKObj, 1, &ulRetCount);
if(CKR_OK != ckrv)
{
break;
}
if(1 != ulRetCount)
break;
m_hPriKey = hCKObj;
numObj++;
}while(true);
if(numObj==0)
{
strcpy(m_errMsg,”Can”s find private key Obj”);
return -1;
}
else if(numObj>1)
{
sprintf(m_errMsg,”%d private key object(s) was found”,numObj);
return -1;
}
CK_ULONG decrytedBufLen = 0;
CK_MECHANISM ckMechanism = {CKM_RSA_PKCS, NULL_PTR, 0};
if(m_pPrivateDecrytedBuf)
{
delete[] m_pPrivateDecrytedBuf;
m_pPrivateDecrytedBuf = NULL_PTR;
decrytedBufLen = 0;
}
//解密初始化,这里报错,返回0x00000090,即CKR_OPERATION_ACTIVE
ckrv = m_pToken->C_DecryptInit(m_hSession,
&ckMechanism,
m_hPriKey);
if(CKR_OK != ckrv)
{
sprintf(m_errMsg,”Fail to call DecryptInit!Error code 0x%08X.”,ckrv);
ckrv = m_pToken->C_FindObjectsFinal(m_hSession);
return -1;
}
ckrv = m_pToken->C_Decrypt(m_hSession, encryptedBuf, encryptedBufLen, NULL_PTR, &decrytedBufLen);
if(CKR_OK != ckrv)
{
sprintf(m_errMsg,”Can”t acuire size of Data after Decrypt! Error code 0x%08X.”,ckrv);
return -1;
}
m_pPrivateDecrytedBuf = (CK_BYTE_PTR)new CK_BYTE[decrytedBufLen + 1];
if (! m_pPrivateDecrytedBuf)
{
strcpy(m_errMsg,”Can”t allocate enough memory for Decrypt!”);
return -1;
}
ZeroMemory(m_pPrivateDecrytedBuf, decrytedBufLen + 1);
ckrv = m_pToken->C_Decrypt(m_hSession, encryptedBuf, encryptedBufLen, m_pPrivateDecrytedBuf, &decrytedBufLen);
if (CKR_OK != ckrv)
{
sprintf(m_errMsg,”Fail to call decrypt,Error code 0x%08X.”,ckrv);
delete[] m_pPrivateDecrytedBuf;
return -1;
}
m_pToken->C_FindObjectsFinal(m_hSession);
return 0;
}
上面是本人用的私钥解密的代码。
本人测试的流程大致就是,打开ukey,查找私钥对象,用私钥对象进行解密。
但在C_DecryptInit就报错了,返回0x00000090,即CKR_OPERATION_ACTIVE
哪位高手懂的,指点下。
int xxxUkey::PrivatekeyDecrypt(unsigned char *encryptedBuf,CK_ULONG encryptedBufLen)
{
CK_RV ckrv = 0;
CK_OBJECT_CLASS dataClass = CKO_PRIVATE_KEY;
BOOL IsToken=true;
CK_ATTRIBUTE pTempl[] =
{
{CKA_CLASS, &dataClass, sizeof(CKO_PRIVATE_KEY)},
{CKA_TOKEN, &IsToken, sizeof(true)}
};
//先查找到ukey里的唯一私钥对象(ukey设备中只有一个证书,一个公钥,一个私钥)
ckrv = m_pToken->C_FindObjectsInit(m_hSession, pTempl, 2);
CK_OBJECT_HANDLE hCKObj;
CK_ULONG ulRetCount = 0;
int numObj=0;
do
{
ckrv = m_pToken->C_FindObjects(m_hSession, &hCKObj, 1, &ulRetCount);
if(CKR_OK != ckrv)
{
break;
}
if(1 != ulRetCount)
break;
m_hPriKey = hCKObj;
numObj++;
}while(true);
if(numObj==0)
{
strcpy(m_errMsg,”Can”s find private key Obj”);
return -1;
}
else if(numObj>1)
{
sprintf(m_errMsg,”%d private key object(s) was found”,numObj);
return -1;
}
CK_ULONG decrytedBufLen = 0;
CK_MECHANISM ckMechanism = {CKM_RSA_PKCS, NULL_PTR, 0};
if(m_pPrivateDecrytedBuf)
{
delete[] m_pPrivateDecrytedBuf;
m_pPrivateDecrytedBuf = NULL_PTR;
decrytedBufLen = 0;
}
//解密初始化,这里报错,返回0x00000090,即CKR_OPERATION_ACTIVE
ckrv = m_pToken->C_DecryptInit(m_hSession,
&ckMechanism,
m_hPriKey);
if(CKR_OK != ckrv)
{
sprintf(m_errMsg,”Fail to call DecryptInit!Error code 0x%08X.”,ckrv);
ckrv = m_pToken->C_FindObjectsFinal(m_hSession);
return -1;
}
ckrv = m_pToken->C_Decrypt(m_hSession, encryptedBuf, encryptedBufLen, NULL_PTR, &decrytedBufLen);
if(CKR_OK != ckrv)
{
sprintf(m_errMsg,”Can”t acuire size of Data after Decrypt! Error code 0x%08X.”,ckrv);
return -1;
}
m_pPrivateDecrytedBuf = (CK_BYTE_PTR)new CK_BYTE[decrytedBufLen + 1];
if (! m_pPrivateDecrytedBuf)
{
strcpy(m_errMsg,”Can”t allocate enough memory for Decrypt!”);
return -1;
}
ZeroMemory(m_pPrivateDecrytedBuf, decrytedBufLen + 1);
ckrv = m_pToken->C_Decrypt(m_hSession, encryptedBuf, encryptedBufLen, m_pPrivateDecrytedBuf, &decrytedBufLen);
if (CKR_OK != ckrv)
{
sprintf(m_errMsg,”Fail to call decrypt,Error code 0x%08X.”,ckrv);
delete[] m_pPrivateDecrytedBuf;
return -1;
}
m_pToken->C_FindObjectsFinal(m_hSession);
return 0;
}
上面是本人用的私钥解密的代码。
本人测试的流程大致就是,打开ukey,查找私钥对象,用私钥对象进行解密。
但在C_DecryptInit就报错了,返回0x00000090,即CKR_OPERATION_ACTIVE
哪位高手懂的,指点下。
解决方案
20
仅供参考:
#pragma comment(lib, "crypt32.lib") #pragma comment(lib, "advapi32.lib") #define _WIN32_WINNT 0x0400 #include <stdio.h> #include <windows.h> #include <wincrypt.h> #define KEYLENGTH 0x00800000 void HandleError(char *s); //-- // These additional #define statements are required. #define ENCRYPT_ALGORITHM CALG_RC4 #define ENCRYPT_BLOCK_SIZE 8 // Declare the function EncryptFile. The function definition // follows main. BOOL EncryptFile( PCHAR szSource, PCHAR szDestination, PCHAR szPassword); //-- // Begin main. void main(void) { CHAR szSource[100]; CHAR szDestination[100]; CHAR szPassword[100]; printf("Encrypt a file. \n\n"); printf("Enter the name of the file to be encrypted: "); scanf("%s",szSource); printf("Enter the name of the output file: "); scanf("%s",szDestination); printf("Enter the password:"); scanf("%s",szPassword); //-- // Call EncryptFile to do the actual encryption. if(EncryptFile(szSource, szDestination, szPassword)) { printf("Encryption of the file %s was a success. \n", szSource); printf("The encrypted data is in file %s.\n",szDestination); } else { HandleError("Error encrypting file!"); } } // End of main //-- // Code for the function EncryptFile called by main. static BOOL EncryptFile( PCHAR szSource, PCHAR szDestination, PCHAR szPassword) //-- // Parameters passed are: // szSource, the name of the input, a plaintext file. // szDestination, the name of the output, an encrypted file to be // created. // szPassword, the password. { //-- // Declare and initialize local variables. FILE *hSource; FILE *hDestination; HCRYPTPROV hCryptProv; HCRYPTKEY hKey; HCRYPTHASH hHash; PBYTE pbBuffer; DWORD dwBlockLen; DWORD dwBufferLen; DWORD dwCount; //-- // Open source file. if(hSource = fopen(szSource,"rb")) { printf("The source plaintext file, %s, is open. \n", szSource); } else { HandleError("Error opening source plaintext file!"); } //-- // Open destination file. if(hDestination = fopen(szDestination,"wb")) { printf("Destination file %s is open. \n", szDestination); } else { HandleError("Error opening destination ciphertext file!"); } //以下获得一个CSP句柄 if(CryptAcquireContext( &hCryptProv, NULL, //NULL表示使用默认密钥容器,默认密钥容器名 //为用户登陆名 NULL, PROV_RSA_FULL, 0)) { printf("A cryptographic provider has been acquired. \n"); } else { if(CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))//创建密钥容器 { //创建密钥容器成功,并得到CSP句柄 printf("A new key container has been created.\n"); } else { HandleError("Could not create a new key container.\n"); } } //-- // 创建一个会话密钥(session key) // 会话密钥也叫对称密钥,用于对称加密算法。 // (注: 一个Session是指从调用函数CryptAcquireContext到调用函数 // CryptReleaseContext 期间的阶段。会话密钥只能存在于一个会话过程) //-- // Create a hash object. if(CryptCreateHash( hCryptProv, CALG_MD5, 0, 0, &hHash)) { printf("A hash object has been created. \n"); } else { HandleError("Error during CryptCreateHash!\n"); } //-- // 用输入的密码产生一个散列 if(CryptHashData( hHash, (BYTE *)szPassword, strlen(szPassword), 0)) { printf("The password has been added to the hash. \n"); } else { HandleError("Error during CryptHashData. \n"); } //-- // 通过散列生成会话密钥 if(CryptDeriveKey( hCryptProv, ENCRYPT_ALGORITHM, hHash, KEYLENGTH, &hKey)) { printf("An encryption key is derived from the password hash. \n"); } else { HandleError("Error during CryptDeriveKey!\n"); } //-- // Destroy the hash object. CryptDestroyHash(hHash); hHash = NULL; //-- // The session key is now ready. //-- // 原因是加密算法是按ENCRYPT_BLOCK_SIZE 大小的块加密的,所以被加密的 // 数据长度必须是ENCRYPT_BLOCK_SIZE 的整数倍。下面计算一次加密的 // 数据长度。 dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE; //-- // Determine the block size. If a block cipher is used, // it must have room for an extra block. if(ENCRYPT_BLOCK_SIZE > 1) dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE; else dwBufferLen = dwBlockLen; //-- // Allocate memory. if(pbBuffer = (BYTE *)malloc(dwBufferLen)) { printf("Memory has been allocated for the buffer. \n"); } else { HandleError("Out of memory. \n"); } //-- // In a do loop, encrypt the source file and write to the destination file. do { //-- // Read up to dwBlockLen bytes from the source file. dwCount = fread(pbBuffer, 1, dwBlockLen, hSource); if(ferror(hSource)) { HandleError("Error reading plaintext!\n"); } //-- // 加密数据 if(!CryptEncrypt( hKey, //密钥 0, //假如数据同时进行散列和加密,这里传入一个 //散列对象 feof(hSource), //假如是最后一个被加密的块,输入TRUE.假如不是输. //入FALSE这里通过判断能否到文件尾来决定能否为 //最后一块。 0, //保留 pbBuffer, //输入被加密数据,输出加密后的数据 &dwCount, //输入被加密数据实际长度,输出加密后数据长度 dwBufferLen)) //pbBuffer的大小。 { HandleError("Error during CryptEncrypt. \n"); } //-- // Write data to the destination file. fwrite(pbBuffer, 1, dwCount, hDestination); if(ferror(hDestination)) { HandleError("Error writing ciphertext."); } } while(!feof(hSource)); //-- // End the do loop when the last block of the source file has been // read, encrypted, and written to the destination file. //-- // Close files. if(hSource) fclose(hSource); if(hDestination) fclose(hDestination); //-- // Free memory. if(pbBuffer) free(pbBuffer); //-- // Destroy session key. if(hKey) CryptDestroyKey(hKey); //-- // Destroy hash object. if(hHash) CryptDestroyHash(hHash); //-- // Release provider handle. if(hCryptProv) CryptReleaseContext(hCryptProv, 0); return(TRUE); } // End of Encryptfile //-- // This example uses the function HandleError, a simple error // handling function, to print an error message to the standard error // (stderr) file and exit the program. // For most applications, replace this function with one // that does more extensive error reporting. void HandleError(char *s) { fprintf(stderr,"An error occurred in running the program. \n"); fprintf(stderr,"%s\n",s); fprintf(stderr, "Error number %x.\n", GetLastError()); fprintf(stderr, "Program terminating. \n"); exit(1); } // End of HandleError