@ martingz
Thanks for your example. From what I understand, you sign the string with a private key, you know the password for it.
@ martingz / @ franco
I have to encrypt the token with a public key, issued by the government. For this public key, of course, we do not know the password.
I found an example in C
Code: Select all
#include <openssl/pem.h>
#include <string>
...
bool EncryptString(const std::string& InStr /*plaintext*/, const std::string& InPublicKey /*path to public key pem file*/, std::string& OutString /*ciphertext*/) {
// Load key
FILE* f = fopen(InPublicKey.c_str(), "r");
EVP_PKEY* pkey = PEM_read_PUBKEY(f, NULL, NULL, NULL);
fclose(f);
// Create/initialize context
EVP_PKEY_CTX* ctx;
ctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_encrypt_init(ctx);
// Specify padding: default is PKCS#1 v1.5
// EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING); // for OAEP with SHA1 for both digests
// Encryption
size_t ciphertextLen;
EVP_PKEY_encrypt(ctx, NULL, &ciphertextLen, (const unsigned char*)InStr.c_str(), InStr.size());
unsigned char* ciphertext = (unsigned char*)OPENSSL_malloc(ciphertextLen);
EVP_PKEY_encrypt(ctx, ciphertext, &ciphertextLen, (const unsigned char*)InStr.c_str(), InStr.size());
OutString.assign((char*)ciphertext, ciphertextLen);
// Release memory
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
OPENSSL_free(ciphertext);
return true; // add exception/error handling
}
I tried to adapt it to HB but it returns errors of unknown functions: EVP_PKEY_encrypt_init(), EVP_PKEY_encrypt(), ...