CSP php
看到这里,你们也许对CSP还比较迷惑。其实CSP是真正实行加密的独立模块,他既能够由软件实现也能够由硬件实现。可是他必须符合CryptoAPI接口的规范。 算法
每一个CSP都有一个名字和一个类型。每一个CSP的名字是惟一的,这样便于CryptoAPI找到对应的CSP。目前已经有9种CSP类型,而且还在增加。下表列出出它们支持的密钥交换算法、签名算法、对称加密算法和Hash算法。 windows
(表一) session
CSP类型 | 交换算法 | 签名算法 | 对称加密算法 | Hash算法 |
PROV_RSA_FULL | RSA | RSA | RC2 RC4 |
MD5 SHA |
PROV_RSA_SIG | none | RSA | none | MD5 SHA |
PROV_RSA_SCHANNEL | RSA | RSA | RC4 DES Triple DES |
MD5 SHA |
PROV_DSS | DSS | none | DSS | MD5 SHA |
PROV_DSS_DH | DH | DSS | CYLINK_MEK | MD5 SHA |
PROV_DH_SCHANNEL | DH | DSS | DES Triple DES |
MD5 SHA |
PROV_FORTEZZA | KEA | DSS | Skipjack | SHA |
PROV_MS_EXCHANGE | RSA | RSA | CAST | MD5 |
PROV_SSL | RSA | RSA | Varies | Varies |
从图一能够看到,每一个CSP有一个密钥库,密钥库用于存储密钥。而每一个密钥库包括一个或多个密钥容器(Key Containers)。每一个密钥容器中含属于一个特定用户的全部密钥对。每一个密钥容器被赋予一个惟一的名字。在销毁密钥容器前CSP将永久保存每个密钥容器,包括保存每一个密钥容器中的公/私钥对(见图二)。 app
4、 建立密钥容器,获得CSP句柄 ide
说了这么多只是一些理论性的东西,后面将详细介绍一下Microsoft CryptoAPI的使用方法。 函数
咱们已经提过,每个CSP都有一个名字和一个类型,而且名字保证惟一。因此能够经过名字和类型获得一个CSP。然而,要想加密确定须要密钥,那么密钥放哪里呢?对了,就放在密钥容器。(有人会问,密码库有什么用?其实密钥库是在安装CSP的时候已经存在了,他与CSP是相对应的。)可是密钥容器并非一开始就存在的,须要用户去建立。oop
使用Microsoft CryptoAPI 加密的通常步骤:ui
先使用CryptAcquireContext 得到CSP,要判断CSP是否存在,如没有则建立。 而后在 CryptCreateHash建立HASH对象,用密码来获取一个HASH Data,而后CryptDeriveKey得到会话密钥。 CryptEncrypt加密数据。this
咱们来看一段文件加密的代码。
#include < stdio.h >
#include < windows.h >
#include < wincrypt.h >
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
#define KEYLENGTH 0x00800000
void HandleError(char *s);
//--------------------------------------------------------------------
// These additional #define statements are required.
#define ENCRYPT_ALGORITHM CALG_RC4
#define ENCRYPT_BLOCK_SIZE 8
// Declare the function EncryptFile. The function definition
// follows main.
BOOL EncryptFile(
PCHAR szSource,
PCHAR szDestination,
PCHAR szPassword);
//--------------------------------------------------------------------
// Begin main.
void main(void)
{
CHAR szSource[100];
CHAR szDestination[100];
CHAR szPassword[100];
printf("Encrypt a file. \n\n");
printf("Enter the name of the file to be encrypted: ");
scanf("%s",szSource);
printf("Enter the name of the output file: ");
scanf("%s",szDestination);
printf("Enter the password:");
scanf("%s",szPassword);
//--------------------------------------------------------------------
// Call EncryptFile to do the actual encryption.
if(EncryptFile(szSource, szDestination, szPassword))
{
printf("Encryption of the file %s was a success. \n", szSource);
printf("The encrypted data is in file %s.\n",szDestination);
}
else
{
HandleError("Error encrypting file!");
}
} // End of main
//--------------------------------------------------------------------
// Code for the function EncryptFile called by main.
static BOOL EncryptFile(
PCHAR szSource,
PCHAR szDestination,
PCHAR szPassword)
//--------------------------------------------------------------------
// Parameters passed are:
// szSource, the name of the input, a plaintext file.
// szDestination, the name of the output, an encrypted file to be
// created.
// szPassword, the password.
{
//--------------------------------------------------------------------
// Declare and initialize local variables.
FILE *hSource;
FILE *hDestination;
HCRYPTPROV hCryptProv;
HCRYPTKEY hKey;
HCRYPTHASH hHash;
PBYTE pbBuffer;
DWORD dwBlockLen;
DWORD dwBufferLen;
DWORD dwCount;
//--------------------------------------------------------------------
// Open source file.
if(hSource = fopen(szSource,"rb"))
{
printf("The source plaintext file, %s, is open. \n", szSource);
}
else
{
HandleError("Error opening source plaintext file!");
}
//--------------------------------------------------------------------
// Open destination file.
if(hDestination = fopen(szDestination,"wb"))
{
printf("Destination file %s is open. \n", szDestination);
}
else
{
HandleError("Error opening destination ciphertext file!");
}
//如下得到一个CSP句柄
if(CryptAcquireContext(
&hCryptProv,
NULL, //NULL表示使用默认密钥容器,默认密钥容器名
//为用户登录名
NULL,
PROV_RSA_FULL,
0))
{
printf("A cryptographic provider has been acquired. \n");
}
else
{
if(CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))//建立密钥容器
{
//建立密钥容器成功,并获得CSP句柄
printf("A new key container has been created.\n");
}
else
{
HandleError("Could not create a new key container.\n");
}
}
//--------------------------------------------------------------------
// 建立一个会话密钥(session key)
// 会话密钥也叫对称密钥,用于对称加密算法。
// (注: 一个Session是指从调用函数CryptAcquireContext到调用函数
// CryptReleaseContext 期间的阶段。会话密钥只能存在于一个会话过程)
//--------------------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
printf("A hash object has been created. \n");
}
else
{
HandleError("Error during CryptCreateHash!\n");
}
//--------------------------------------------------------------------
// 用输入的密码产生一个散列
if(CryptHashData(
hHash,
(BYTE *)szPassword,
strlen(szPassword),
0))
{
printf("The password has been added to the hash. \n");
}
else
{
HandleError("Error during CryptHashData. \n");
}
//--------------------------------------------------------------------
// 经过散列生成会话密钥
if(CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
KEYLENGTH,
&hKey))
{
printf("An encryption key is derived from the password hash. \n");
}
else
{
HandleError("Error during CryptDeriveKey!\n");
}
//--------------------------------------------------------------------
// Destroy the hash object.
CryptDestroyHash(hHash);
hHash = NULL;
//--------------------------------------------------------------------
// The session key is now ready.
//--------------------------------------------------------------------
// 由于加密算法是按ENCRYPT_BLOCK_SIZE 大小的块加密的,因此被加密的
// 数据长度必须是ENCRYPT_BLOCK_SIZE 的整数倍。下面计算一次加密的
// 数据长度。
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
//--------------------------------------------------------------------
// Determine the block size. If a block cipher is used,
// it must have room for an extra block.
if(ENCRYPT_BLOCK_SIZE > 1)
dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
else
dwBufferLen = dwBlockLen;
//--------------------------------------------------------------------
// Allocate memory.
if(pbBuffer = (BYTE *)malloc(dwBufferLen))
{
printf("Memory has been allocated for the buffer. \n");
}
else
{
HandleError("Out of memory. \n");
}
//--------------------------------------------------------------------
// In a do loop, encrypt the source file and write to the source file.
do
{
//--------------------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
dwCount = fread(pbBuffer, 1, dwBlockLen, hSource);
if(ferror(hSource))
{
HandleError("Error reading plaintext!\n");
}
//--------------------------------------------------------------------
// 加密数据
if(!CryptEncrypt(
hKey, //密钥
0, //若是数据同时进行散列和加密,这里传入一个
//散列对象
feof(hSource), //若是是最后一个被加密的块,输入TRUE.若是不是输.
//入FALSE这里经过判断是否到文件尾来决定是否为
//最后一块。
0, //保留
pbBuffer, //输入被加密数据,输出加密后的数据
&dwCount, //输入被加密数据实际长度,输出加密后数据长度
dwBufferLen)) //pbBuffer的大小。
{
HandleError("Error during CryptEncrypt. \n");
}
//--------------------------------------------------------------------
// Write data to the destination file.
fwrite(pbBuffer, 1, dwCount, hDestination);
if(ferror(hDestination))
{
HandleError("Error writing ciphertext.");
}
}
while(!feof(hSource));
//--------------------------------------------------------------------
// End the do loop when the last block of the source file has been
// read, encrypted, and written to the destination file.
//--------------------------------------------------------------------
// Close files.
if(hSource)
fclose(hSource);
if(hDestination)
fclose(hDestination);
//--------------------------------------------------------------------
// Free memory.
if(pbBuffer)
free(pbBuffer);
//--------------------------------------------------------------------
// Destroy session key.
if(hKey)
CryptDestroyKey(hKey);
//--------------------------------------------------------------------
// Destroy hash object.
if(hHash)
CryptDestroyHash(hHash);
//--------------------------------------------------------------------
// Release provider handle.
if(hCryptProv)
CryptReleaseContext(hCryptProv, 0);
return(TRUE);
} // End of Encryptfile
//--------------------------------------------------------------------
// This example uses the function HandleError, a simple error
// handling function, to print an error message to the standard error
// (stderr) file and exit the program.
// For most applications, replace this function with one
// that does more extensive error reporting.
void HandleError(char *s)
{
fprintf(stderr,"An error occurred in running the program. \n");
fprintf(stderr,"%s\n",s);
fprintf(stderr, "Error number %x.\n", GetLastError());
fprintf(stderr, "Program terminating. \n");
exit(1);
} // End of HandleError