利用OpenSSL生成的私钥、公钥和证书，用来验证文件是否被修改

私钥格式：

-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,9F1B06DE4A9C9270LIM0SMeBTPJ2+2Qgpk0hhowbEK+YwkPr1SdRpVFIEGe4c4rlUXbN/byHuVGat3vAtux730350dYKFjMWgg+mczjNkSgWHDnooGWHXGrs0nAd8nrP+39y0C+rG0VGu0k1NsWwC+d6cOJOZ4UP3H7CxY3hr2+0nAPC93hCpByrN/kADvoNoH+tUQH1JNIkLbLivujQS+ExlhA84/0YlaskCffGDMA9tVRYzISTXxw7WXVEKvUkSqsEdvWiDPMev4z2hP1oCo/TCZQb2i7Um6aI1be6Y86G82syfK0Gpk0Lar6febV8aeXXFJSGR2+HoVpBuRDtDIPpk8kmW0UVJed7eO/uU5Y7nKbHD1xSigjI7JJd7d8imJ6FyM4ALlXFEdhlDaIHZ91AXcV683LY/poLCPG1wTJQOrFlEu2I93QWIkLBQdmIoN1KJG1nYkFOrla0AzAbJqFOAK0XbDQI5JGbcyb6QQ03bdks91nG/GLW2Nh/3OA7DqnUt127mrZRPe8N/LUT+1+iToYDXDQg8TMWtNwJySHVVd83vb4Pw5pQA+tsB4kM1p/S2ss8qD2fLh6V9yG7Wrpdm5tT/3xRZGw/IoLS34iEoIk0Jy5WgFsPcWamVrJzoBhYKiyxZ/x2n3dXqlatSgDDcQVlpSW44uVORpYj0PKgY7v6J3qsN/x+/4VBQ3v4Bbfm50m8BvfqR+MsakQ+42jLks/jUXPXbnSBDVGQIkr6VgCl+bAtv01SAjCLoxYf1UQMZHSMUv2ATeZObMRonj54wkm8T7ZairSq44KvRUeo+eMLjrqjW/bnCiY29QI/GFOK1Q==-----END RSA PRIVATE KEY-----

 

证书中包含了公钥，在BEGIN CERTIFICATE和END CERTIFICATE之间，通常情况下是把证书中的公钥提取出来解密，其格式如下：

Certificate: Data: Version: 1 (0x0) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption Issuer: C=ca, ST=caspn, L=caln, O=caon, OU=caoun, CN=cacn/emailAddress=caea Validity Not Before: May 8 01:22:20 2007 GMT Not After : May 7 01:22:20 2008 GMT Subject: C=cn, ST=serversp, L=serverln, O=serveron, OU=serveroun, CN=servercn/emailAddress=serverea Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b7:e4:e1:d3:04:aa:d0:24:7b:94:ab:7b:78:2a: bf:78:9f:f4:18:aa:81:bc:c7:cb:23:e2:59:26:d1: 8e:84:04:44:b5:bb:31:34:5b:93:48:35:f8:c1:a4: 0a:17:24:41:e5:76:be:91:74:c1:31:03:14:b4:3b: f4:ad:d2:f9:de:3c:f1:42:80:73:99:86:63:8a:ac: 99:d7:cc:f0:a8:eb:61:09:42:65:0a:01:cf:ba:0c: 69:26:5b:66:34:f2:f7:28:20:7a:d2:08:d5:be:1d: 1e:65:c5:11:4b:52:ed:ac:f2:c9:35:79:9d:6b:38: ca:81:d2:ec:d9:02:03:0e:d1 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 7a:9b:b2:d1:14:18:c1:5e:e7:1b:8e:70:27:9a:4d:87:6d:1e: fd:e6:bb:28:f5:0c:c5:2c:b6:38:75:0d:31:4c:f4:9b:1e:f5: 9f:23:09:5e:a3:00:37:8f:af:56:c1:a5:0e:a6:8a:46:6f:18: 0d:8d:bc:49:d5:11:9f:6a:77:9b:2e:18:89:12:66:d9:21:01: 4f:86:a2:de:cb:6b:c3:fe:39:a9:be:f3:5d:06:b3:87:93:ab: 5b:a9:14:b9:8d:91:06:43:b3:8c:0d:f2:72:35:f8:88:37:c7: cf:ac:7b:21:a5:19:a9:e9:b0:2c:2d:26:9d:3d:19:4d:ec:94: f4:66-----BEGIN CERTIFICATE-----MIICZTCCAc4CAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCY2ExDjAMBgNVBAgTBWNhc3BuMQ0wCwYDVQQHEwRjYWxuMQ0wCwYDVQQKEwRjYW9uMQ4wDAYDVQQLEwVjYW91bjENMAsGA1UEAxMEY2FjbjETMBEGCSqGSIb3DQEJARYEY2FlYTAeFw0wNzA1MDgwMTIyMjBaFw0wODA1MDcwMTIyMjBaMIGGMQswCQYDVQQGEwJjbjERMA8GA1UECBMIc2VydmVyc3AxETAPBgNVBAcTCHNlcnZlcmxuMREwDwYDVQQKEwhzZXJ2ZXJvbjESMBAGA1UECxMJc2VydmVyb3VuMREwDwYDVQQDEwhzZXJ2ZXJjbjEXMBUGCSqGSIb3DQEJARYIc2VydmVyZWEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALfk4dMEqtAke5Sre3gqv3if9BiqgbzHyyPiWSbRjoQERLW7MTRbk0g1+MGkChckQeV2vpF0wTEDFLQ79K3S+d488UKAc5mGY4qsmdfM8KjrYQlCZQoBz7oMaSZbZjTy9yggetII1b4dHmXFEUtS7azyyTV5nWs4yoHS7NkCAw7RAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAepuy0RQYwV7nG45wJ5pNh20e/ea7KPUMxSy2OHUNMUz0mx71nyMJXqMAN4+vVsGlDqaKRm8YDY28SdURn2p3my4YiRJm2SEBT4ai3strw/45qb7zXQazh5OrW6kUuY2RBkOzjA3ycjX4iDfHz6x7IaUZqemwLC0mnT0ZTeyU9GY=-----END CERTIFICATE-----

 

验证文件是否被修改的代码如下：

const char *certbuf="Certificate: / Data: / Version: 1 (0x0) / Serial Number: 2 (0x2) / Signature Algorithm: md5WithRSAEncryption / Issuer: C=ca, ST=caspn, L=caln, O=caon, OU=caoun, CN=cacn/emailAddress=caea / Validity / Not Before: May 8 01:22:20 2007 GMT / Not After : May 7 01:22:20 2008 GMT / Subject: C=cn, ST=serversp, L=serverln, O=serveron, OU=serveroun, CN=servercn/emailAddress=serverea / Subject Public Key Info: / Public Key Algorithm: rsaEncryption / RSA Public Key: (1024 bit) / Modulus (1024 bit): / 00:b7:e4:e1:d3:04:aa:d0:24:7b:94:ab:7b:78:2a: / bf:78:9f:f4:18:aa:81:bc:c7:cb:23:e2:59:26:d1: / 8e:84:04:44:b5:bb:31:34:5b:93:48:35:f8:c1:a4: / 0a:17:24:41:e5:76:be:91:74:c1:31:03:14:b4:3b: / f4:ad:d2:f9:de:3c:f1:42:80:73:99:86:63:8a:ac: / 99:d7:cc:f0:a8:eb:61:09:42:65:0a:01:cf:ba:0c: / 69:26:5b:66:34:f2:f7:28:20:7a:d2:08:d5:be:1d: / 1e:65:c5:11:4b:52:ed:ac:f2:c9:35:79:9d:6b:38: / ca:81:d2:ec:d9:02:03:0e:d1 / Exponent: 65537 (0x10001) / Signature Algorithm: md5WithRSAEncryption / 7a:9b:b2:d1:14:18:c1:5e:e7:1b:8e:70:27:9a:4d:87:6d:1e: / fd:e6:bb:28:f5:0c:c5:2c:b6:38:75:0d:31:4c:f4:9b:1e:f5: / 9f:23:09:5e:a3:00:37:8f:af:56:c1:a5:0e:a6:8a:46:6f:18: / 0d:8d:bc:49:d5:11:9f:6a:77:9b:2e:18:89:12:66:d9:21:01: / 4f:86:a2:de:cb:6b:c3:fe:39:a9:be:f3:5d:06:b3:87:93:ab: / 5b:a9:14:b9:8d:91:06:43:b3:8c:0d:f2:72:35:f8:88:37:c7: / cf:ac:7b:21:a5:19:a9:e9:b0:2c:2d:26:9d:3d:19:4d:ec:94: / f4:66 /-----BEGIN CERTIFICATE----- /MIICZTCCAc4CAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCY2ExDjAMBgNV /BAgTBWNhc3BuMQ0wCwYDVQQHEwRjYWxuMQ0wCwYDVQQKEwRjYW9uMQ4wDAYDVQQL /EwVjYW91bjENMAsGA1UEAxMEY2FjbjETMBEGCSqGSIb3DQEJARYEY2FlYTAeFw0w /NzA1MDgwMTIyMjBaFw0wODA1MDcwMTIyMjBaMIGGMQswCQYDVQQGEwJjbjERMA8G /A1UECBMIc2VydmVyc3AxETAPBgNVBAcTCHNlcnZlcmxuMREwDwYDVQQKEwhzZXJ2 /ZXJvbjESMBAGA1UECxMJc2VydmVyb3VuMREwDwYDVQQDEwhzZXJ2ZXJjbjEXMBUG /CSqGSIb3DQEJARYIc2VydmVyZWEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB /ALfk4dMEqtAke5Sre3gqv3if9BiqgbzHyyPiWSbRjoQERLW7MTRbk0g1+MGkChck /QeV2vpF0wTEDFLQ79K3S+d488UKAc5mGY4qsmdfM8KjrYQlCZQoBz7oMaSZbZjTy /9yggetII1b4dHmXFEUtS7azyyTV5nWs4yoHS7NkCAw7RAgMBAAEwDQYJKoZIhvcN /AQEEBQADgYEAepuy0RQYwV7nG45wJ5pNh20e/ea7KPUMxSy2OHUNMUz0mx71nyMJ /XqMAN4+vVsGlDqaKRm8YDY28SdURn2p3my4YiRJm2SEBT4ai3strw/45qb7zXQaz /h5OrW6kUuY2RBkOzjA3ycjX4iDfHz6x7IaUZqemwLC0mnT0ZTeyU9GY= /-----END CERTIFICATE-----";#define RSA_ENC_SIZE 128#define KERNEL_SIZE 2*1024*1024int verify(const unsigned char *buf,char *signature){uart_init();puts("signature is/n");int j;for(j=0;j<RSA_ENC_SIZE;j++)puthex(signature[j]);puts("/n"); sslRsaKey_t *pubkey=NULL; if(X509ReadPubKey(certbuf,&pubkey)==-1){puts("read pubkey error/n");if(pubkey)matrixRsaFreeKey(pubkey);return -1;} char kernelhash[SHA1_HASH_SIZE]={0};matrixRsaDecryptPub(0, pubkey, signature,RSA_ENC_SIZE,kernelhash, SHA1_HASH_SIZE);if(pubkey)matrixRsaFreeKey(pubkey);puts("pre_hash:/n");int ii;for(ii=0;ii<SHA1_HASH_SIZE;ii++){puthex(kernelhash[ii]);}puts("/n");unsigned char tmp[SHA1_HASH_SIZE];hash_state md;matrixSha1Init(&md);matrixSha1Update(&md,buf,KERNEL_SIZE);matrixSha1Final(&md, tmp);puts("kenel hash:/n");for(ii=0;ii<SHA1_HASH_SIZE;ii++)puthex(tmp[ii]);puts("/n");return memcmp(tmp,kernelhash,SHA1_HASH_SIZE);}