利用OpenSSL生成的私钥、公钥和证书，用来验证文件是否被修改

私钥格式：

证书中包含了公钥，在BEGIN CERTIFICATE和END CERTIFICATE之间，通常情况下是把证书中的公钥提取出来解密，其格式如下：

Certificate: Data: Version: 1 (0x0) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption Issuer: C=ca, ST=caspn, L=caln, O=caon, OU=caoun, CN=cacn/emailAddress=caea Validity Not Before: May 8 01:22:20 2007 GMT Not After : May 7 01:22:20 2008 GMT Subject: C=cn, ST=serversp, L=serverln, O=serveron, OU=serveroun, CN=servercn/emailAddress=serverea Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b7:e4:e1:d3:04:aa:d0:24:7b:94:ab:7b:78:2a: bf:78:9f:f4:18:aa:81:bc:c7:cb:23:e2:59:26:d1: 8e:84:04:44:b5:bb:31:34:5b:93:48:35:f8:c1:a4: 0a:17:24:41:e5:76:be:91:74:c1:31:03:14:b4:3b: f4:ad:d2:f9:de:3c:f1:42:80:73:99:86:63:8a:ac: 99:d7:cc:f0:a8:eb:61:09:42:65:0a:01:cf:ba:0c: 69:26:5b:66:34:f2:f7:28:20:7a:d2:08:d5:be:1d: 1e:65:c5:11:4b:52:ed:ac:f2:c9:35:79:9d:6b:38: ca:81:d2:ec:d9:02:03:0e:d1 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 7a:9b:b2:d1:14:18:c1:5e:e7:1b:8e:70:27:9a:4d:87:6d:1e: fd:e6:bb:28:f5:0c:c5:2c:b6:38:75:0d:31:4c:f4:9b:1e:f5: 9f:23:09:5e:a3:00:37:8f:af:56:c1:a5:0e:a6:8a:46:6f:18: 0d:8d:bc:49:d5:11:9f:6a:77:9b:2e:18:89:12:66:d9:21:01: 4f:86:a2:de:cb:6b:c3:fe:39:a9:be:f3:5d:06:b3:87:93:ab: 5b:a9:14:b9:8d:91:06:43:b3:8c:0d:f2:72:35:f8:88:37:c7: cf:ac:7b:21:a5:19:a9:e9:b0:2c:2d:26:9d:3d:19:4d:ec:94: f4:66 -----BEGIN CERTIFICATE----- MIICZTCCAc4CAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCY2ExDjAMBgNV BAgTBWNhc3BuMQ0wCwYDVQQHEwRjYWxuMQ0wCwYDVQQKEwRjYW9uMQ4wDAYDVQQL EwVjYW91bjENMAsGA1UEAxMEY2FjbjETMBEGCSqGSIb3DQEJARYEY2FlYTAeFw0w NzA1MDgwMTIyMjBaFw0wODA1MDcwMTIyMjBaMIGGMQswCQYDVQQGEwJjbjERMA8G A1UECBMIc2VydmVyc3AxETAPBgNVBAcTCHNlcnZlcmxuMREwDwYDVQQKEwhzZXJ2 ZXJvbjESMBAGA1UECxMJc2VydmVyb3VuMREwDwYDVQQDEwhzZXJ2ZXJjbjEXMBUG CSqGSIb3DQEJARYIc2VydmVyZWEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB ALfk4dMEqtAke5Sre3gqv3if9BiqgbzHyyPiWSbRjoQERLW7MTRbk0g1+MGkChck QeV2vpF0wTEDFLQ79K3S+d488UKAc5mGY4qsmdfM8KjrYQlCZQoBz7oMaSZbZjTy 9yggetII1b4dHmXFEUtS7azyyTV5nWs4yoHS7NkCAw7RAgMBAAEwDQYJKoZIhvcN AQEEBQADgYEAepuy0RQYwV7nG45wJ5pNh20e/ea7KPUMxSy2OHUNMUz0mx71nyMJ XqMAN4+vVsGlDqaKRm8YDY28SdURn2p3my4YiRJm2SEBT4ai3strw/45qb7zXQaz h5OrW6kUuY2RBkOzjA3ycjX4iDfHz6x7IaUZqemwLC0mnT0ZTeyU9GY= -----END CERTIFICATE-----

验证文件是否被修改的代码如下：

const char *certbuf="Certificate: / Data: / Version: 1 (0x0) / Serial Number: 2 (0x2) / Signature Algorithm: md5WithRSAEncryption / Issuer: C=ca, ST=caspn, L=caln, O=caon, OU=caoun, CN=cacn/emailAddress=caea / Validity / Not Before: May 8 01:22:20 2007 GMT / Not After : May 7 01:22:20 2008 GMT / Subject: C=cn, ST=serversp, L=serverln, O=serveron, OU=serveroun, CN=servercn/emailAddress=serverea / Subject Public Key Info: / Public Key Algorithm: rsaEncryption / RSA Public Key: (1024 bit) / Modulus (1024 bit): / 00:b7:e4:e1:d3:04:aa:d0:24:7b:94:ab:7b:78:2a: / bf:78:9f:f4:18:aa:81:bc:c7:cb:23:e2:59:26:d1: / 8e:84:04:44:b5:bb:31:34:5b:93:48:35:f8:c1:a4: / 0a:17:24:41:e5:76:be:91:74:c1:31:03:14:b4:3b: / f4:ad:d2:f9:de:3c:f1:42:80:73:99:86:63:8a:ac: / 99:d7:cc:f0:a8:eb:61:09:42:65:0a:01:cf:ba:0c: / 69:26:5b:66:34:f2:f7:28:20:7a:d2:08:d5:be:1d: / 1e:65:c5:11:4b:52:ed:ac:f2:c9:35:79:9d:6b:38: / ca:81:d2:ec:d9:02:03:0e:d1 / Exponent: 65537 (0x10001) / Signature Algorithm: md5WithRSAEncryption / 7a:9b:b2:d1:14:18:c1:5e:e7:1b:8e:70:27:9a:4d:87:6d:1e: / fd:e6:bb:28:f5:0c:c5:2c:b6:38:75:0d:31:4c:f4:9b:1e:f5: / 9f:23:09:5e:a3:00:37:8f:af:56:c1:a5:0e:a6:8a:46:6f:18: / 0d:8d:bc:49:d5:11:9f:6a:77:9b:2e:18:89:12:66:d9:21:01: / 4f:86:a2:de:cb:6b:c3:fe:39:a9:be:f3:5d:06:b3:87:93:ab: / 5b:a9:14:b9:8d:91:06:43:b3:8c:0d:f2:72:35:f8:88:37:c7: / cf:ac:7b:21:a5:19:a9:e9:b0:2c:2d:26:9d:3d:19:4d:ec:94: / f4:66 / -----BEGIN CERTIFICATE----- / MIICZTCCAc4CAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCY2ExDjAMBgNV / BAgTBWNhc3BuMQ0wCwYDVQQHEwRjYWxuMQ0wCwYDVQQKEwRjYW9uMQ4wDAYDVQQL / EwVjYW91bjENMAsGA1UEAxMEY2FjbjETMBEGCSqGSIb3DQEJARYEY2FlYTAeFw0w / NzA1MDgwMTIyMjBaFw0wODA1MDcwMTIyMjBaMIGGMQswCQYDVQQGEwJjbjERMA8G / A1UECBMIc2VydmVyc3AxETAPBgNVBAcTCHNlcnZlcmxuMREwDwYDVQQKEwhzZXJ2 / ZXJvbjESMBAGA1UECxMJc2VydmVyb3VuMREwDwYDVQQDEwhzZXJ2ZXJjbjEXMBUG / CSqGSIb3DQEJARYIc2VydmVyZWEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB / ALfk4dMEqtAke5Sre3gqv3if9BiqgbzHyyPiWSbRjoQERLW7MTRbk0g1+MGkChck / QeV2vpF0wTEDFLQ79K3S+d488UKAc5mGY4qsmdfM8KjrYQlCZQoBz7oMaSZbZjTy / 9yggetII1b4dHmXFEUtS7azyyTV5nWs4yoHS7NkCAw7RAgMBAAEwDQYJKoZIhvcN / AQEEBQADgYEAepuy0RQYwV7nG45wJ5pNh20e/ea7KPUMxSy2OHUNMUz0mx71nyMJ / XqMAN4+vVsGlDqaKRm8YDY28SdURn2p3my4YiRJm2SEBT4ai3strw/45qb7zXQaz / h5OrW6kUuY2RBkOzjA3ycjX4iDfHz6x7IaUZqemwLC0mnT0ZTeyU9GY= / -----END CERTIFICATE-----"; #define RSA_ENC_SIZE 128 #define KERNEL_SIZE 2*1024*1024 int verify(const unsigned char *buf,char *signature) { uart_init(); puts("signature is/n"); int j; for(j=0;j<RSA_ENC_SIZE;j++) puthex(signature[j]); puts("/n"); sslRsaKey_t *pubkey=NULL; if(X509ReadPubKey(certbuf,&pubkey)==-1) { puts("read pubkey error/n"); if(pubkey) matrixRsaFreeKey(pubkey); return -1; } char kernelhash[SHA1_HASH_SIZE]={0}; matrixRsaDecryptPub(0, pubkey, signature,RSA_ENC_SIZE,kernelhash, SHA1_HASH_SIZE); if(pubkey) matrixRsaFreeKey(pubkey); puts("pre_hash:/n"); int ii; for(ii=0;ii<SHA1_HASH_SIZE;ii++) { puthex(kernelhash[ii]); } puts("/n"); unsigned char tmp[SHA1_HASH_SIZE]; hash_state md; matrixSha1Init(&md); matrixSha1Update(&md,buf,KERNEL_SIZE); matrixSha1Final(&md, tmp); puts("kenel hash:/n"); for(ii=0;ii<SHA1_HASH_SIZE;ii++) puthex(tmp[ii]); puts("/n"); return memcmp(tmp,kernelhash,SHA1_HASH_SIZE); }