最近出现一些SAP ABAP RSA加密的需求,这里搬运一篇文章,用于学习参考。

本文链接:https://www.cnblogs.com/hhelibeb/p/14952732.html

原文标题:RSA Encryption in ABAP

最近我偶然在SAP社区发现了很多关于RSA加密的未解答的问题。在这里我将尝试提供一些例子,说明如何在ABAP中使用公钥/私钥加密。

所有的间接问题,如证书、信任、撤销和密钥生成,在本文中不会涉及。密钥将用openssl生成。

例子1 – 用自己的ABAP RSA实现

RSA加密是非常简单的。只需要整数算术--主要是模幂运算。唯一的问题是,所涉及的整数比ABAP和大多数其他语言默认能处理的长。幸运的是,这个问题被Harry Boeck用Z04_BIGINTX类解决了,可以在这里找到(出色的工作)。

备注:评论区提到另一个解决方案abapPGP

生成RSA key

创建一个工作目录,并进入,

mkdir -p /tmp/rsa

cd /tmp/rsa

生成2048位RSA密钥。

/tmp/rsa > openssl genrsa -out rsa.key 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

.....................................................................+++++

.......+++++

e is 65537 (0x010001)

用纯文本输出公钥和私钥。我们只需要模数(modulus)、公钥指数(publicExponent)和私钥指数(privateExponent)。

/tmp/rsa > openssl pkey -in rsa.key -text

-----BEGIN PRIVATE KEY-----

MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDiBbntt4wk807Q

Bzh0gdwwXFyxe1/a41dDZeekgxC5p649B1pT6Ft7P6eSmZqDdZ6t04JpzAdyHjzj

2DMPt6VpAkXyaQSXLHd7dKWYnw2b/akWptd761zx9oIY1tHz0y4VbfkX0yt7FwvP

jUK6XfpcyYymJ1KMmG/UhsIENLxhaU56/gnKdl01XTcKe+JkBpv02dpw+bw6BE34

21FXFmSpoduAHA8/lm+9U6PqdvxU6IDB16n5X74IyUCTQsMW7XQgaw3cqVWTYigU

sZFbHPEddfkCZDNfSodmRd+WZTuCRjD6+K/9+K1j7Kk4a2LMC7r0bPOIYcrW+0VC

+ykiz8QTAgMBAAECggEBAL27/tt+FEhEcymQliS/in6SWkGnBs1xwKRUXEMuvxCK

oWqbzIjZakopIlufVCT8zMqw3i4/1xRGK+k8aYjNKi7feKZI4FCjRF2/iu92vW7w

XkwknIlrB6gavhVp5+9dnLbijZMhcsOukfyWYaifEXdovggQxGw/3siyoxXyyxyd

PSB1Wf+LdZ1EOTaEfk3+lgEpEUzdFTNEC/jwrQJiXzSB+nP5bB0Az3kMcbhxwa01

hAUylXCNtnrRJv0sMvQJOy59gBjiPn3GW62t8Kf/km3IlDRKE7h9xYECafQabaXR

0q6swX09YpdKKBEHYLE9ArpamJtJYPtlA2XSvsfBqkECgYEA84Bt20EpBPldrUFN

GLb7qKNPawRbMff204xx7OtzHD77Th6hcvaXU0C/D4c+DMZNQ/2M4xbLoZWPTOnK

BxOhpbZMH4prxLA4U/6TDQwo9F3kW/1zPcYKfxOgW6tlVHWnLR4Kd1+W7ygNOhjV

El6lWwi008547z05w5ZQ2T+U3OECgYEA7Z+fO6ZWIRqHJq1MCzStTtS+hGkwJArj

DGy8AbvGV7LScmH31sxRJqZp6jHMOICBjgwAPN0VE5eq+xUcPs0p5/seTy/MzSbf

uRG+A//PIG/yUVuOV6nuCYKsY2v2oTUF+v8HGMkfa7WkEhD5S5lZ+oA8gVMXQ4Ey

J235xfPu63MCgYEA4qA+HljX14RK1kw3d/Ad6ocMDDsCsU/qDlvhUDKWcMyBUeSa

OIgesOJKsCYb7wHEuanKrTPzE5FBzMCuQcXYpYUz9gr7YBTuZ+ZAcF1H5J9aQO9z

iSO/cyQOFCNB7MiPbiNOdGmn7S/ml5KzBCTIWyCQQ60fyvG9yDYnSvqtDqECgYBk

29Cxd9us916QKxRQ2U4KXMB04VTep4RRnMF8FuCMDsnGZRDWKijzt8TS88oT3W+g

BDYBn3E3vLOFGSPBAEIeRfdKcyaBmVNycTZu6iBXS0zV/X+AdA8mGEHlfUjUifX8

4Ex517wvcoyuYmf+D5wieFW2KreAHpFULRjMTcqGQwKBgQCMrLoC1dasdvcQ/d9r

sd1AlGjSjoVhGeb19NYQMdOxx29vExP45ClSmnTCTZIZFVpeXHQ4X3ALq2uK4bQp

Cyqrz+4TRLY9e9qgTqNsWkhyke9YSAYNxCb17ZXf7rtHgTJeGbnDvrKC8xa2EvgR

sZknhXCegj6UBsECwPBrYZoDag==

-----END PRIVATE KEY-----

RSA Private-Key: (2048 bit, 2 primes)

modulus:

    00:e2:05:b9:ed:b7:8c:24:f3:4e:d0:07:38:74:81:

    dc:30:5c:5c:b1:7b:5f:da:e3:57:43:65:e7:a4:83:

    10:b9:a7:ae:3d:07:5a:53:e8:5b:7b:3f:a7:92:99:

    9a:83:75:9e:ad:d3:82:69:cc:07:72:1e:3c:e3:d8:

    33:0f:b7:a5:69:02:45:f2:69:04:97:2c:77:7b:74:

    a5:98:9f:0d:9b:fd:a9:16:a6:d7:7b:eb:5c:f1:f6:

    82:18:d6:d1:f3:d3:2e:15:6d:f9:17:d3:2b:7b:17:

    0b:cf:8d:42:ba:5d:fa:5c:c9:8c:a6:27:52:8c:98:

    6f:d4:86:c2:04:34:bc:61:69:4e:7a:fe:09:ca:76:

    5d:35:5d:37:0a:7b:e2:64:06:9b:f4:d9:da:70:f9:

    bc:3a:04:4d:f8:db:51:57:16:64:a9:a1:db:80:1c:

    0f:3f:96:6f:bd:53:a3:ea:76:fc:54:e8:80:c1:d7:

    a9:f9:5f:be:08:c9:40:93:42:c3:16:ed:74:20:6b:

    0d:dc:a9:55:93:62:28:14:b1:91:5b:1c:f1:1d:75:

    f9:02:64:33:5f:4a:87:66:45:df:96:65:3b:82:46:

    30:fa:f8:af:fd:f8:ad:63:ec:a9:38:6b:62:cc:0b:

    ba:f4:6c:f3:88:61:ca:d6:fb:45:42:fb:29:22:cf:

    c4:13

publicExponent: 65537 (0x10001)

privateExponent:

    00:bd:bb:fe:db:7e:14:48:44:73:29:90:96:24:bf:

    8a:7e:92:5a:41:a7:06:cd:71:c0:a4:54:5c:43:2e:

    bf:10:8a:a1:6a:9b:cc:88:d9:6a:4a:29:22:5b:9f:

    54:24:fc:cc:ca:b0:de:2e:3f:d7:14:46:2b:e9:3c:

    69:88:cd:2a:2e:df:78:a6:48:e0:50:a3:44:5d:bf:

    8a:ef:76:bd:6e:f0:5e:4c:24:9c:89:6b:07:a8:1a:

    be:15:69:e7:ef:5d:9c:b6:e2:8d:93:21:72:c3:ae:

    91:fc:96:61:a8:9f:11:77:68:be:08:10:c4:6c:3f:

    de:c8:b2:a3:15:f2:cb:1c:9d:3d:20:75:59:ff:8b:

    75:9d:44:39:36:84:7e:4d:fe:96:01:29:11:4c:dd:

    15:33:44:0b:f8:f0:ad:02:62:5f:34:81:fa:73:f9:

    6c:1d:00:cf:79:0c:71:b8:71:c1:ad:35:84:05:32:

    95:70:8d:b6:7a:d1:26:fd:2c:32:f4:09:3b:2e:7d:

    80:18:e2:3e:7d:c6:5b:ad:ad:f0:a7:ff:92:6d:c8:

    94:34:4a:13:b8:7d:c5:81:02:69:f4:1a:6d:a5:d1:

    d2:ae:ac:c1:7d:3d:62:97:4a:28:11:07:60:b1:3d:

    02:ba:5a:98:9b:49:60:fb:65:03:65:d2:be:c7:c1:

    aa:41

.

.

.

key

现在有了key和类Z04_BIGINTX,我们可以写程序了。

ABAP程序

在下面的程序中,我们用公钥加密,用私钥签署"Thirty-two bytes secret message!"这个信息。结果显示在屏幕上。它们被保存在生成密钥的相同文件夹中。

签名通常包括对消息进行散列(hash),并对散列值进行签名,但是因为我们的消息足够小,我们跳过散列步骤,直接对消息本身进行签名。作为概念证明,这样做应该是足够的。
实际的工作只是几行代码而已。

加密:

msg_encr_bi = msg_plain_bi->powmod( x = publicExponent

                                    m = pub_modulus_bi ).

签名:

msg_encr_bi = msg_plain_bi->powmod( x = priv_exponent_bi

                                    m = pub_modulus_bi ).

剩下的就是将十六进制转换为十进制,然后再转换回来。

REPORT Z_RSA.

data: bi1     type ref to z04_BigIntX,

      bi2     type ref to z04_BigIntX,

      bi256   type ref to z04_BigIntX,

      s  type string,

      i1 type I,

      i2 type I,

      i3 type I value 0,

      x1 type X,

      publicExponent   type ref to z04_BigIntX,

      pub_modulus_s    type string,

      pub_modulus_x    type xstring,

      pub_modulus_bi   type ref to z04_BigIntX,

      priv_exponent_s  type string,

      priv_exponent_x  type xstring,

      priv_exponent_bi type ref to z04_BigIntX,

      msg_text         type string,

      msg_plain_bi     type ref to z04_BigIntX,

      msg_encr_bi      type ref to z04_BigIntX,

      msg_encr_x       type xstring,

      msg_sign_x       type xstring,

      pkcs_rnd         type xstring,

      pkcs_ff_s        type string,

      pkcs_ff_x        type xstring,

      pkcs_head_sign   type xstring value '0001',

      pkcs_head_encr   type xstring value '0002',

      pkcs_zero        type xstring value '00',

      pkcs_one         type xstring value '01',

      msg_xstr         type xstring,

      msg_xstr_e       type xstring,

      msg_xstr_s       type xstring,

      msg_file_name    type string value '/tmp/rsa/encrypted_msg',

      msg_file_name_s  type string value '/tmp/rsa/signed_msg'.

create object msg_plain_bi.

create object bi1.

create object bi2.

create object bi256.

create object publicExponent.

create object pub_modulus_bi.

create object priv_exponent_bi.

create object msg_encr_bi.

DATA: T1 TYPE I, T2 TYPE I, T3 TYPE I.

bi256->seti( 256 ).

*---------------------

* PREPARE THE KEY

*---------------------

" public exponent

publicExponent->setstr( '65537' ).

" private exponent

CONCATENATE

  '00:bd:bb:fe:db:7e:14:48:44:73:29:90:96:24:bf:'

  '8a:7e:92:5a:41:a7:06:cd:71:c0:a4:54:5c:43:2e:'

  'bf:10:8a:a1:6a:9b:cc:88:d9:6a:4a:29:22:5b:9f:'

  '54:24:fc:cc:ca:b0:de:2e:3f:d7:14:46:2b:e9:3c:'

  '69:88:cd:2a:2e:df:78:a6:48:e0:50:a3:44:5d:bf:'

  '8a:ef:76:bd:6e:f0:5e:4c:24:9c:89:6b:07:a8:1a:'

  'be:15:69:e7:ef:5d:9c:b6:e2:8d:93:21:72:c3:ae:'

  '91:fc:96:61:a8:9f:11:77:68:be:08:10:c4:6c:3f:'

  'de:c8:b2:a3:15:f2:cb:1c:9d:3d:20:75:59:ff:8b:'

  '75:9d:44:39:36:84:7e:4d:fe:96:01:29:11:4c:dd:'

  '15:33:44:0b:f8:f0:ad:02:62:5f:34:81:fa:73:f9:'

  '6c:1d:00:cf:79:0c:71:b8:71:c1:ad:35:84:05:32:'

  '95:70:8d:b6:7a:d1:26:fd:2c:32:f4:09:3b:2e:7d:'

  '80:18:e2:3e:7d:c6:5b:ad:ad:f0:a7:ff:92:6d:c8:'

  '94:34:4a:13:b8:7d:c5:81:02:69:f4:1a:6d:a5:d1:'

  'd2:ae:ac:c1:7d:3d:62:97:4a:28:11:07:60:b1:3d:'

  '02:ba:5a:98:9b:49:60:fb:65:03:65:d2:be:c7:c1:'

  'aa:41'

into priv_exponent_s.

replace ALL OCCURRENCES OF REGEX '(:)' in priv_exponent_s with ''.

TRANSLATE priv_exponent_s TO UPPER CASE.

priv_exponent_x = priv_exponent_s.

" Convert the modulus from HEX to DEC

bi2->seti( 1 ).

i1 = xstrlen( priv_exponent_x ).

WHILE ( i1 > 0 ).

  i1 = i1 - 1.

  i2 = priv_exponent_x+i1(1).

  bi1->seti( i2 ).

  bi1->mul( bi2 ).

  bi2->mul( bi256 ).

  priv_exponent_bi = priv_exponent_bi->add( bi1 ).

ENDWHILE.

" public key

CONCATENATE

  '00:e2:05:b9:ed:b7:8c:24:f3:4e:d0:07:38:74:81:'

  'dc:30:5c:5c:b1:7b:5f:da:e3:57:43:65:e7:a4:83:'

  '10:b9:a7:ae:3d:07:5a:53:e8:5b:7b:3f:a7:92:99:'

  '9a:83:75:9e:ad:d3:82:69:cc:07:72:1e:3c:e3:d8:'

  '33:0f:b7:a5:69:02:45:f2:69:04:97:2c:77:7b:74:'

  'a5:98:9f:0d:9b:fd:a9:16:a6:d7:7b:eb:5c:f1:f6:'

  '82:18:d6:d1:f3:d3:2e:15:6d:f9:17:d3:2b:7b:17:'

  '0b:cf:8d:42:ba:5d:fa:5c:c9:8c:a6:27:52:8c:98:'

  '6f:d4:86:c2:04:34:bc:61:69:4e:7a:fe:09:ca:76:'

  '5d:35:5d:37:0a:7b:e2:64:06:9b:f4:d9:da:70:f9:'

  'bc:3a:04:4d:f8:db:51:57:16:64:a9:a1:db:80:1c:'

  '0f:3f:96:6f:bd:53:a3:ea:76:fc:54:e8:80:c1:d7:'

  'a9:f9:5f:be:08:c9:40:93:42:c3:16:ed:74:20:6b:'

  '0d:dc:a9:55:93:62:28:14:b1:91:5b:1c:f1:1d:75:'

  'f9:02:64:33:5f:4a:87:66:45:df:96:65:3b:82:46:'

  '30:fa:f8:af:fd:f8:ad:63:ec:a9:38:6b:62:cc:0b:'

  'ba:f4:6c:f3:88:61:ca:d6:fb:45:42:fb:29:22:cf:'

  'c4:13'

into pub_modulus_s.

replace ALL OCCURRENCES OF REGEX '(:)' in pub_modulus_s with ''.

TRANSLATE pub_modulus_s TO UPPER CASE.

pub_modulus_x = pub_modulus_s.

" Convert the modulus from HEX to DEC

bi2->seti( 1 ).

i1 = xstrlen( pub_modulus_x ).

WHILE ( i1 > 0 ).

  i1 = i1 - 1.

  i2 = pub_modulus_x+i1(1).

  bi1->seti( i2 ).

  bi1->mul( bi2 ).

  bi2->mul( bi256 ).

  pub_modulus_bi = pub_modulus_bi->add( bi1 ).

ENDWHILE.

*---------------------

* END PREPARE THE KEY

*---------------------

msg_text = 'Thirty-two bytes secret message!'.

write: / 'Plain message:'.

write: / msg_text.

SKIP.

*---------------------

* START ENCRYPTION

*---------------------

CALL FUNCTION 'SCMS_STRING_TO_XSTRING'

  EXPORTING

    text = msg_text

  IMPORTING

    buffer = msg_xstr.

write: / 'Plain message in HEX:'.

PERFORM SHOW_DATA USING msg_xstr.

SKIP.

i1 = 256 - 3 - xstrlen( msg_xstr ).

CALL FUNCTION 'GENERATE_SEC_RANDOM'

  EXPORTING

    length = i1

  IMPORTING

    random = pkcs_rnd

  EXCEPTIONS

    INVALID_LENGTH = 1

    NO_MEMORY = 2

    INTERNAL_ERROR = 3.

  do i1 TIMES.

    CONCATENATE 'FF' pkcs_ff_s INTO pkcs_ff_s.

  enddo.

  pkcs_ff_x = pkcs_ff_s.

REPLACE ALL OCCURRENCES OF pkcs_zero in pkcs_rnd with pkcs_one IN BYTE MODE.

CONCATENATE

 pkcs_head_encr

 pkcs_rnd

 pkcs_zero

 msg_xstr

into msg_xstr_e in byte mode.

write: / 'Plain message PKCS1-V1.5 padded for encryption in HEX:'.

PERFORM SHOW_DATA USING msg_xstr_e.

SKIP.

" Convert the padded plain text message from HEX to DEC

i1 = xstrlen( msg_xstr_e ).

bi2->seti( 1 ).

WHILE ( i1 > 0 ).

  i1 = i1 - 1.

  i2 = msg_xstr_e+i1(1).

  bi1->seti( i2 ).

  bi1->mul( bi2 ).

  bi2->mul( bi256 ).

  msg_plain_bi = msg_plain_bi->add( bi1 ).

ENDWHILE.

" Encrypt the message

GET RUN TIME FIELD T1.

msg_encr_bi = msg_plain_bi->powmod( x = publicExponent

                                    m = pub_modulus_bi ).

GET RUN TIME FIELD T2.

T3 = T2 - T1.

write: / 'Encryption time:', T3.

" Convert the encrypted message from DEC to HEX

WHILE ( s <> '0' ).

  i1 = bi2->setobj( msg_encr_bi )->mod( bi256 )->getstr( 0 ) + i3.

  if i1 = 256.

     i3 = 1.

  else.

     i3 = 0.

  endif.

  x1 = i1.

  s = msg_encr_bi->div( bi256 )->getstr( 0 ).

  CONCATENATE x1 msg_encr_x INTO msg_encr_x IN BYTE MODE.

ENDWHILE.

" output encrypted message

OPEN DATASET msg_file_name FOR OUTPUT IN BINARY MODE.

TRANSFER msg_encr_x TO msg_file_name.

CLOSE DATASET msg_file_name.

write: / 'RSA encrypted message:'.

PERFORM SHOW_DATA USING msg_encr_x.

SKIP.

*---------------------

* END ENCRYPTION

*---------------------

*---------------------

* START SIGNING

*---------------------

" Message PKCS#1 padding for signing

CONCATENATE

 pkcs_head_sign

 pkcs_ff_x

 pkcs_zero

 msg_xstr

into msg_xstr_s in byte mode.

write: / 'Plain message PKCS1-V1.5 padded for signing in HEX:'.

PERFORM SHOW_DATA USING msg_xstr_s.

SKIP.

" Convert the padded plain text message from HEX to DEC

msg_plain_bi->seti( 0 ).

i1 = xstrlen( msg_xstr_s ).

bi2->seti( 1 ).

WHILE ( i1 > 0 ).

  i1 = i1 - 1.

  i2 = msg_xstr_s+i1(1).

  bi1->seti( i2 ).

  bi1->mul( bi2 ).

  bi2->mul( bi256 ).

  msg_plain_bi = msg_plain_bi->add( bi1 ).

ENDWHILE.

" Sign the message

GET RUN TIME FIELD T1.

msg_encr_bi = msg_plain_bi->powmod( x = priv_exponent_bi

                                    m = pub_modulus_bi ).

GET RUN TIME FIELD T2.

i1 = T2 - T1.

write: / 'Signing time:', i1.

s = ''.

msg_sign_x = ''.

" Convert the encrypted message from DEC to HEX

WHILE ( s <> '0' ).

  i1 = bi2->setobj( msg_encr_bi )->mod( bi256 )->getstr( 0 ) + i3.

  if i1 = 256.

     i3 = 1.

  else.

     i3 = 0.

  endif.

  x1 = i1.

  s = msg_encr_bi->div( bi256 )->getstr( 0 ).

  CONCATENATE x1 msg_sign_x INTO msg_sign_x IN BYTE MODE.

ENDWHILE.

" Output signed message

OPEN DATASET msg_file_name_s FOR OUTPUT IN BINARY MODE.

TRANSFER msg_sign_x TO msg_file_name_s.

CLOSE DATASET msg_file_name_s.

write: / 'RSA signed message:'.

PERFORM SHOW_DATA USING msg_sign_x.

*---------------------

* END SIGNING

*---------------------

FORM SHOW_DATA USING  data_x TYPE xstring.

  DATA: data_len TYPE I

      , i1       TYPE I value 0

      , i2       TYPE I value 32.

  data_len = xstrlen( data_x ).

  WHILE ( i1 < data_len ).

    i2 = nmin( val1 = i2

               val2 = data_len ).

    WRITE: / data_x+i1(i2).

    i1 = i1 + 32.

  ENDWHILE.

ENDFORM.

输出如下,

我们看到用公钥指数加密,几乎总是65537,需要约0.2秒,而用私钥指数签名需要30秒。

现在让我们用openssl检查一下结果。

解密,

/tmp/rsa >xxd encrypted_msg

00000000: dd64 ff4c f19e 6274 b3fd aa8b ecc2 9fe0  .d.L..bt........

00000010: 6d87 760f 1239 d01f 81ce e53b 3587 f601  m.v..9.....;5...

00000020: 8e03 4099 a582 bbdd e45b 7cf7 be79 76b9  ..@......[|..yv.

00000030: 7068 3cd5 2b72 a7d6 2c51 e805 36d3 3eb8  ph<.+r..,Q..6.>.

00000040: c11c 4584 01f3 3bfd d265 1bf7 aff1 d97a  ..E...;..e.....z

00000050: aded 0b4a b59d 3c3c 4675 e38d 8409 aedc  ...J..<<Fu......

00000060: 1242 b562 5ced 9662 c9f3 5974 4cc3 3227  .B.b\..b..YtL.2'

00000070: b750 6cea e244 892b 873f 32e7 c4fd 4f78  .Pl..D.+.?2...Ox

00000080: 6a5e 7063 d0fe c5ef 9219 8549 b025 47c9  j^pc.......I.%G.

00000090: 0b3a 5598 d780 aab4 ab5a 6bb0 8ba5 f822  .:U......Zk...."

000000a0: 735f 2b43 68e6 5630 9c90 1712 6196 6d06  s_+Ch.V0....a.m.

000000b0: e2fc 87c1 db42 554f 3688 929a 6550 5173  .....BUO6...ePQs

000000c0: b951 30f6 ca5b a60a 2cc7 5710 915a 2809  .Q0..[..,.W..Z(.

000000d0: c6d8 60ba 3eac bcc1 9814 cc6a e777 757f  ..`.>......j.wu.

000000e0: 44ae ce00 3869 a275 4c4b 3f8e e5e2 eb67  D...8i.uLK?....g

000000f0: 34ac 13cb f89e 5edc 9d67 d5e8 704e d9c6  4.....^..g..pN..

/tmp/rsa >

/tmp/rsa >openssl rsautl -decrypt -in encrypted_msg -inkey rsa.key | xxd

00000000: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

00000010: 2073 6563 7265 7420 6d65 7373 6167 6521   secret message!

Decrypt

添加raw参数,让openssl显示完整消息,

/tmp/rsa >openssl rsautl -decrypt -in encrypted_msg -inkey rsa.key -raw | xxd

00000000: 0002 4316 8cf2 e289 8dc4 67cf be1b f547  ..C.......g....G

00000010: ae0b b98b 8ef8 79ba 9b98 ac20 3660 d6ac  ......y.... 6`..

00000020: 3330 e613 752c a9ab 3f88 368b 223b 050b  30..u,..?.6.";..

00000030: b79d 40c2 2ef9 9de9 e363 10d1 199b 97f0  ..@......c......

00000040: 33da b96d e3fc 62d6 06c4 ebb5 3ee2 b823  3..m..b.....>..#

00000050: 4f22 d924 ac1d dd89 0215 889f 4c1f 9364  O".$........L..d

00000060: 1220 81bd 21d7 1dd2 280e d74a 4024 99ae  . ..!...(..J@$..

00000070: a8ed 3fad 30aa e281 db4c 5454 c237 9bc0  ..?.0....LTT.7..

00000080: 9338 2a39 197b 9972 4c11 b260 7f31 e407  .8*9.{.rL..`.1..

00000090: 81ea 2be7 a9da 336b 6b66 8bde 1774 3bd0  ..+...3kkf...t;.

000000a0: 0ccd 3b93 983c 1c51 b32d a31b 06f6 533e  ..;..<.Q.-....S>

000000b0: 144a 1c2a f32d 875f 4873 8b41 dcc7 8b18  .J.*.-._Hs.A....

000000c0: 40e4 4414 bd7e c49a 5282 b165 3698 fdf6  @.D..~..R..e6...

000000d0: 9e20 b83b 3185 c7ee 962a 9bb5 f173 8900  . .;1....*...s..

000000e0: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

000000f0: 2073 6563 7265 7420 6d65 7373 6167 6521   secret message!

验证,

/tmp/rsa >xxd signed_msg

00000000: d540 f2b5 1e7e bb83 aa6e d099 1ad6 ee1e  .@...~...n......

00000010: ccdb ffaf e579 0e98 323e b055 7164 4b71  .....y..2>.UqdKq

00000020: a71c 0e6e 5e74 3fdb c914 97ac e063 8ece  ...n^t?......c..

00000030: 086e d8ac fad9 14a7 7f47 bd34 22a9 d0ab  .n.......G.4"...

00000040: 73e7 80fc 65af fbd7 d3df 7672 1d31 88e7  s...e.....vr.1..

00000050: b489 311c eb36 25bf 3e8b 4efb b97c df96  ..1..6%.>.N..|..

00000060: 5440 165b a820 514d 9649 531f 402c 5767  T@.[. QM.IS.@,Wg

00000070: 508c adeb 1954 e14f e2ce d64e ba30 0c4a  P....T.O...N.0.J

00000080: aeca 0927 7823 9bc6 0083 99f7 e605 ae9d  ...'x#..........

00000090: 2cd9 205e 41f4 1587 5b3f 1574 047d 42b3  ,. ^A...[?.t.}B.

000000a0: 6e5a a74b cfaa fde5 4d09 26f9 82ca f1b5  nZ.K....M.&.....

000000b0: 9299 f2df 7444 472d 1554 3378 c544 7f20  ....tDG-.T3x.D.

000000c0: b6b0 80be a241 2d24 c561 da69 522d 86db  .....A-$.a.iR-..

000000d0: 2388 cbe5 15fe 9967 3bbd 36f5 5a70 8a05  #......g;.6.Zp..

000000e0: a30c 2c89 2f05 b470 15d3 482f e53b 947a  ..,./..p..H/.;.z

000000f0: c7f5 feba bd41 a877 750e c9f8 cb7a c7b1  .....A.wu....z..

/tmp/rsa >

/tmp/rsa >openssl rsautl -verify -in signed_msg -inkey rsa.key | xxd

00000000: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

00000010: 2073 6563 7265 7420 6d65 7373 6167 6521   secret message!

/tmp/rsa >

/tmp/rsa >openssl rsautl -verify -in signed_msg -inkey rsa.key -raw | xxd

00000000: 0001 ffff ffff ffff ffff ffff ffff ffff  ................

00000010: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000030: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000040: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000050: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000060: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000080: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000090: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000d0: ffff ffff ffff ffff ffff ffff ffff ff00  ................

000000e0: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

000000f0: 2073 6563 7265 7420 6d65 7373 6167 6521   secret message!

Verify

例子2 – 使用CommonCryptoLib

所有RSA的东西都可以用函数组SSFW - SSF Function for Web Services Security轻松完成。除了你可以用openssl中的(-raw)开关得到的东西外,其他的都可以。例如,如果你想使用非标准的padding,这应该是很少见的情况。

为了方便,我将从例1中使用的密钥创建一个PSE并使用该PSE。
在生产中,你可以考虑通过SSFA、STRUST和SSF_GET_PARAMETER来进行。

创建PSE,

/tmp/rsa > openssl req -x509 -sha256 -key rsa.key -out user1.cer -days 3650 -subj '/CN=user1'

/tmp/rsa > openssl pkcs12 -export -inkey rsa.key -in user1.cer -out user1.pfx -nodes

Enter Export Password:

Verifying - Enter Export Password:

/tmp/rsa > setenv SECUDIR $PWD

/tmp/rsa > sapgenpse import_p12 -x "" -p user1.pse user1.pfx

Found key 'INDEX=0,SIG=YES,ENC=YES,MD5-FINGERPRINT=3B9E 77DD E5E4 3371 19FA 2FCF D1CA 512F,KEYID=3D1E2BC7E33500A3D2A098B63FE9962A6B63318C'

!!! WARNING: For security reasons it is recommended to use a PIN/passphrase

!!! WARNING: which is at least 8 characters long and contains characters in

!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.

PSE "/tmp/rsa/user1.pse" was written

ABAP程序,

REPORT Z_RSA_CCL.

DATA: lf_output        TYPE xstring.

DATA: lf_plain_input_x TYPE xstring.

DATA: lf_plain_input   TYPE string.

DATA: msg_file_name    TYPE STRING.

DATA: T1 TYPE I, T2 TYPE I, T3 TYPE I.

lf_plain_input = 'Thirty-two bytes secret message.'.

CALL FUNCTION 'SCMS_STRING_TO_XSTRING'

  EXPORTING

      text = lf_plain_input

  IMPORTING

    buffer = lf_plain_input_x.

DATA: it_recipient_list   TYPE STANDARD TABLE OF ssfinfo,

      wa_recipient_list   LIKE LINE OF it_recipient_list.

wa_recipient_list-id = 'CN=user1'.

APPEND wa_recipient_list TO it_recipient_list.

GET RUN TIME FIELD T1.

CALL FUNCTION 'SSFW_KRN_ENVELOPE'

  EXPORTING

    STR_FORMAT       = 'PKCS1-V1.5'

    STR_PAB          = '/tmp/rsa/user1.pse'

    ostr_input_data  = lf_plain_input_x

  IMPORTING

     OSTR_ENVELOPED_DATA = lf_output

  TABLES

      RECIPIENT_LIST = it_recipient_list

  EXCEPTIONS

      OTHERS = 1.

GET RUN TIME FIELD T2.

T3 = T2 - T1.

write: / 'Encryption time:', T3.

msg_file_name = '/tmp/rsa/ccl_encrypted_msg'.

OPEN DATASET msg_file_name FOR OUTPUT IN BINARY MODE.

TRANSFER lf_output TO msg_file_name.

CLOSE DATASET msg_file_name.

write: / 'RSA CCL encrypted message:'.

PERFORM SHOW_DATA USING lf_output.

skip.

DATA: lf_signer          TYPE ssfinfo.

DATA: lt_signer TYPE STANDARD TABLE OF ssfinfo." WITH HEADER LINE.

lf_signer-id = 'CN=user1'.

lf_signer-profile = '/tmp/rsa/user1.pse'.

APPEND lf_signer TO lt_signer.

GET RUN TIME FIELD T1.

CALL FUNCTION 'SSFW_KRN_SIGN'

  EXPORTING

    str_format       = 'PKCS1-V1.5'

    str_chainfmt     = 'X509v3'

    STR_HASHALG      = 'SHA256'

    ostr_input_data  = lf_plain_input_x

  IMPORTING

    ostr_signed_data = lf_output

  TABLES

    signer           = lt_signer

  EXCEPTIONS

    OTHERS =              1.

GET RUN TIME FIELD T2.

T3 = T2 - T1.

write: / 'Signing time:', T3.

msg_file_name = '/tmp/rsa/ccl_signed_msg'.

OPEN DATASET msg_file_name FOR OUTPUT IN BINARY MODE.

TRANSFER lf_output TO msg_file_name.

CLOSE DATASET msg_file_name.

write: / 'RSA CCL signed message:'.

PERFORM SHOW_DATA USING lf_output.

FORM SHOW_DATA USING  data_x TYPE xstring.

  DATA: data_len TYPE I

      , i1       TYPE I value 0

      , i2       TYPE I value 32.

  data_len = xstrlen( data_x ).

  WHILE ( i1 < data_len ).

    i2 = nmin( val1 = i2

               val2 = data_len ).

    WRITE: / data_x+i1(i2).

    i1 = i1 + 32.

  ENDWHILE.

ENDFORM.

运行后,

解密,

/tmp/rsa > xxd ccl_encrypted_msg

00000000: 3c5b 4c97 0c5c 0e68 1f84 7ced 4f01 e11c  <[L..\.h..|.O...

00000010: 3bce b761 a03e ad15 2f9d 5836 f187 1e44  ;..a.>../.X6...D

00000020: ca71 7cfb 84ef 0b2d 2203 fe6a 502e f065  .q|....-"..jP..e

00000030: 9790 c4cd 8164 912b 8b13 926b 4537 b953  .....d.+...kE7.S

00000040: a3d1 1f15 0919 ccf4 d3af 9e2b 6bfb 7e61  ...........+k.~a

00000050: 1f25 6d70 c9d5 c48e b38b aa6c 5300 d22b  .%mp.......lS..+

00000060: aaac e4b5 6dc5 cb66 39a2 86e2 a41d 96ab  ....m..f9.......

00000070: 6901 ade9 8a17 74df 8237 a963 73a4 4da9  i.....t..7.cs.M.

00000080: bf13 7be2 704a fc8c 8889 1fad 279e 6397  ..{.pJ......'.c.

00000090: 2d13 d0d1 22a2 c0de 8c72 b12f bd90 31ec  -..."....r./..1.

000000a0: ef98 0a7f f971 5f71 4a9f 4060 0715 4c40  .....q_qJ.@`..L@

000000b0: 1397 09c8 333b df8a 3243 2db3 c276 d875  ....3;..2C-..v.u

000000c0: 6cad 5dcb af41 f00c 2cad 4053 da72 158c  l.]..A..,.@S.r..

000000d0: ac67 52ad 6940 8049 4c3c 727a a19e a513  .gR.i@.IL<rz....

000000e0: 716d a4eb 0826 07c4 1624 307f 68d6 3014  qm...&...$0.h.0.

000000f0: 43ec 2cb8 ea44 2868 1a24 e1aa 594b e646  C.,..D(h.$..YK.F

/tmp/rsa > openssl rsautl -decrypt -in ccl_encrypted_msg -inkey rsa.key | xxd

00000000: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

00000010: 2073 6563 7265 7420 6d65 7373 6167 652e   secret message.

/tmp/rsa > openssl rsautl -decrypt -in ccl_encrypted_msg -inkey rsa.key -raw | xxd

00000000: 0002 da46 9aee 3bb8 53e7 9ecf 99a0 0a60  ...F..;.S......`

00000010: e8cc 89e5 56ad 4c10 d2a5 6a62 6612 068e  ....V.L...jbf...

00000020: 9f7a e956 4325 0b32 7e75 457a ac75 639c  .z.VC%.2~uEz.uc.

00000030: 64a5 17b7 5c1c 721a d2d3 1a2b 1770 0a73  d...\.r....+.p.s

00000040: ccec 5802 66b7 d2e3 2f96 11bd 6708 2d3d  ..X.f.../...g.-=

00000050: 298c 76ce 02f9 7b84 4a36 911b 81ad d047  ).v...{.J6.....G

00000060: 5452 6e64 2d0d f55a c048 9f13 2aef ff70  TRnd-..Z.H..*..p

00000070: ff2d 7c5d 0162 a8d0 82d2 5c64 bf3c e380  .-|].b....\d.<..

00000080: b93d 4d98 a1b6 164c 8ded 016d ad94 9fd2  .=M....L...m....

00000090: 7632 e64c 080f 7728 5817 0f50 1d9c cfd3  v2.L..w(X..P....

000000a0: f67e 5ccb eafb 9cc9 9916 4bd4 c64e 1494  .~\.......K..N..

000000b0: f47f e38e 33f4 2121 91df d9f9 7233 f182  ....3.!!....r3..

000000c0: 2008 bb21 654d 0fd3 482d da42 8cfb b4c1   ..!eM..H-.B....

000000d0: a267 78ae e55e cde5 1f8d e3e6 d5df 1000  .gx..^..........

000000e0: 5468 6972 7479 2d74 776f 2062 7974 6573  Thirty-two bytes

000000f0: 2073 6563 7265 7420 6d65 7373 6167 652e   secret message.

Decrypt

验证,

/tmp/rsa > xxd ccl_signed_msg

00000000: 9e8f 2678 2ed6 3d6d ae74 16f6 4101 75ed  ..&x..=m.t..A.u.

00000010: 3fd0 d962 7f2b 7d46 f3b7 8097 7411 37f3  ?..b.+}F....t.7.

00000020: 89c6 e3fc 81b7 93a6 7814 020b 9b3a 8ebd  ........x....:..

00000030: 9e9f 3549 e521 a7ff 27ef aef5 10f5 dada  ..5I.!..'.......

00000040: e2cb f6b9 8cf4 c663 43f2 98d7 2127 040d  .......cC...!'..

00000050: 6b4e 7c23 bad7 db40 7442 9c4d d6b4 b0f9  kN|#...@tB.M....

00000060: 2e35 5500 1499 c938 536f 6763 99b5 895b  .5U....8Sogc...[

00000070: 2b57 5b81 f757 ffee f7fa dc8c b447 afd8  +W[..W.......G..

00000080: 1630 ac6f 5621 8fc1 c3ab ed7f 1893 3b91  .0.oV!........;.

00000090: 9575 055c 7a9e 6a76 b5ce 000e 5ab2 3eae  .u.\z.jv....Z.>.

000000a0: 5574 2a8e f0fa 3f2e 9897 2c95 4e64 16bc  Ut*...?...,.Nd..

000000b0: 0040 00fd 3202 d458 8c1f 45da 7f1c f238  .@..2..X..E....8

000000c0: 8e68 0dc1 b692 d1bb 48c2 2f0d a429 eaa8  .h......H./..)..

000000d0: b962 05ba 0a7b b246 7719 1406 5649 0681  .b...{.Fw...VI..

000000e0: fae5 dadd 7946 1775 5e2d eff7 2d95 993a  ....yF.u^-..-..:

000000f0: 9a6f 4e7b 0770 b887 b34f 271a 43af 8e68  .oN{.p...O'.C..h

/tmp/rsa > openssl rsautl -verify -in ccl_signed_msg -inkey rsa.key | xxd

00000000: 3031 300d 0609 6086 4801 6503 0402 0105  010...`.H.e.....

00000010: 0004 20c0 4726 d78a 7628 27e3 dffe 9f42  .. .G&..v('....B

00000020: c2fe e624 7a2e 59f7 a0c9 85ef 7728 a5d4  ...$z.Y.....w(..

00000030: a106 8f                                  ...

/tmp/rsa > openssl rsautl -verify -in ccl_signed_msg -inkey rsa.key -raw | xxd

00000000: 0001 ffff ffff ffff ffff ffff ffff ffff  ................

00000010: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000030: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000040: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000050: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000060: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000080: ffff ffff ffff ffff ffff ffff ffff ffff  ................

00000090: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

000000c0: ffff ffff ffff ffff ffff ffff 0030 3130  .............010

000000d0: 0d06 0960 8648 0165 0304 0201 0500 0420  ...`.H.e.......

000000e0: c047 26d7 8a76 2827 e3df fe9f 42c2 fee6  .G&..v('....B...

000000f0: 247a 2e59 f7a0 c985 ef77 28a5 d4a1 068f  $z.Y.....w(.....

/tmp/rsa > echo -n 'Thirty-two bytes secret message.' | sha256sum

c04726d78a762827e3dffe9f42c2fee6247a2e59f7a0c985ef7728a5d4a1068f  -

Verify

这里我们看到消息的SHA散列值被签名了。

总结

在这里我们学习了如何在ABAP中使用2种不同的方法对短信息进行RSA加密/签名。

    1,纯粹的ABAP实现。它在性能(和安全性)上远远比不上CommonCryptoLib。它的意义在于,让我们更好地了解什么是RSA加密。
    2,CommonCryptoLib。这里的例子是一个基本的例子。还有很多东西可以做。可能会在下一篇博客中介绍。

ABAP RSA 加密的更多相关文章

  1. “不给力啊,老湿!”:RSA加密与破解

    作者:Vamei 出处:http://www.cnblogs.com/vamei 欢迎转载,也请保留这段声明.谢谢! 加密和解密是自古就有技术了.经常看到侦探电影的桥段,勇敢又机智的主角,拿着一长串毫 ...

  2. .NET 对接JAVA 使用Modulus,Exponent RSA 加密

    最近有一个工作是需要把数据用RSA发送给Java 虽然一开始标准公钥 net和Java  RSA填充的一些算法不一样 但是后来这个坑也补的差不多了 具体可以参考 http://www.cnblogs. ...

  3. Android数据加密之Rsa加密

    前言: 最近无意中和同事交流数据安全传输的问题,想起自己曾经使用过的Rsa非对称加密算法,闲下来总结一下. 其他几种加密方式: Android数据加密之Rsa加密 Android数据加密之Aes加密 ...

  4. 兼容javascript和C#的RSA加密解密算法,对web提交的数据进行加密传输

    Web应用中往往涉及到敏感的数据,由于HTTP协议以明文的形式与服务器进行交互,因此可以通过截获请求的数据包进行分析来盗取有用的信息.虽然https可以对传输的数据进行加密,但是必须要申请证书(一般都 ...

  5. RSA加密例子和中途遇到的问题

    在进行RSA加密例子 package test; import java.io.IOException; import java.security.Key; import java.security. ...

  6. iOS中RSA加密详解

    先贴出代码的地址,做个说明,因为RSA加密在iOS的代码比较少,网上开源的也很少,最多的才8个星星.使用过程中发现有错误.然后我做了修正,和另一个库进行了整合,然后将其支持CocoaPod. http ...

  7. iOS动态部署之RSA加密传输Patch补丁

    概要:这一篇博客主要说明下iOS客户端动态部署方案中,patch(补丁)是如何比较安全的加载到客户端中. 在整个过程中,需要使用RSA来加密(你可以选择其它的非对称加密算法),MD5来做校验(同样,你 ...

  8. Java使用RSA加密解密及签名校验

    该工具类中用到了BASE64,需要借助第三方类库:javabase64-1.3.1.jar注意:RSA加密明文最大长度117字节,解密要求密文最大长度为128字节,所以在加密和解密的过程中需要分块进行 ...

  9. 基于OpenSLL的RSA加密应用(非算法)

    基于OpenSLL的RSA加密应用(非算法) iOS开发中的小伙伴应该是经常用der和p12进行加密解密,而且在通常加密不止一种加密算法,还可以加点儿盐吧~本文章主要阐述的是在iOS中基于openSL ...

  10. 通过ios实现RSA加密和解密

    在加密和解密中,我们需要了解的知识有什么事openssl:RSA加密算法的基本原理:如何通过openssl生成最后我们需要的der和p12文件. 废话不多说,直接写步骤: 第一步:openssl来生成 ...

随机推荐

  1. Scala 复杂分词求和(二元组)

    1 package chapter07 2 3 object Test18_ComplexWordCount { 4 def main(args: Array[String]): Unit = { 5 ...

  2. 详解SSL证书系列(9)SSL客户端认证

    上一篇介绍了HTTPS和HTTP协议的区别,理解了HTTP加上加密处理和认证以及完整性保护后即是HTTPS,同时HTTPS也是身披SSL外壳的HTTP,那么SSL客户端认证是怎么回事呢?这篇文章我将带 ...

  3. 4 HTML表格标签

    4 表格标签 表格标签也是一种复合标签.由:table,tr,td,th,thead,tbody组合,由行和列组合成,行和列交叉的地方就是单元格.在HTML中使用table来定义表格.网页的表格和办公 ...

  4. Python企业面试题2 —— 基础篇

    1. re 的match和search区别? re.match 尝试从字符串的起始位置匹配一个模式,如果不是起始位置匹配成功的话,match()就返回none. re.search 扫描整个字符串并返 ...

  5. #KMP,矩阵乘法#洛谷 3193 [HNOI2008]GT考试

    题目 给定\(n,m,K\)和一个长度为\(m\)的数\(x\), 问有多少个\(n\)位数满足任意一段不与\(x\)完全相同,可含前导0 \(n\leq 10^9,m\leq 20\) 分析 设\( ...

  6. Android NDK之使用 arm-v7a 汇编实现两数之和

    Android NDK之使用 arm-v7a 汇编实现两数之和 关键词: NDK armv7a WebRTC arm汇编 CMake 最近适配对讲程序,在webrtc的库编译的过程中,发现其为arm的 ...

  7. OpenHarmony社区运营报告(2023年9月)

      ●9月12日,由宁夏回族自治区教育厅.OpenAtom OpenHarmony(以下简称"OpenHarmony")项目群工作委员会指导,北京新大陆时代科技有限公司主办,宁夏职 ...

  8. 并发编程面试必备之ConcurrentHashMap源码解析

    ConcurrentHashMap在我的面试生涯中,10次有8次是会被问到的,记得刚毕业那会,被问到ConcurrentHashMap源码的无助与苦涩,无奈只能网上找了一些教程,背一背,才算是蒙混过关 ...

  9. DEB打包教程

    一.deb简介 deb是一种安装包的格式,linux上常见的安装包主要是deb.rpm 二.deb简单使用 # deb安装 sudo dpkg -i webcamera_1.0_amd64.deb # ...

  10. Qt多语言动态切换

    有个软件,里面做了13种语言,销售要求实现重新设置软件语言后,不需要重启软件,就可以看到软件显示出对应的语言.   软件中所有需要翻译的地方都是用的 tr(QString) 来做的,并且软件是多个窗口 ...