使用Ruby的OpenSSL库时,当我try 将消息作为PKCS7加密和签名时,我发现插入了一些额外的\r
个字符,并且我无法解密消息.
下面我有一个玩具的例子.我在this paste上提供了更全面的例子.
# The sender encrypts the message
crypted = OpenSSL::PKCS7.encrypt([recipient_cert], "message").to_der
# The sender signs the message
signed = OpenSSL::PKCS7.sign(sender_cert, sender_key, crypted).to_der
# The recipient extracts data from the signed PKCS7
p7_signed = OpenSSL::PKCS7.new(signed)
store = OpenSSL::X509::Store.new
p7_signed.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
unsigned = p7_signed.data
# The tries to decrypt the data
OpenSSL::PKCS7.new(unsigned).decrypt(recipient_key, recipient_cert)
# => ArgumentError: Could not parse the PKCS7: nested asn1 error
为什么从p7_signed
提取的数据与crypted
中的数据不匹配?当我判断这两个字符时,我发现unsigned
包含一些crypted
没有的\r
个字符.我能为此做些什么呢?
(我是在Linux上这样做的,以防出现CRLF和LF的问题.)