在使用 M2Crypto 和 USB 令牌时需要帮助

Question

我正在使用 M2Crypto (0.22.6rc4)。我想使用来自 OpenSC 项目和 Aladdin PKI 客户端的engine_pkcs11 进行基于令牌的身份验证来加密和解密数据。

from M2Crypto import Engine, m2, RSA, BIO

slot_id = "slot_01"
pin = "password"
dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/lib/ssl/engines/libpkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so")
pkcs11.init()
r = pkcs11.ctrl_cmd_string("PIN", pin)

pubkey = pkcs11.load_public_key(slot_id, pin)
priv = pkcs11.load_private_key(slot_id, pin)
enc = pubkey.get_rsa().public_encrypt("teste", RSA.pkcs1_oaep_padding)
dec = priv.get_rsa().private_decrypt(enc, RSA.pkcs1_oaep_padding)
print dec

出于某种原因，我可以加密数据，但是当尝试解密时，我得到了一个 RSA_pub 的实例，并且出现了这个错误：

    File "pkcs11.py", line 14, in <module>
    dec = priv.get_rsa().private_decrypt(enc, RSA.pkcs1_oaep_padding)
  File "/usr/lib/python2.7/dist-packages/M2Crypto/RSA.py", line 279, in private_decrypt
    raise RSAError, 'RSA_pub object has no private key'
M2Crypto.RSA.RSAError: RSA_pub object has no private key

任何帮助将不胜感激！

Answer 1

RSA 私钥的 M2Crypto 封装存在错误。一种解决方法是使用低级 M2Crypto API 直接访问私钥对象。

def decrypt(cipher_text):
    # Load the key using high level API
    engine = Engine.Engine('pkcs11')
    engine.init()
    key_slot = 'slot_1-id_01'
    privKey = engine.load_private_key(key_slot)

    # Get a pointer to the low level API object
    rsa_ptr = m2.pkey_get1_rsa(privKey.pkey)
    rsaWrapper = RSA.RSA(rsa_ptr, 1)

    # Decrypt with low level API
    results = m2.rsa_private_decrypt(rsaWrapper.rsa, ciphertext, 1)