Статус: Участник
Группы: Участники
Зарегистрирован: 24.10.2020(UTC) Сообщений: 17
|
вот так открываю стор Код:- (void)initCryptoStore{
_hMemStore = CertOpenSystemStore(self.hCryptProv,
[@"MY" cStringUsingEncoding:NSASCIIStringEncoding]);
NSLog(@"%@", self.hCryptProv);
}
Создание серта из имени контейнера Код:- (instancetype) initWithContainer:(NSString*)containerName {
HCRYPTPROV hContainer = 0;
if (CryptAcquireContext(&hContainer, (LPCSTR)containerName.UTF8String, NULL, PROV_GOST_2012_256, 0)){
HCRYPTKEY key = 0;
DWORD pdwCertLen = 0;
CSP_BOOL bResult = 0;
DWORD keyType = AT_KEYEXCHANGE;
CryptGetUserKey(hContainer, keyType, &key);
CryptGetKeyParam(key, KP_CERTIFICATE, 0, &pdwCertLen, 0);
BYTE *pbDecoded = (BYTE *) malloc(pdwCertLen);
bResult = CryptGetKeyParam(key,
KP_CERTIFICATE,
pbDecoded,
&pdwCertLen,
0);
NSData *datacert = [NSData dataWithBytes:pbDecoded length:pdwCertLen];
BYTE *pbCertEncoded = (BYTE*) [datacert bytes];
DWORD cbCertEncoded = (DWORD) [datacert length];
DWORD dwCertEncodingType = X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING;
PCCERT_CONTEXT cert = CertCreateCertificateContext(/*IN DWORD*/ dwCertEncodingType,
/*IN const BYTE * */ pbCertEncoded,
/*IN DWORD*/ cbCertEncoded);
BYTE pbData[1000];
DWORD cbData = 1000;
HCRYPTPROV hCryptProv;
CryptAcquireContext(&hCryptProv, NULL, NULL, 75, CRYPT_VERIFYCONTEXT);
if(CryptGetProvParam(
hContainer,
PP_USER_CERTSTORE,
pbData,
&cbData,
0)){
printf("CryptGetProvParam succeeded.\n");
printf("Provider name: %s\n", pbData);
}
else {
printf("Error reading CSP name. \n");
}
DWORD cbProvName;
LPWSTR pbProvName = NULL;
DWORD rv = ERROR_SUCCESS;
if(!CryptGetDefaultProviderW(
kGostProvType,
NULL,
CRYPT_MACHINE_DEFAULT,
NULL,
&cbProvName))
{
printf("Error getting the length of the default provider name.");
rv = CSP_GetLastError();
//goto free_cert_context;
}
pbProvName = new wchar_t[cbProvName];
if(!CryptGetDefaultProviderW(
kGostProvType,
NULL,
CRYPT_MACHINE_DEFAULT,
pbProvName,
&cbProvName))
{
printf("Error getting the length of the default provider name.");
rv = CSP_GetLastError();
// goto free_prov_name;
}
LPWSTR wContName = NULL;
LPCSTR cName = (LPCSTR)containerName.UTF8String;
wContName = new wchar_t[strlen(cName)+1];
mbstowcs (wContName, cName, strlen(cName)+1);
CRYPT_KEY_PROV_INFO KeyProvInfo;
KeyProvInfo.pwszContainerName = wContName;
KeyProvInfo.pwszProvName = pbProvName;
KeyProvInfo.dwProvType = kGostProvType;
KeyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
KeyProvInfo.dwFlags = 0;
KeyProvInfo.cProvParam = 0;
KeyProvInfo.rgProvParam = NULL;
if (!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, (void *) &KeyProvInfo)) {
printf("CertSetCertificateContextProperty error");
rv = CSP_GetLastError();
// goto free_wcont_name;
}
// PCCERT_CONTEXT certDup = 0;
// certDup = CertDuplicateCertificateContext(cert);
self = [super init];
if (self) {
self.cryptoProCert = [[CryptoProCertInfo alloc] initWithCert:cert
prov:hContainer
type:keyType];
// self.cryptoProCert.store = hMemStore;
self.containerName = containerName;
}
return self;
}
return nil;
}
Импорт серта в стор Код:- (BOOL)importCertCtx:(CryptoCertWrappper*)cert{
HCERTSTORE hCertStore = _hMemStore;
DWORD dwAddDisposition = CERT_STORE_ADD_ALWAYS;
BOOL result = CertAddCertificateContextToStore(/*HCERTSTORE*/ hCertStore,
/*PCCERT_CONTEXT*/ cert.cryptoProCert.cert,
/*DWORD*/ dwAddDisposition,
/*OUT OPTIONAL PCCERT_CONTEXT*/ NULL);
DWORD error = ERROR_SUCCESS;
if (!result) {
error = CSP_GetLastError();
} else {
cert.cryptoProCert.store = self.hMemStore;
}
return result;
}
Расшифровка Код:+ (NSData *)decryptData:(NSData *)data rghCertStore:(HCERTSTORE *)hMemStore error:(NSError**) error {
CRYPT_DECRYPT_MESSAGE_PARA decryptPara;
decryptPara.cbSize = sizeof(PCRYPT_DECRYPT_MESSAGE_PARA);
decryptPara.dwMsgAndCertEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
decryptPara.cCertStore = 1;
decryptPara.rghCertStore = &hMemStore;
BYTE *pbDecrypted;
DWORD cbDecrypted = 0;
BOOL res = CryptDecryptMessage(&decryptPara,
[data bytes],
(DWORD) [data length],
NULL,
&cbDecrypted,
NULL);
if (!res) {
DWORD err = CSP_GetLastError();
NSString *errorStr = [NSString stringWithFormat: @"Cannot decrypt message: %d", err];
*error = [NSError errorWithDomain:@""
code:err
userInfo:@{NSLocalizedDescriptionKey:errorStr}];
return nil;
}
pbDecrypted = calloc(1, cbDecrypted);
res = CryptDecryptMessage(&decryptPara,
[data bytes],
(DWORD) [data length],
pbDecrypted,
&cbDecrypted,
NULL);
if (!res) {
DWORD err = CSP_GetLastError();
NSString *errorStr = [NSString stringWithFormat: @"Cannot decrypt message: %d", err];
*error = [NSError errorWithDomain:@""
code:err
userInfo:@{NSLocalizedDescriptionKey:errorStr}];
return nil;
}
NSData *decryptedData = [NSData dataWithBytes:pbDecrypted length:cbDecrypted];
free(pbDecrypted);
return decryptedData;
}
...получаю code: 2148081676 Не удается найти сертификат и закрытый ключ для расшифровки. Отредактировано пользователем 30 марта 2021 г. 7:35:38(UTC)
| Причина: Не указана
|