I'm experiencing some strange problems. I've generated a RSA 'secret' key with Crypto++ and encoded it to a file with DEREncode(). I generate then a 'public' key from it (with Crypto++) and DEREncode it too.
>From these elements DEREncoded, I can generate a self
signed X509 certificate using OpenSSL and feeding it
with my crypto++-der-encoded keys.
Now later, through a SSL connectionn I retrieve the
x509 client certificate (the one previously
generated), and can extract from it through OpenSSL
funcs a DER-Crypto++ compatible public key which is
the same than the one crypto++ originally encoded.
So what is the problem ?
The problem is at some point I need to read a pubkey
from a cert that has been generated by openssl (both
keys and the cert), reading the openssl-der-encoded
secret key and feeding crypto++ with it works well,
but once extracted the openssl-der-encoded public key
I got an exception when I try to use it, as a source
for a signature check, in CryptoPP::BERDecodeNull()
(precisley it calls BERLengthDecode() this is where
the exception is thrown).
The offending call is:
StringSource pubFile((const char*)pubKey,pubKeySize);
RSASSA_PKCS1v15_SHA_Verifier pub(pubFile);
where pubFile is a buffer source holding the data
explained juste below (keep reading :))
After many tracing, I can't understand what's wrong
the public key seems correctly asn1 encoded but
crypto++ seems to use a slightly different format and
do not recognize this key.
Am I missing an obvious thing ?
FYI here is the code I use to extract a DER encoded
public key from an OpenSSL X509 cert:
int z=i2d_X509((X509*)x509,NULL);
void *m=OPENSSL_malloc(z);
unsigned char *d=(unsigned char*)m;
z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY((X509*)x509),&d);
pk.setPubKey((uint8*)m,z);
Where m holds the DER encoded key, and z is the size
of the key.
I attached the cert and secret key associated with it
to this message (no password on secret key). The
result of the code before is the OpenSSL DER encoded
pkey (294 bytes):
001299CC 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01
01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01
0�."0.. *�H��.......�...0�...�.
001299EB 01 00 EA 4C 87 E7 59 56 F4 8C C7 18 C3 BE F3
72 80 72 1E 9C AA E0 45 36 FA 14 C5 4C 22 9A F8
..�L��YV��.þ�r.r.���E6�.�L"��
00129A0A 38 42 DC BD A2 77 48 9E C2 89 5F 7E 6B 95 C3
4A C4 DF 73 7B 07 03 56 C0 50 F0 B9 AE 31 DF 9A
8Bܽ�wH�_~k��J��s{..V�P�1ߚ
00129A29 90 D9 F8 78 E2 B8 02 F8 9C 92 C6 7F 0C 59 70
BA 79 08 D2 9E 54 80 5C 97 F6 A1 3A 5C 6D DE 2D
.��x�.����..Yp�y.ҞT.\���:\m�-
00129A48 F4 53 F7 99 9F 9F 1A 91 E0 A1 02 4B CE 28 24
75 1A 13 5B FB 7E C8 37 1F 06 59 9F 20 7B 25 BB
�S�.��.��.K�($u..[�~�7..Y� {%�
00129A67 86 C5 79 78 7D A2 32 CD 93 61 CA 96 D2 D5 C4
16 A1 B8 E8 66 C0 AD 5D EB AF 00 DA 6D 52 2F 9C
��yx}�2͓aʖ���.���f��]�.�mR/�
00129A86 E0 13 1F C7 D8 1E 0B 19 1A 62 F3 65 27 34 BD
0F D8 3D 8C B6 D3 8D E7 EE 03 95 7C 89 69 9F D0
�..��....b�e'4�.�=���.��.�|�i��
00129AA5 A8 3A F7 9A 7A 98 2C 1C CE 8D DA D1 DD 06 AC
12 8A 32 1D DE 6C 98 5D 3B 94 22 73 A4 FB 39 21
�:��z.,.�.���.�.�2.�l.];�"s��9!
00129AC4 F2 7B 38 45 F4 B7 84 84 CC 5E 2C D4 09 6D D7
0A 11 5D 75 0D B3 E1 DB E3 14 47 D8 24 8B AD 57
�{8E�����^,� m�..]u.����.G�$��W
00129AE3 6E AD 2A 37 A0 48 C5 45 20 7F 02 03 01 00 01
I would greatly appreciate any help as it is a very
annoying blocker for me ...
Thanks in advance,
cafree.cer
Description: application/x509-ca-cert
secretfree.key
Description: Binary data
