Bare with me on this .
Self-signed public Key Certificate (give out your public key)
======================
To give out my public key, I need to be put it into a certificate with
my name, and signed by my own private key etc.. This process is call
generating a self-signed public key certificate. OpenSSL can do this
in a single command
"openssl req -new -x509"
as shown in the following command window session:
test.pem contains both public and private RSA keys, so here is the process
So create an RSA key pair called test.pem
openssl genrsa -out test.pem 2048
Extract the public key only
openssl rsa -in test.pem -pubout -out testpublic.pem
Then create a certificate
openssl req -new -key testpublic.pem -inform pem -x509 -days 3650 -out
testpublic.cert
openssl x509 -in testpublic.cert -noout -text
I can then use the function to open this X509 Certficate.
fp = fopen("testpublic.cert","rb");
X509 *cert=PEM_read_X509(fp,NULL,NULL,NULL);
So now I have test.pem (RSA keys) testpublic.pem (public key) and
testpublic.cert (x509 cert with piublic key).
Below is code that uses the PEMs directly.
FILE *fp = fopen("test.pem","rb");
RSA *rsapriv=NULL;
rsapriv= PEM_read_RSAPrivateKey(fp,&rsapriv,NULL,NULL);
fclose(fp);
fp = fopen("testpublic.pem","rb");
RSA *rsapub=NULL;
rsapub= PEM_read_RSA_PUBKEY(fp,&rsapub,NULL,NULL);
fclose(fp);
unsigned char *name= (unsigned char *)"richard redpath";
unsigned char to[1024];
int blocksize= RSA_size(rsapub)-41;
printf("curious Blocksize is %d\n",blocksize);
int rc= RSA_public_encrypt(strlen((char
*)name)+1,name,to,rsapub,RSA_PKCS1_OAEP_PADDING);
if (rc!=(-1))
printf("Encrypt %d bytes returned\n",rc);
unsigned char result[1024];
rc= RSA_private_decrypt(128,to,result,rsapriv,RSA_PKCS1_OAEP_PADDING);
printf("Decrypt rc=%d \n",rc);
printf("result is [%s]\n",result);
The question I have is that I want to hand out my X509 Public key and have
code that can use it to decpher. I can use this function to open the
certificate
fp = fopen("testpublic.cert","rb");
X509 *cert=PEM_read_X509(fp,NULL,NULL,NULL);
if (cert!=NULL)
printf("CERT is good***\n");
But how can I get the Public key from this x509? So I can use
decryption of data? In this example I use the public key PEM directly
and thats what I should not hand out.
I am not that familiar with all API functions in openssl and how to get
artifacts
to use them. This below is simply open the pubic key file and use it.
fp = fopen("testpublic.pem","rb");
RSA *rsapub=NULL;
rsapub= PEM_read_RSA_PUBKEY(fp,&rsapub,NULL,NULL);
fclose(fp);
unsigned char result[1024];
rc= RSA_private_decrypt(128,to,result,rsapriv,RSA_PKCS1_OAEP_PADDING);
printf("Decrypt rc=%d \n",rc);
printf("result is [%s]\n",result);
The reason I need the public key is that I don't encrypt a chunk of
data as would be in a PKCS7 but I have some data encrypted and other data
not
encrypted sort of interlaced lets say.
--
View this message in context:
http://old.nabble.com/How-to-use-X509-public-key-tp34415232p34415232.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
