Hi,
I hope somebody can help me with the following
problems.
I am working to replace legacy BSAFE application with
the OpenSSL and I have to work with the legacy BSAFE
generated RSA keys.
I am unable to read BSAFE private key that has BSAFE
type:
KI_PKCS_RSAPrivateBER - This is ASN.1 key that is
encoded with the PKCS #8 standard
I was looking at openssl/apps/apps.c load_keys
for examples and I was trying with
pkey = d2i_PrivateKey_bio(key, NULL); //to read ASN.1
format
{
ERR_load_ERR_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors_fp(stderr);
}
if (BIO_read_filename(key,"ctPrivate") <= 0)
{
printf("Error opening \n");
ERR_print_errors_fp(stderr);
}
pkey=d2i_PrivateKey_bio(key, NULL);
if (pkey == NULL)
{
printf("Error: d2i_PrivateKey_bio \n");
ERR_print_errors_fp(stderr);
}
}
or
privP = d2i_PKCS8PrivateKey_bio(mem, NULL, NULL,
NULL); //to read PKCS #8 format
{
ERR_load_ERR_strings();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
FILE *fp = fopen("ctPrivate", "rb");
unsigned char buff[325];
int ret = fread(buff, 1, sizeof(buff), fp);
printf("fread:%d:\n", ret);
BIO *mem = BIO_new(BIO_s_mem());
BIO_write(mem, buff, 325);
EVP_PKEY *evpKey = EVP_PKEY_new();
EVP_PKEY *p;
p=evpKey;
EVP_PKEY *privP;
privP = d2i_PKCS8PrivateKey_bio(mem, NULL, NULL,
NULL);
if (privP == NULL)
{
printf("Error: d2i_PKCS8PrivateKey_fp \n");
ERR_print_errors_fp(stderr);
}
}
function calls and I am getting following error:
fread:325:
Error: d2i_PrivateKey_bio
5840:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946:
5840:error:0D06C03A:asn1 encoding
routines:ASN1_D2I_EX_PRIMITIVE:nested asn1
error:tasn_dec.c:628:
5840:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=n, Type=RSA
5840:error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:
Looks like the header is wrong.
I am confused to the key format ASN.1 is a standard
that can be encoded using BER or DER. BSAFE types
reference BER not DER OpenSSL is using DER not BER.
DER encoding provides only one strict form of encoding
for ASN.1 standard where BER can have more than one.
My question is how do I read the private key that is
in the format:
ASN.1 key that is encoded with the PKCS #8
---------------------------------------------------------------
The second problem is the public key format. The
public key are generated by BSAFE as type KI_RSAPublic
- an RSA public key with the modulus and public key
exponent. The keys are written to a file in the form:
exponentLen
exponent
modulduLen
modulus
And send to a remote system.
I have to generate RSA *rsa structure and populate
rsa->n //modulus
rsa->e //exponent
There are conversion routines like
BN_bin2bn //binary to BIGNUM type for rsa->e
There are d2i Public key routines to read DER or PEM
format but my file is not in DER or PEM format.
My second question is what format my public key file
is and how to I convert it to RSA structure.
Thank you
Chris
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
