Error reading DER PKCS #8 RSA private key.

Tue, 02 Nov 2004 09:13:09 -0800 

Hello,

I'm attempting to write an RSA private key in DER
format and then read it back.  A sample program is
below. 

An error occurs reading the DER file back in when no
password is used.  If I use a password in the
read/write functions, the operations are successful.

I've tested this using 0.9.7b and 0.9.7e on Linux
kernel 2.4 and gcc 3.3.1.

The error stack after the failed
d2i_PKCS8PrivateKey_fp() call:

===BEGIN===
13362:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946:
13362:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=X509_ALGOR
13362:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=algor, Type=X509_SIG
===END===

Have I misunderstood something?

TIA

Duke

===SAMPLE BEGIN===
#include <stdio.h>

#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>

#define PKEY_FN     "pkey.der"


int main(void)
{
    int         rc = 0;
    FILE        *fp = NULL;
    RSA         *rsaKey = NULL;
    EVP_PKEY    *pkey = NULL;
    char        *pwd = NULL;

    SSL_load_error_strings();
    OpenSSL_add_all_algorithms();

    rsaKey = RSA_generate_key(1024, RSA_3, NULL,
NULL);
    if (rsaKey == NULL) {
        fprintf(stderr, "RSA_generate_key failed\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    pkey = EVP_PKEY_new();
    if (pkey == NULL) {
        fprintf(stderr, "EVP_PKEY_new failed\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    if (!EVP_PKEY_assign_RSA(pkey, rsaKey)) {
        fprintf(stderr, "EVP_PKEY_assign_RSA
failed\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }
    rsaKey = NULL;

    if ((fp = fopen(PKEY_FN, "wb")) == NULL) {
        perror("fopen");
        exit(1);
    }

    if (!i2d_PKCS8PrivateKey_fp(fp, pkey, pwd ?
EVP_des_ede3_cbc() : NULL, 
            NULL, 0, NULL, pwd)) {
        fprintf(stderr, "i2d_PKCS8PrivateKey_fp
failed\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    if (fclose(fp) != 0) {
        perror("fclose");
        exit(1);
    }
    fp = NULL;

    EVP_PKEY_free(pkey);
    pkey = NULL;

    if ((fp = fopen(PKEY_FN, "rb")) == NULL) {
        perror("fopen");
        exit(1);
    }

    pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, NULL,
pwd);
    if (pkey == NULL) {
        fprintf(stderr, "d2i_PKCS8PrivateKey_fp
failed\n");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    if (fclose(fp) != 0) {
        perror("fclose");
        exit(1);
    }
    fp = NULL;

    printf("successful\n");

    return 0;
}
===SAMPLE END===


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to