RE: Private Key Type and PEM Length

Mon, 03 Jul 2006 12:13:38 -0700 

Hello,
> This is what I up to,
> 
> $ openssl genrsa -out private.pem 2048
> $ openssl rsa -in private.pem -out public.pem -pubout
> 
> to gen the private & public keys 
> 
> pvk_fd = fopen("private.pem","r");
> rsa_pv = PEM_read_RSAPrivateKey(pvk_fd,&rsa_pv,NULL,NULL);
> ret = RSA_sign(NID_md5,testString,15,authMsg,siglen,rsa_pv);
> 
> .........
> 
> pbk_fd = fopen("public.pem","r");
> rsa_pb = PEM_read_RSA_PUBKEY(pbk_fd,&rsa_pb,NULL,NULL);
> ret = RSA_verify(NID_md5,testString,15,authMsg,*siglen,rsa_pb);
> 
> By dummping public modulus & exponent from both private and public keys, 
> they are the same. RSA_sign/verify does not work. What did I miss?
This looks good, maybe there are some other problems.
I've attached quick test based on this code - maybe this will help.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

#include <stdio.h>
#include <string.h>
#include <errno.h>

#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/rand.h>

int log_ssl(void)
{
	char buf[256];
	u_long err;

	while ((err = ERR_get_error()) != 0) {
		ERR_error_string_n(err, buf, sizeof(buf));
		printf("*** %s\n", buf);
	}

	return (0);
}

int main()
{
	FILE *pvk_fd;
	FILE *pbk_fd;

	RSA *rsa_pv = NULL;
	RSA *rsa_pb = NULL;

	char *bn_hex = NULL;

	char m[] = "test test test";

	unsigned char sig[1024];
	unsigned int siglen;

	SSL_load_error_strings();
	SSLeay_add_ssl_algorithms();

	RAND_load_file("/dev/urandom", 1024);

	if ((pvk_fd = fopen("rsa.pem", "r")) == NULL) {
		printf("fopen: %s\n", strerror(errno));
		goto err;
	}

	if ((rsa_pv = PEM_read_RSAPrivateKey(pvk_fd, &rsa_pv, NULL, NULL)) == NULL) {
		log_ssl();
		goto err;
	}

	if ((pbk_fd = fopen("rsapub.pem", "r")) == NULL) {
		printf("fopen: %s\n", strerror(errno));
		goto err;
	}

	if ((rsa_pb = PEM_read_RSA_PUBKEY(pbk_fd, &rsa_pb, NULL, NULL)) == NULL) {
		log_ssl();
		goto err;
	}

	if ((bn_hex = BN_bn2hex(rsa_pv->n)) == NULL) {
		log_ssl();
		goto err;
	}
	printf("pv n: %s\n", bn_hex);
	free(bn_hex);

	if ((bn_hex = BN_bn2hex(rsa_pv->e)) == NULL) {
		log_ssl();
		goto err;
	}
	printf("pv e: %s\n", bn_hex);
	free(bn_hex);

	if ((bn_hex = BN_bn2hex(rsa_pb->n)) == NULL) {
		log_ssl();
		goto err;
	}
	printf("pb n: %s\n", bn_hex);
	free(bn_hex);

	if ((bn_hex = BN_bn2hex(rsa_pb->e)) == NULL) {
		log_ssl();
		goto err;
	}
	printf("pb e: %s\n", bn_hex);
	free(bn_hex);

	if (RSA_sign(NID_md5, (unsigned char *) m, strlen(m), sig, &siglen, rsa_pv) != 1) {
		log_ssl();
		goto err;
	}
	printf("siglen=%d\n", siglen);

	if (RSA_verify(NID_md5, (unsigned char *) m, strlen(m), sig, siglen, rsa_pb) != 1) {
		log_ssl();
		goto err;
	}

	printf("OK\n");

	return (0);

  err:
	return (1);
}

Reply via email to