Hello,
> I need to re-invent the Sipura's|Linksys's "gen_mc" utility which
> creates what they call a "Mini Certificate".
>
> I've stuck at an attempt to use "RSA_sign()" properly.
> Is it at all possible to have an RSA object not generated with
> "RSA_generate_key()" but manually filled with the private key as the
> HEX buffer? I.e. without all accompanying "*p", "*q", "*n" and "*e"
> parameters and "*d" read from an external file?
Of course, but you should be aware that RSA private key is a pair
or (d,n) - private exponent and modulus.
So you can not load only number d because private key operation
is:
w = x^d mod n (x - data to encrypt/decrypt, w - result)
I think that doing RSA_new() and placing d and n as BIGNUM to
this structure should be enough.
Of course this private key operation without p,q and others will
be ~4 times slower because Chinese Remainder Theorem (CRT)
will not be used.
> The problem is: no matter that I replace the "RSA rsa->d" (the
> private key) part of RSA object with an example CA's private key -
> the RSA_sign() seems to re-create it's own one from p,q,n,e.
In your code you generated RSA key and replaced d with your
data, but p,q and others are from "old" key and because private
key operation using CRT do not require d then you can have impression
that this number is recreated when in practice ... is not used.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
