> What I am trying to accomplish is create a remote application with an > embedded private key that can securely retrieve a small block of data. > > I started by generating a private key without a password: > > openssl genrsa -out private.pem 2048 > > I then used various methods to hide the key in the application. I > stripped off the RSA header and footer and there are no line breaks. > Internally I rebuild the key and end up with a 1592 byte data > stream.What I end up with is something like this:
Umm, WHAT?! Why are you hiding the private key in the application? There is a slight chance that there is some rational reason to do this, but there's probably a 99% chance that you have absolutely no clue what you are doing. > unsigned char *pk_data = "MIIE................"; > > I then create a memory BIO with: > > pk_bio = BIO_new_mem_buf(pk_data, 1592); > > This appears to return a valid BIO*. But, the man page does not state > what would happen if an error occurs. So, I cannot be 100% certain. > > Next, I try to create an RSA *: > > rsa = PEM_read_bio_RSAPrivateKey(pk_bio, NULL, 0, NULL); > > The result is that rsa = NULL. I assume the RSA header and footer line > are unnecessary? Will the lack of line feeds cause any issues? Does > anyone have any ideas? Without the header and footer, it is not PEM. The way you are doing this makes no sense and it's hardly ever something someone would want to do anyway. If you did want to hide the key, you'd be hiding the DER format, not the PEM format. But the whole point of PK is that you don't have to hide keys. Do you have any idea what you're doing? DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
