first - do you use FIPS? if yes,
1) the you need to include in the very beginning // for use with
privkey with password
OpenSSL_add_all_algorithms();
PKCS5_PBE_add();
2) convert the key before use:
openSSL pkcs8 -in privkey_pass.pem -topk8 -v2 des3 -out
cprivkey_pass.pem
second - use the call back to set password
Galina
On Tue, Feb 24, 2009 at 10:48 AM, Larson, John <[email protected]>wrote:
> Hi again,
>
>
>
> I forgot to include a subject and I have some extra information on this as
> well so thought I’d send more.
>
>
>
> I have printed out the human readable error output of the call to
> PEM_read_PrivateKey and it is a s such:
>
>
>
> error:0906B072:lib(9):func(107):reason(114)
>
>
>
> From looking through the EVP error codes function 107 is
> PEM_GET_EVP_CIPHER_INFO and reason 114 is PEM_R_UNSUPPORTED_ENCRYPTION. Now
> I created the private key using OpenSSL so it seems odd to me that it would
> be considered unsupported. Some relevant info from the key file is:
>
>
>
> Proc-Type: 4,ENCRYPTED
>
> DEK-Info: DES-EDE3-CBC,C1897FAC7F2375FD
>
>
>
> I have read that the cipher type is determined from the salt, i.e. C1897…,
> and a few other variables such as iv (?) that I haven’t had much luck in
> determining.
>
>
> Any ideas why PEM_read_PrivateKey would still be returning NULL???
>
>
>
> By the way I am using version 0.9.8g which I know is slightly outdated if
> that makes a difference.
>
>
>
> -John Larson
> ------------------------------
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Larson, John
> *Sent:* Monday, February 23, 2009 5:17 PM
> *To:* [email protected]
> *Subject:*
>
>
>
> Hi all,
>
>
>
> I am working on some code that takes an existing EC Private Key stored in a
> PEM file and uses it to create a digital signature. In my code the call I
> make to read the private key continues to return a NULL pointer. I perform
> the call as such:
>
>
>
> pkey = PEM_read_PrivateKey(keyFile, NULL, NULL, “password”);
>
>
>
> I have confirmed both that I am referencing the correct file and that the
> pass phrase I use (“password” in this example) is correct. I confirmed the
> password by executing on the command line:
>
>
>
> openssl ec -in signer_key.pem –passin pass:password
>
>
>
> Any ideas why my function call would still return NULL?
>
>
>
> John Larson
>
> *JIPM Systems Engineer, ViaSat Inc*.
>
> Work: (760) 930-3594
>
> Cell: (510) 435-3277
>
>
>
