RE: RSA public/private keys only work when created programatically.

Fri, 18 Feb 2011 17:30:24 -0800 

>       From: owner-openssl-us...@openssl.org On Behalf Of David Henry
>       Sent: Friday, 18 February, 2011 11:51

>       Solved. Thanks, Mounir. Changing my PEM_read_bio_RSA_PublicKey() 
> to PEM_read_bio_RSA_PUBKEY() did the trick. I don't understand why 
> there are two of these, but I'm new to OpenSSL, so I won't complain 
> about that which I don't sufficiently understand.

PEM_write,read*_RSAPublicKey and also i2d,d2i_RSAPublicKey write and 
read an encoding specific for and limited to RSA keys defined by PKCS#1.
Similarly *_DSAPublicKey use a specific encoding for DSA (and DH) and 
*_ECPublicKey for EC(DSA/DH). 

write,read,i2d,d2i_RSA,etc_PUBKEY use the generic encoding from X.509 
for SubjectPublicKeyInfo, which combines an OID stating the algorithm,
an alg-dependent piece containing the key/algorithm 'parameters' 
if separate from the key proper (e.g. for DSA/DH you can have P,Q,G 
in parameters and only Y as the key) or NULL if no such parameters, 
then the key (also alg-dependent). RSA has no parameters (NULL).

write,read,i2d,d2i_PUBKEY use the generic encoding to handle any 
(supported) algorithm in a generic EVP_PKEY structure. Since your code 
is using EVP_* (as recommended), you could support other algorithms 
with I believe no code changes other than reading the key(s).
Plus generating/managing different keys but that can be external.

In fact d2i_RSA_PUBKEY just calls d2i_PUBKEY and if the result alg
is RSA returns the RSA 'part'. Similarly for other algs and PEM_read.

For PEM files you can see the difference in the label. The first form 
are "BEGIN RSA PUBLIC KEY", "BEGIN DSA PUBLIC KEY" etc. The second form 
are "BEGIN PUBLIC KEY" and if you asn1parse it you see it has near the 
beginning an 'OBJECT' (OID) which is rsaEncryption or dsaEncryption etc. 

There is a similar choice on the private-key side, where there are 
specific encodings for each algorithm, and a PKCS#8 generic encoding. 



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to