Re: Check the private key
Hi Mounir, > As you can see from the ASN.1 dump, it starts with the version, followed by > the algorithm identifier and then the RSAPrivateKey encoding inside an > OctetString. Yes, you are right, of course. The structure I was referring to is the one inside. > Concerning Vladimir's question, the answer is simple : your key is OK and it > was verified successfully by OpenSSL. The error message you are getting is > due to the fact that in the source code of the rsa utility there is a line > that dumps the errors on OpenSSL stack and in this case there is an error > that is harmless and that is caused by the way OpenSSL tries to decode the > PEM content. Interesting, good to know. Thanks, Ingo __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Check the private key
Hi Ingo, You are mistaken : this keys is not an encoded RSAPrivateKey as defined by PKCS#1 but it's an encoded PrivateKeyInfo as defined in PKCS#8. Here is the ASN.1 definitions : PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, privateKey PrivateKey, attributes [0] Attributes OPTIONAL } Version ::= INTEGER {v1(0)} (v1,...) PrivateKey ::= OCTET STRING As you can see from the ASN.1 dump, it starts with the version, followed by the algorithm identifier and then the RSAPrivateKey encoding inside an OctetString. Concerning Vladimir's question, the answer is simple : your key is OK and it was verified successfully by OpenSSL. The error message you are getting is due to the fact that in the source code of the rsa utility there is a line that dumps the errors on OpenSSL stack and in this case there is an error that is harmless and that is caused by the way OpenSSL tries to decode the PEM content. In the file "apps/rsa.c", at line 335, there is the following : if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ { ERR_print_errors(bio_err); goto end; } A more correct version would be to change "||" in the if test by "&&", and thus there will be no misleading error. I hope this clarifies things. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/20/2010 4:25 PM, Ingo Naumann wrote: Vladimir, To me, your key looks like a standard 1024 RSA private key, in PKCS#1 format (see below). And, I'm getting the same error when I type openssl rsa -checkhttp://www.rsa.com/rsalabs/node.asp?id=2125 RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponentINTEGER, -- e privateExponent INTEGER, -- d prime1INTEGER, -- p prime2INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } Your key: 30 : SEQUENCE (Length: 0x277) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x0D) 06 : Object Identifier (OID): 1.2.840.113549.1.1.1 rsaEncryption 05 : NULL 04 : Octet String (Length: 0x261) 30 : SEQUENCE (Length: 0x25D) 02 : Integer (Length: 0x01) 00 02 : Integer (Length: 0x81) 00 C5 F1 4E FF 1C 97 02 A2 02 A1 C7 A0 8D E6 9F 9D EF D5 56 87 D7 B2 BF A3 7B 68 73 4E 34 A4 5E FE 41 86 3E 3E 7D 55 6F 9D F1 42 D6 FB CC 27 BB 0C D3 C6 C8 0E 40 CA 53 F8 5A 81 E2 90 18 A8 94 C0 12 72 15 98 0F 1C A2 8F 75 A9 26 E6 A0 8A 7B AB [0x0030 bytes skipped.] 02 : Integer (Length: 0x03) 01 00 01 02 : Integer (Length: 0x81) 00 90 06 E3 5A 11 2D 78 06 F6 2F 4D 17 EF E8 6D 1F F8 50 9C E3 BE F9 1B 24 13 39 8F 1C CA 85 07 71 AD AF C6 3E A5 E7 B2 8D 93 EC F4 8C C6 A1 EA 22 8D 3D C8 77 46 81 71 D3 F5 D7 28 49 7D 07 BD 23 33 AD 3D A7 76 33 6C 47 D7 A2 5B 62 58 A7 06 5B [0x0030 bytes skipped.] 02 : Integer (Length: 0x41) 00 F7 D7 7F 0E C3 04 7D B3 69 AE 54 4F 70 A5 47 E3 D5 1F DC DE 40 AB 99 6D 93 BD 96 4F 31 92 11 F8 43 54 D5 9C EC 3D DF B6 AA 9B AA 3D 60 14 A5 A3 C7 78 DD DE E5 A1 7C C4 5C DF 5F 56 2F EC 41 DB 02 : Integer (Length: 0x41) 00 CC 75 52 E6 9A 0A 1B B7 35 7C D1 D0 51 65 D8 B0 35 BE EA AE D3 88 53 7C AF A5 36 C5 41 09 95 CF 66 73 8F 3D 57 87 FB A0 77 7E B1 D2 95 9D 83 5E 92 5B 95 AB 2A CF 9F FA F7 01 2B 69 4D C7 52 C3 02 : Integer (Length: 0x40) 17 3B 24 D6 BE 62 EA 61 69 D3 84 65 99 DA 74 3D 9F D9 87 BB 71 76 64 40 48 2B EA 2D EC 28 93 F4 A0 63 10 4E D0 3A 10 81 2F C6 BD 93 59 31 36 41 7E CE 0E 85 F9 22 44 EE A7 01 ED 0E C8 19 2E 27 02 : Integer (Length: 0x41) 00 BC 97 5F DF 8B A8 D5 45 DA 15 87 67 33 1D D1 91 40 12 19 61 27 87 71 12 EA E5 67 2E ED BD CC AC E1 20 A8 B8 79 5B DA 33 7A E5 A7 5A CA 5C DF 47 45 93 2A EC 16 F2 2A EC 10 18 C9 15 3A 04 28 87 02 : Integer (Length: 0x40) 20 4C 8C 60 52 94 CA 42 30 DC 1B EF 3D 1E 5F 84 82 40 D1 25 84 BE 1E 18 35 0F F9 4A 5A 40 16 B0 E2 8F 5B 9B C3 FC C5 E7 08 0A BC F0 D1 BA 01 4B 47 08 08 60 15 48 80 A2 C1 98 03 56 FC A4 D9 DC __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support
Re: Check the private key
Vladimir, To me, your key looks like a standard 1024 RSA private key, in PKCS#1 format (see below). And, I'm getting the same error when I type openssl rsa -check http://www.rsa.com/rsalabs/node.asp?id=2125 RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponentINTEGER, -- e privateExponent INTEGER, -- d prime1INTEGER, -- p prime2INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } Your key: 30 : SEQUENCE (Length: 0x277) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x0D) 06 : Object Identifier (OID): 1.2.840.113549.1.1.1 rsaEncryption 05 : NULL 04 : Octet String (Length: 0x261) 30 : SEQUENCE (Length: 0x25D) 02 : Integer (Length: 0x01) 00 02 : Integer (Length: 0x81) 00 C5 F1 4E FF 1C 97 02 A2 02 A1 C7 A0 8D E6 9F 9D EF D5 56 87 D7 B2 BF A3 7B 68 73 4E 34 A4 5E FE 41 86 3E 3E 7D 55 6F 9D F1 42 D6 FB CC 27 BB 0C D3 C6 C8 0E 40 CA 53 F8 5A 81 E2 90 18 A8 94 C0 12 72 15 98 0F 1C A2 8F 75 A9 26 E6 A0 8A 7B AB [0x0030 bytes skipped.] 02 : Integer (Length: 0x03) 01 00 01 02 : Integer (Length: 0x81) 00 90 06 E3 5A 11 2D 78 06 F6 2F 4D 17 EF E8 6D 1F F8 50 9C E3 BE F9 1B 24 13 39 8F 1C CA 85 07 71 AD AF C6 3E A5 E7 B2 8D 93 EC F4 8C C6 A1 EA 22 8D 3D C8 77 46 81 71 D3 F5 D7 28 49 7D 07 BD 23 33 AD 3D A7 76 33 6C 47 D7 A2 5B 62 58 A7 06 5B [0x0030 bytes skipped.] 02 : Integer (Length: 0x41) 00 F7 D7 7F 0E C3 04 7D B3 69 AE 54 4F 70 A5 47 E3 D5 1F DC DE 40 AB 99 6D 93 BD 96 4F 31 92 11 F8 43 54 D5 9C EC 3D DF B6 AA 9B AA 3D 60 14 A5 A3 C7 78 DD DE E5 A1 7C C4 5C DF 5F 56 2F EC 41 DB 02 : Integer (Length: 0x41) 00 CC 75 52 E6 9A 0A 1B B7 35 7C D1 D0 51 65 D8 B0 35 BE EA AE D3 88 53 7C AF A5 36 C5 41 09 95 CF 66 73 8F 3D 57 87 FB A0 77 7E B1 D2 95 9D 83 5E 92 5B 95 AB 2A CF 9F FA F7 01 2B 69 4D C7 52 C3 02 : Integer (Length: 0x40) 17 3B 24 D6 BE 62 EA 61 69 D3 84 65 99 DA 74 3D 9F D9 87 BB 71 76 64 40 48 2B EA 2D EC 28 93 F4 A0 63 10 4E D0 3A 10 81 2F C6 BD 93 59 31 36 41 7E CE 0E 85 F9 22 44 EE A7 01 ED 0E C8 19 2E 27 02 : Integer (Length: 0x41) 00 BC 97 5F DF 8B A8 D5 45 DA 15 87 67 33 1D D1 91 40 12 19 61 27 87 71 12 EA E5 67 2E ED BD CC AC E1 20 A8 B8 79 5B DA 33 7A E5 A7 5A CA 5C DF 47 45 93 2A EC 16 F2 2A EC 10 18 C9 15 3A 04 28 87 02 : Integer (Length: 0x40) 20 4C 8C 60 52 94 CA 42 30 DC 1B EF 3D 1E 5F 84 82 40 D1 25 84 BE 1E 18 35 0F F9 4A 5A 40 16 B0 E2 8F 5B 9B C3 FC C5 E7 08 0A BC F0 D1 BA 01 4B 47 08 08 60 15 48 80 A2 C1 98 03 56 FC A4 D9 DC __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Check the private key
Hi Vladimir, $ openssl asn1parse > Hi, > > I've got private key file priv.key with the following contents > > -BEGIN RSA PRIVATE KEY- > MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMXxTv8clwKiAqHH > oI3mn53v1VaH17K/o3toc040pF7+QYY+Pn1Vb53xQtb7zCe7DNPGyA5AylP4WoHi > kBiolMASchWYDxyij3WpJuaginurwqAwYOB3XyxZqWP7xNaWLhLIdhLG72b7n8fX > /vL+m3Xp7hxzjHVdXTjqVkk+S0/RAgMBAAECgYEAkAbjWhEteAb2L00X7+htH/hQ > nOO++RskEzmPHMqFB3Gtr8Y+peeyjZPs9IzGoeoijT3Id0aBcdP11yhJfQe9IzOt > Pad2M2xH16JbYlinBlsdo6do5On2i0u2FTs/xA2Pirs3zIzzf94ybDcPUFN9u8SQ > Ry2MxXNW8D7OUO9H+DkCQQD3138OwwR9s2muVE9wpUfj1R/c3kCrmW2TvZZPMZIR > +ENU1ZzsPd+2qpuqPWAUpaPHeN3e5aF8xFzfX1Yv7EHbAkEAzHVS5poKG7c1fNHQ > UWXYsDW+6q7TiFN8r6U2xUEJlc9mc489V4f7oHd+sdKVnYNekluVqyrPn/r3AStp > TcdSwwJAFzsk1r5i6mFp04Rlmdp0PZ/Zh7txdmRASCvqLewok/SgYxBO0DoQgS/G > vZNZMTZBfs4OhfkiRO6nAe0OyBkuJwJBALyXX9+LqNVF2hWHZzMd0ZFAEhlhJ4dx > EurlZy7tvcys4SCouHlb2jN65adaylzfR0WTKuwW8irsEBjJFToEKIcCQCBMjGBS > lMpCMNwb7z0eX4SCQNElhL4eGDUP+UpaQBaw4o9bm8P8xecICrzw0boBS0cICGAV > SICiwZgDVvyk2dw= > -END RSA PRIVATE KEY- > > When I try to check key consistency I'am confusing with the following output > > RSA key ok > 3076933256:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:1320: > 3076933256:error:0D06C03A:asn1 encoding > routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:832: > 3076933256:error:0D08303A:asn1 encoding > routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=n, > Type=RSA > 3076933256:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA > lib:rsa_ameth.c:115: > > So, the first string says that key is ok, but what these error strings mean? > Unfortunately, I don't know this private key format. Can I do this (is it > PKCS#1, PKCS#12 or others)? And what do I need to do to disapear error > strings? > > Thank you! > > -- > View this message in context: > http://old.nabble.com/Check-the-private-key-tp29475867p29475867.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Check the private key
Hi, I've got private key file priv.key with the following contents -BEGIN RSA PRIVATE KEY- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMXxTv8clwKiAqHH oI3mn53v1VaH17K/o3toc040pF7+QYY+Pn1Vb53xQtb7zCe7DNPGyA5AylP4WoHi kBiolMASchWYDxyij3WpJuaginurwqAwYOB3XyxZqWP7xNaWLhLIdhLG72b7n8fX /vL+m3Xp7hxzjHVdXTjqVkk+S0/RAgMBAAECgYEAkAbjWhEteAb2L00X7+htH/hQ nOO++RskEzmPHMqFB3Gtr8Y+peeyjZPs9IzGoeoijT3Id0aBcdP11yhJfQe9IzOt Pad2M2xH16JbYlinBlsdo6do5On2i0u2FTs/xA2Pirs3zIzzf94ybDcPUFN9u8SQ Ry2MxXNW8D7OUO9H+DkCQQD3138OwwR9s2muVE9wpUfj1R/c3kCrmW2TvZZPMZIR +ENU1ZzsPd+2qpuqPWAUpaPHeN3e5aF8xFzfX1Yv7EHbAkEAzHVS5poKG7c1fNHQ UWXYsDW+6q7TiFN8r6U2xUEJlc9mc489V4f7oHd+sdKVnYNekluVqyrPn/r3AStp TcdSwwJAFzsk1r5i6mFp04Rlmdp0PZ/Zh7txdmRASCvqLewok/SgYxBO0DoQgS/G vZNZMTZBfs4OhfkiRO6nAe0OyBkuJwJBALyXX9+LqNVF2hWHZzMd0ZFAEhlhJ4dx EurlZy7tvcys4SCouHlb2jN65adaylzfR0WTKuwW8irsEBjJFToEKIcCQCBMjGBS lMpCMNwb7z0eX4SCQNElhL4eGDUP+UpaQBaw4o9bm8P8xecICrzw0boBS0cICGAV SICiwZgDVvyk2dw= -END RSA PRIVATE KEY- When I try to check key consistency I'am confusing with the following output RSA key ok 3076933256:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1320: 3076933256:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:832: 3076933256:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=n, Type=RSA 3076933256:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115: So, the first string says that key is ok, but what these error strings mean? Unfortunately, I don't know this private key format. Can I do this (is it PKCS#1, PKCS#12 or others)? And what do I need to do to disapear error strings? Thank you! -- View this message in context: http://old.nabble.com/Check-the-private-key-tp29475867p29475867.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org