Your questions are confused and I don’t have time to read through a lot of code, but:
In OpenSSL, type RSA (typedef struct rsa_st) is used for both/all RSA keys. When you generate a new keypair, the RSA structure is filled with fields for both private key and public key. If you use the routines to write and read RSAPrivateKey format, or [PKCS8]PrivateKey for an EVP_PKEY “holding” RSA, the key written and read back is usable as either private key or public key. If you pass a “both” RSA to a routine that needs the private key, like _private_decrypt or Open or _private_encrypt or [Digest]Sign, it uses the private fields. If you pass it to a routine that needs the public key, like _public_encrpyt or Seal or _public_decrypt or [Digest]Verify, it uses only the public fields and ignores the private ones even though present. If you put the public key in a cert (directly, or via a CSR) and then fetch the RSA from the cert, it contains only the public fields. If you pass that to a public-key operation it works, because it ignores the private fields. If you pass it to a private-key operation it fails, because the private fields are missing and needed. HTH From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Amir Reda Sent: Saturday, November 15, 2014 06:37 To: openssl-users@openssl.org Subject: sign issue dear all i'm a Msc student that uses NS3 simulator to do some researches. my target for right now is to make a sample code for a client and a server then add it to the simulator as a brief 1-the client send a certificate request and the server send the certificate to the client 2- the client create a shared key and encrypt it using function RSA_public_encrypt and create some data and sign the data and encrypted shared key and send (client certificate and the data and the encrypted shared key and the sign (of both encrypted shared key and the data)) to the server side 3- the server will verify the certificate and decrypt the encrypted shared key using its private key. and verify the sign using the public key extracted from the client certificate i have created the certificate and its working well and verified and the encrypted shared key is done my problem is 1- how to sign both the data and encrypted shared key with the private key of the client even i have only RSA structure 2- the encrypted shared key should be encrypted by the public key of the server which can be extracted from the server certificate but the method it self RSA_public_encrypt got RSA structure as an argument 3-how can i verify the sign do i need to make all of the data and encrypted shared key to digest then sign it ???? even i don't separated private and public key i have only RSA structure and how to do that thanks allot for help -- Warmest regards and best wishes for a good health,urs sincerely mero
