Re: Converting BIO* to PKCS7*
Thanks for the response. The encryption is also done by me. I have generated
the cipher text as below:
in = BIO_new_mem_buf(pchContent, iPriKeyLen);
if (!in) {
return 0;
}
/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7) {
return 0;
}
char* chEnc = new char[1000];
BIO* memorybio = BIO_new(BIO_s_mem());
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* outbio = BIO_push(base64bio, memorybio);
long ll = i2d_PKCS7_bio(outbio, p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
int iLength = BIO_get_mem_data(memorybio, chEnc);
The encrypted value is generated like this:
MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx
EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG
A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB
AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA=
And I feed chEnc to the decryption procedure to be decrypted. Is it correct?
Any idea if the encoding is incorrect.
Thanks
From: Dave Thompson dthomp...@prinpay.com
To: openssl-users@openssl.org
Sent: Monday, September 17, 2012 8:45 PM
Subject: RE: Converting BIO* to PKCS7*
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
Sent: Monday, 17 September, 2012 05:01
I've got a problem regarding BIO* to PKCS7* conversion. I want to
call PKCS7_decrypt() function to decrypt a cipher text. Before that,
I have this section of code:
in = BIO_new_mem_buf(chEnc, iLength);
if (!in) { snip
p7 = d2i_PKCS7_bio(in, NULL);
if (!p7) { snip
140172957116064:error:0D0680A8:asn1 encoding routines:
ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140172957116064:error:0D07803A:asn1 encoding routines:
ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7
Any idea how to fix it? Is it the problem due to encoding?
or is it a conversion problem?
Yes, it is encoding. The data you supplied isn't correct DER --
perhaps not DER at all, that's an easy way to get this wrong.
Check your data is DER and is exactly, octet for octet, that
produced by a correct sender (encoder).
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Elliptic Curve key generation help
Hi,
Thanks for the response. I still have a small problem regarding ECDSA key
generation. I have the following code to generate ECDSA public/private key pair:
EC_KEY *ecKey = EC_KEY_new();
if (ecKey == NULL)
return ERR_CODE_ECDSA_EC_KEY_NEW_EXCEPTION;
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (group == NULL)
return ERR_CODE_ECDSA_EC_GROUP_NEW_BY_CURVE_NAME_EXCEPTION;
EC_KEY_set_group(ecKey, group);
if (!EC_KEY_generate_key(ecKey))
return ERR_CODE_ECDSA_EC_KEY_GENERATE_KEY;
BIO* memoryBioPriKey = BIO_new(BIO_s_mem());
PEM_write_bio_ECPrivateKey(memoryBioPriKey, ecKey, NULL, NULL, 0, NULL,
NULL);
char* pchPriKey = NULL;
pchPriKey = new char[4096];
BIO_read(memoryBioPriKey, pchPriKey, 4096);
strPrivateKey.assign(pchPriKey);
iPrivateKeyLen = strPrivateKey.length();
BIO_free(memoryBioPriKey);
if (pchPriKey != NULL) {
delete []pchPriKey;
pchPriKey = NULL;
}
ERR_print_errors_fp(stderr);
BIO* memoryBioPubKey = BIO_new(BIO_s_mem());
PEM_write_bio_EC_PUBKEY(memoryBioPubKey, ecKey);
char* pchPubKey = NULL;
pchPubKey = new char[4096];
BIO_read(memoryBioPubKey, pchPubKey, 4096);
strPublicKey.assign(pchPubKey);
iPublicKeyLen = strPublicKey.length();
BIO_free(memoryBioPubKey);
if (pchPubKey != NULL) {
delete []pchPubKey;
pchPubKey = NULL;
}
The generated public key and private key look like this, which is not meaning
full:
-BEGIN PUBLIC KEY-
MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP8B
MFsEIP8B
///8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd
NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5
RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP8A
//+85vqtpxeehPO5ysL8YyVRAgEBA0IABCESPFrTQknk/kDJ8aYTi4Nb
751jubWetBy2TFX4rGZthD7h4W04E1cXDqQB+yFKgNiT1hg+5857SrHSuzxOo0Q=
-END PUBLIC KEY-
-BEGIN EC PRIVATE KEY-
MIIBaAIBAQQgV+8Lgl7Tu0v/CnS3HdkqE59UEHFzUZTy1rJheMoUUYuggfowgfcC
AQEwLAYHKoZIzj0BAQIhAP8B
MFsEIP8B///8BCBaxjXYqjqT57Pr
vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE
axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W
K84zV2sxXs7LtkBoN79R9QIhAP8A//+85vqtpxeehPO5ysL8
YyVRAgEBoUQDQgAEIRI8WtNCSeT+QMnxphOLg1vvnWO5tZ60HLZMVfisZm2EPuHh
bTgTVxcOpAH7IUqA2JPWGD7nzntKsdK7PE6jRA==
-END EC PRIVATE KEY-
Any idea what are these extra characters inside the public key and private key?
It is really strange to me. Maybe I'm not using the openssl APIs in the correct
sequence. Any idea?
From: Jason Goldberg jgoldb...@oneid.com
To: openssl-users@openssl.org openssl-users@openssl.org
Sent: Wednesday, August 15, 2012 2:35 PM
Subject: Re: Elliptic Curve key generation help
You can actually skip the step of using the BN functions and write your keypair
directly to PEM format:
PEM_write_bio_ECPrivateKey
You can then use the BIO functions to either read a string from memory, write
it to file, etc. See: http://www.openssl.org/docs/crypto/bio.html#
Jason
On Aug 15, 2012, at 5:59 AM, Mohammad khodaei m_khod...@yahoo.com
wrote:
Hi,
Based on the previous conversations, I tried to generate Elliptic Curve
public/Private key pair. I want to convert the output BIGNUM* to char* in
order to perform the rest of my task. Using BN_bn2hex is the correct api to do
this? It seems it returns a 32 byte Hex while when I generate EC keys by
command, it is much bigger. I want an output like this for public key and
private key:
-BEGIN EC PARAMETERS-
BggqhkjOPQMBBw==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49
AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua
Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END EC PRIVATE KEY-
and
-BEGIN PUBLIC KEY-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw
oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END PUBLIC KEY-
Here is my code:
EC_KEY *ecKey = EC_KEY_new();
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_group(ecKey, group);
int iECGenKey = EC_KEY_generate_key(ecKey);
BIGNUM *pPubKey, *pPrivKey;
pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey);
char* pchPrivKey = BN_bn2hex(pPrivKey);
int nBytes = BN_num_bytes(pPrivKey);
string strPrivKey;
strPrivKey.assign(pchPrivKey);
if (pPrivKey != NULL)
OPENSSL_free(pPrivKey);
pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey);
char* pchPubKey = BN_bn2hex(pPubKey);
string strPubKey;
strPubKey.assign(pchPubKey);
if (pPubKey != NULL
Re: Elliptic Curve key generation help
Hi,
Based on the previous conversations, I tried to generate Elliptic Curve
public/Private key pair. I want to convert the output BIGNUM* to char* in order
to perform the rest of my task. Using BN_bn2hex is the correct api to do this?
It seems it returns a 32 byte Hex while when I generate EC keys by command, it
is much bigger. I want an output like this for public key and private key:
-BEGIN EC PARAMETERS-
BggqhkjOPQMBBw==
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49
AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua
Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END EC PRIVATE KEY-
and
-BEGIN PUBLIC KEY-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw
oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw==
-END PUBLIC KEY-
Here is my code:
EC_KEY *ecKey = EC_KEY_new();
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_group(ecKey, group);
int iECGenKey = EC_KEY_generate_key(ecKey);
BIGNUM *pPubKey, *pPrivKey;
pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey);
char* pchPrivKey = BN_bn2hex(pPrivKey);
int nBytes = BN_num_bytes(pPrivKey);
string strPrivKey;
strPrivKey.assign(pchPrivKey);
if (pPrivKey != NULL)
OPENSSL_free(pPrivKey);
pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey);
char* pchPubKey = BN_bn2hex(pPubKey);
string strPubKey;
strPubKey.assign(pchPubKey);
if (pPubKey != NULL)
OPENSSL_free(pPubKey);
It would be appreciated if you can help me.
Thanks
From: Thomas Leavy tombu...@gmail.com
To: openssl-users@openssl.org openssl-users@openssl.org
Cc: openssl-users@openssl.org openssl-users@openssl.org
Sent: Wednesday, August 15, 2012 2:52 AM
Subject: Re: Elliptic Curve key generation help
Wow can't believe I already got an answer! Thanks so much guys I should be good
to go.
On Aug 14, 2012, at 6:59 PM, Jason Goldberg jgoldb...@oneid.com wrote:
Before you call generate_key, you need to initialize your EC_KEY with a curve:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve);
EC_KEY_set_group(testKey, group);
For 'curve' you could use, for example, NIST P256 which is defined with the
macro: NID_X9_62_prime256v1
You can then use these primitives to get the public and private keys:
EC_KEY_get0_private_key
EC_KEY_get0_public_key
Jason
On Aug 14, 2012, at 5:49 PM, Tom Leavy tombu...@gmail.com
wrote:
I have been trying to figure out how to generate an elliptic curve public
private key pair and can't find much information on how you properly do that.
So far I have done the following and I'm pretty sure I am missing a step
someplace.
void makeECCKeyPair() {
EC_KEY *testKey = EC_KEY_new();
EC_KEY_generate_key(testKey);
}
Re: [openssl-users] ECDSA sign/verify input data size
Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] ECDSA sign/verify input data size
Thanks for the comment. I am searching on the net to find a sample to start. Do you know any sample to start working with EVP_* interfaces for elliptic curve? Thanks From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 3:42 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Use the EVP_* interface for high-level functions. Use ECDSA_do_sign() or other low-level functions if you're absolutely sure about what you're doing. -- Erwann ABALEA Le 06/08/2012 14:31, Mohammad khodaei a écrit : Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert PKCS7_decrypt output to char*
Thanks a lot for the response. I applied the feedbacks you gave me. Now I
changed the parts you mentioned in the previous post. I also checked the error
messages and they exactly show up after line:
p7 = d2i_PKCS7_bio(in, NULL);
The error messages are:
140258883262112:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1319:
140258883262112:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:381:Type=PKCS7
For the sake of completeness, I just copy the entire function here so that it
would be easier to see what I have done so far. The corresponding lines are
being bold as below:
int decrypt(char* chEnc, int iLength) {
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file(signer.pem, r);
if (!tbio) {
fprintf(stderr, Error Decrypting Data\n);
ERR_print_errors_fp(stderr);
return 0;
}
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey) {
fprintf(stderr, Error Decrypting Data\n);
ERR_print_errors_fp(stderr);
return 0;
}
in = BIO_new_mem_buf(chEnc, iLength);
BIO_flush(in);
p7 = d2i_PKCS7_bio(in, NULL);
if (!p7) {
fprintf(stderr, Error in d2i_PKCS7_bio.\n);
ERR_print_errors_fp(stderr);
return 0;
}
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) {
fprintf(stderr, Error Decrypting Data, PKCS7_decrypt\n);
ERR_print_errors_fp(stderr);
return 0;
}
ret = 0;
if (ret) {
fprintf(stderr, Error Signing Data\n);
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}
Any idea about the problem?
From: Dave Thompson dthomp...@prinpay.com
To: openssl-users@openssl.org
Sent: Wednesday, July 4, 2012 4:17 AM
Subject: RE: Convert PKCS7_decrypt output to char*
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei
Sent: Monday, 02 July, 2012 10:05
I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt().
I use this procedure to encrypt so that I can retreive the encrypted buffer
into a char* (and not into a file). Here is the code:
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7)
return 0;
char* chTest = new char[1000];
BIO* memorybio = BIO_new(BIO_s_mem());
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* outbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
long ll = i2d_PKCS7_bio(outbio, p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
BIO_get_mem_data(memorybio, chTest);
cout chTest \n;
BIO_get_mem_data discards the pointer value (and thus
leaks your new char[1000] above. It changes chTest to point
to the internal memory buffer, which I don't believe is
guaranteed to be null-terminated (although you may be lucky).
Now, when I want to do the reverse, I do as follows:
BIO* memorybio = BIO_new(BIO_s_mem());
int iLength = BIO_puts(memorybio, chEnc);
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* inbio = BIO_push(base64bio, memorybio);
BIO_flush(inbio);
BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);
You can replace all of the memorybio steps and
eliminate the copy with one BIO_new_mem_buf.
p7 = d2i_PKCS7_bio(inbio, p7);
You don't check this succeeded; in this situation
it should, but it's better to make certain.
I assume/hope p7 was previously set to null,
or to the result of a successful PKCS7_new().
If it was uninitialized that could cause all
sorts of problems (some not clearly indicated).
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
return 0;
The problem is that the PKCS7_decrypt does not work
and it is not derypting correctly. Any idea how to solve it?
first *diagnose* what openssl disklikes
http://www.openssl.org/support/faq.html#PROG6
and if applicable
http://www.openssl.org/support/faq.html#PROG7
http://www.openssl.org/support/faq.html#PROG8
then you can probably correct it.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Asymmetric Cryptography using openssl lib
Hello, I am a bit confused when it comes to asymmetric encryption/decryption. Now I use PKCS7_encrypt() and PKCS7_decrypt() to encrypt using recipient public key and decrypt using the private key. My question is that if they the correct functions to encrypt and decrypt? Or they are supposed to be used for only PKCS7 enveloped Data Structure? Thanks
Re: Convert PKCS7_decrypt output to char*
Hello,
I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use
this procedure to encrypt so that I can retreive the encrypted buffer into a
char* (and not into a file). Here is the code:
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7)
return 0;
char* chTest = new char[1000];
BIO* memorybio = BIO_new(BIO_s_mem());
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* outbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
long ll = i2d_PKCS7_bio(outbio, p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
BIO_get_mem_data(memorybio, chTest);
cout chTest \n;
Now, when I want to do the reverse, I do as follows:
BIO* memorybio = BIO_new(BIO_s_mem());
int iLength = BIO_puts(memorybio, chEnc);
BIO* base64bio = BIO_new(BIO_f_base64());
BIO* inbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
BIO_flush(inbio);
BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY);
p7 = d2i_PKCS7_bio(inbio, p7);
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
return 0;
The problem is that the PKCS7_decrypt does not work and it is not derypting
correctly. Any idea how to solve it?
Looking forward to your suggestions and comments.
Thanks
From: Florian Rüchel florian.ruec...@ruhr-uni-bochum.de
To: openssl-users@openssl.org
Sent: Monday, June 25, 2012 3:32 PM
Subject: Re: Convert PKCS7_encrypt output to char*
Hi,
A good idea might be to use the following sequence to create a base64
encoded output (safe to send over network):
memorybio = BIO_new(BIO_s_mem());
base64bio = BIO_new(BIO_f_base64());
outbio = BIO_push(base64bio, memorybio);
/* Copy PKCS#7 */
i2d_PKCS7_bio(outbio, s-request_p7);
BIO_flush(outbio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
s-request_len = BIO_get_mem_data(memorybio, s-request_payload);
I took this from a software called sscep just for reference.
It base64 encodes the data and sends it over the network. On the other
side it is easy to base64 decode it. As such it gives you the guarantee
it is decoded correctly.
On the other side you should of course also have the reverse chain, but
I don't have an example at hand for that.
Regards
On 25.06.2012 15:04, Mohammad Khodaei wrote:
Hello,
I want to encrypt a small data using recipient public key and decrypt
it on the receiver side using recipient private key. I chose
PKCS7_encrypt and PKCS7_decrypt api to do so. Are they the
correct
functions? Is there any other alternative?
Now my problem is that I want to convert the encrypted output of
PKCS7_encrypt to char* to send it over TCP. I used
i2d_PKCS7_fp, d2i_PKCS7_bio and d2i_PKCS7_fp to first write
them in the file and later on read them and send them. Here is the
procedure to encrypt:
P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS);
IF (!P7)
GOTO ERR;
FILE *FP = NULL;
CHAR *FILE = HELLO;
SIZE_T LEN = 0;
FP = FOPEN(FILE, W);
IF (FP == NULL) {
PRINTF(ERROR IN OPENING A FILE.., FILE);
}
I2D_PKCS7_FP(FP, P7);
FCLOSE(FP);
And here is the code to decrypt? Is the procedure to convert is
correct?
FILE *P = NULL;
CHAR *FILE = HELLO;
P = FOPEN(FILE, R);
IF (P == NULL) {
PRINTF(ERROR IN OPENING A FILE.., FILE);
}
D2I_PKCS7_FP(P, P7);
FCLOSE(P);
IF (!P7)
GOTO ERR;
BIO* OUT;
D2I_PKCS7_BIO(OUT, P7);
IF (!(OUT2))
GOTO ERR;
/* DECRYPT S/MIME MESSAGE */
IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, OUT, 0))
GOTO ERR;
It does not work and even the out is not initialized. Any
suggestion?
Thanks a lot
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
Convert PKCS7_encrypt output to char*
Hello,
I want to encrypt a small data using recipient public key and decrypt it on
the receiver side using recipient private key. I chose PKCS7_encrypt and
PKCS7_decrypt api to do so. Are they the correct functions? Is there any
other alternative?
Now my problem is that I want to convert the encrypted output of
PKCS7_encrypt to char* to send it over TCP. I used
i2d_PKCS7_fp, d2i_PKCS7_bio and d2i_PKCS7_fp to first write them in
the file and later on read them and send them. Here is the procedure to
encrypt:
*p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);*
*if (!p7)*
*goto err;*
*
*
*FILE *fp = NULL;*
*char *file = Hello;*
*size_t len = 0;*
*fp = fopen(file, w);*
*if (fp == NULL) {*
*printf(Error in opening a file.., file);*
*}*
*i2d_PKCS7_fp(fp, p7);*
*
*
*fclose(fp);*
And here is the code to decrypt? Is the procedure to convert is correct?
*FILE *p = NULL;*
*char *file = Hello;*
*p = fopen(file, r);*
*if (p == NULL) {*
*printf(Error in opening a file.., file);*
*}*
*d2i_PKCS7_fp(p, p7);*
*fclose(p);*
*
*
*if (!p7)*
*goto err;*
*
*
*BIO* out;*
*d2i_PKCS7_bio(out, p7);*
**
*if (!(out2))*
*goto err;*
*
*
*/* Decrypt S/MIME message */*
*if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))*
*goto err;*
It does not work and even the out is not initialized. Any suggestion?
Thanks a lot
