Re: Converting BIO* to PKCS7*
Thanks for the response. The encryption is also done by me. I have generated the cipher text as below: in = BIO_new_mem_buf(pchContent, iPriKeyLen); if (!in) { return 0; } /* encrypt content */ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) { return 0; } char* chEnc = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); int iLength = BIO_get_mem_data(memorybio, chEnc); The encrypted value is generated like this: MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA= And I feed chEnc to the decryption procedure to be decrypted. Is it correct? Any idea if the encoding is incorrect. Thanks From: Dave Thompson dthomp...@prinpay.com To: openssl-users@openssl.org Sent: Monday, September 17, 2012 8:45 PM Subject: RE: Converting BIO* to PKCS7* From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei Sent: Monday, 17 September, 2012 05:01 I've got a problem regarding BIO* to PKCS7* conversion. I want to call PKCS7_decrypt() function to decrypt a cipher text. Before that, I have this section of code: in = BIO_new_mem_buf(chEnc, iLength); if (!in) { snip p7 = d2i_PKCS7_bio(in, NULL); if (!p7) { snip 140172957116064:error:0D0680A8:asn1 encoding routines: ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140172957116064:error:0D07803A:asn1 encoding routines: ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7 Any idea how to fix it? Is it the problem due to encoding? or is it a conversion problem? Yes, it is encoding. The data you supplied isn't correct DER -- perhaps not DER at all, that's an easy way to get this wrong. Check your data is DER and is exactly, octet for octet, that produced by a correct sender (encoder). __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Elliptic Curve key generation help
Hi, Thanks for the response. I still have a small problem regarding ECDSA key generation. I have the following code to generate ECDSA public/private key pair: EC_KEY *ecKey = EC_KEY_new(); if (ecKey == NULL) return ERR_CODE_ECDSA_EC_KEY_NEW_EXCEPTION; EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); if (group == NULL) return ERR_CODE_ECDSA_EC_GROUP_NEW_BY_CURVE_NAME_EXCEPTION; EC_KEY_set_group(ecKey, group); if (!EC_KEY_generate_key(ecKey)) return ERR_CODE_ECDSA_EC_KEY_GENERATE_KEY; BIO* memoryBioPriKey = BIO_new(BIO_s_mem()); PEM_write_bio_ECPrivateKey(memoryBioPriKey, ecKey, NULL, NULL, 0, NULL, NULL); char* pchPriKey = NULL; pchPriKey = new char[4096]; BIO_read(memoryBioPriKey, pchPriKey, 4096); strPrivateKey.assign(pchPriKey); iPrivateKeyLen = strPrivateKey.length(); BIO_free(memoryBioPriKey); if (pchPriKey != NULL) { delete []pchPriKey; pchPriKey = NULL; } ERR_print_errors_fp(stderr); BIO* memoryBioPubKey = BIO_new(BIO_s_mem()); PEM_write_bio_EC_PUBKEY(memoryBioPubKey, ecKey); char* pchPubKey = NULL; pchPubKey = new char[4096]; BIO_read(memoryBioPubKey, pchPubKey, 4096); strPublicKey.assign(pchPubKey); iPublicKeyLen = strPublicKey.length(); BIO_free(memoryBioPubKey); if (pchPubKey != NULL) { delete []pchPubKey; pchPubKey = NULL; } The generated public key and private key look like this, which is not meaning full: -BEGIN PUBLIC KEY- MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP8B MFsEIP8B ///8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5 RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP8A //+85vqtpxeehPO5ysL8YyVRAgEBA0IABCESPFrTQknk/kDJ8aYTi4Nb 751jubWetBy2TFX4rGZthD7h4W04E1cXDqQB+yFKgNiT1hg+5857SrHSuzxOo0Q= -END PUBLIC KEY- -BEGIN EC PRIVATE KEY- MIIBaAIBAQQgV+8Lgl7Tu0v/CnS3HdkqE59UEHFzUZTy1rJheMoUUYuggfowgfcC AQEwLAYHKoZIzj0BAQIhAP8B MFsEIP8B///8BCBaxjXYqjqT57Pr vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W K84zV2sxXs7LtkBoN79R9QIhAP8A//+85vqtpxeehPO5ysL8 YyVRAgEBoUQDQgAEIRI8WtNCSeT+QMnxphOLg1vvnWO5tZ60HLZMVfisZm2EPuHh bTgTVxcOpAH7IUqA2JPWGD7nzntKsdK7PE6jRA== -END EC PRIVATE KEY- Any idea what are these extra characters inside the public key and private key? It is really strange to me. Maybe I'm not using the openssl APIs in the correct sequence. Any idea? From: Jason Goldberg jgoldb...@oneid.com To: openssl-users@openssl.org openssl-users@openssl.org Sent: Wednesday, August 15, 2012 2:35 PM Subject: Re: Elliptic Curve key generation help You can actually skip the step of using the BN functions and write your keypair directly to PEM format: PEM_write_bio_ECPrivateKey You can then use the BIO functions to either read a string from memory, write it to file, etc. See: http://www.openssl.org/docs/crypto/bio.html# Jason On Aug 15, 2012, at 5:59 AM, Mohammad khodaei m_khod...@yahoo.com wrote: Hi, Based on the previous conversations, I tried to generate Elliptic Curve public/Private key pair. I want to convert the output BIGNUM* to char* in order to perform the rest of my task. Using BN_bn2hex is the correct api to do this? It seems it returns a 32 byte Hex while when I generate EC keys by command, it is much bigger. I want an output like this for public key and private key: -BEGIN EC PARAMETERS- BggqhkjOPQMBBw== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49 AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END EC PRIVATE KEY- and -BEGIN PUBLIC KEY- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END PUBLIC KEY- Here is my code: EC_KEY *ecKey = EC_KEY_new(); EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_set_group(ecKey, group); int iECGenKey = EC_KEY_generate_key(ecKey); BIGNUM *pPubKey, *pPrivKey; pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey); char* pchPrivKey = BN_bn2hex(pPrivKey); int nBytes = BN_num_bytes(pPrivKey); string strPrivKey; strPrivKey.assign(pchPrivKey); if (pPrivKey != NULL) OPENSSL_free(pPrivKey); pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey); char* pchPubKey = BN_bn2hex(pPubKey); string strPubKey; strPubKey.assign(pchPubKey); if (pPubKey != NULL
Re: Elliptic Curve key generation help
Hi, Based on the previous conversations, I tried to generate Elliptic Curve public/Private key pair. I want to convert the output BIGNUM* to char* in order to perform the rest of my task. Using BN_bn2hex is the correct api to do this? It seems it returns a 32 byte Hex while when I generate EC keys by command, it is much bigger. I want an output like this for public key and private key: -BEGIN EC PARAMETERS- BggqhkjOPQMBBw== -END EC PARAMETERS- -BEGIN EC PRIVATE KEY- MHcCAQEEIDbJzdK8bkYoC4CsuFCBBGPHg21AC1vHh7Dg67tTZ8z9oAoGCCqGSM49 AwEHoUQDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1FwoojEQguGKGCseKffEIoLn6ua Vn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END EC PRIVATE KEY- and -BEGIN PUBLIC KEY- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuhRNaqvmtnVpzewv8g3zh2PDh1Fw oojEQguGKGCseKffEIoLn6uaVn9cpsV7OX5hvcafIyqC+gIPuJovPi0Buw== -END PUBLIC KEY- Here is my code: EC_KEY *ecKey = EC_KEY_new(); EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_set_group(ecKey, group); int iECGenKey = EC_KEY_generate_key(ecKey); BIGNUM *pPubKey, *pPrivKey; pPrivKey = (BIGNUM*) EC_KEY_get0_private_key(ecKey); char* pchPrivKey = BN_bn2hex(pPrivKey); int nBytes = BN_num_bytes(pPrivKey); string strPrivKey; strPrivKey.assign(pchPrivKey); if (pPrivKey != NULL) OPENSSL_free(pPrivKey); pPubKey = (BIGNUM*) EC_KEY_get0_public_key(ecKey); char* pchPubKey = BN_bn2hex(pPubKey); string strPubKey; strPubKey.assign(pchPubKey); if (pPubKey != NULL) OPENSSL_free(pPubKey); It would be appreciated if you can help me. Thanks From: Thomas Leavy tombu...@gmail.com To: openssl-users@openssl.org openssl-users@openssl.org Cc: openssl-users@openssl.org openssl-users@openssl.org Sent: Wednesday, August 15, 2012 2:52 AM Subject: Re: Elliptic Curve key generation help Wow can't believe I already got an answer! Thanks so much guys I should be good to go. On Aug 14, 2012, at 6:59 PM, Jason Goldberg jgoldb...@oneid.com wrote: Before you call generate_key, you need to initialize your EC_KEY with a curve: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve); EC_KEY_set_group(testKey, group); For 'curve' you could use, for example, NIST P256 which is defined with the macro: NID_X9_62_prime256v1 You can then use these primitives to get the public and private keys: EC_KEY_get0_private_key EC_KEY_get0_public_key Jason On Aug 14, 2012, at 5:49 PM, Tom Leavy tombu...@gmail.com wrote: I have been trying to figure out how to generate an elliptic curve public private key pair and can't find much information on how you properly do that. So far I have done the following and I'm pretty sure I am missing a step someplace. void makeECCKeyPair() { EC_KEY *testKey = EC_KEY_new(); EC_KEY_generate_key(testKey); }
Re: [openssl-users] ECDSA sign/verify input data size
Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] ECDSA sign/verify input data size
Thanks for the comment. I am searching on the net to find a sample to start. Do you know any sample to start working with EVP_* interfaces for elliptic curve? Thanks From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 3:42 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Use the EVP_* interface for high-level functions. Use ECDSA_do_sign() or other low-level functions if you're absolutely sure about what you're doing. -- Erwann ABALEA Le 06/08/2012 14:31, Mohammad khodaei a écrit : Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert PKCS7_decrypt output to char*
Thanks a lot for the response. I applied the feedbacks you gave me. Now I changed the parts you mentioned in the previous post. I also checked the error messages and they exactly show up after line: p7 = d2i_PKCS7_bio(in, NULL); The error messages are: 140258883262112:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140258883262112:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7 For the sake of completeness, I just copy the entire function here so that it would be easier to see what I have done so far. The corresponding lines are being bold as below: int decrypt(char* chEnc, int iLength) { BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *rcert = NULL; EVP_PKEY *rkey = NULL; PKCS7 *p7 = NULL; int ret = 1; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Read in recipient certificate and private key */ tbio = BIO_new_file(signer.pem, r); if (!tbio) { fprintf(stderr, Error Decrypting Data\n); ERR_print_errors_fp(stderr); return 0; } rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); BIO_reset(tbio); rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); if (!rcert || !rkey) { fprintf(stderr, Error Decrypting Data\n); ERR_print_errors_fp(stderr); return 0; } in = BIO_new_mem_buf(chEnc, iLength); BIO_flush(in); p7 = d2i_PKCS7_bio(in, NULL); if (!p7) { fprintf(stderr, Error in d2i_PKCS7_bio.\n); ERR_print_errors_fp(stderr); return 0; } if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) { fprintf(stderr, Error Decrypting Data, PKCS7_decrypt\n); ERR_print_errors_fp(stderr); return 0; } ret = 0; if (ret) { fprintf(stderr, Error Signing Data\n); ERR_print_errors_fp(stderr); } if (p7) PKCS7_free(p7); if (rcert) X509_free(rcert); if (rkey) EVP_PKEY_free(rkey); if (in) BIO_free(in); if (out) BIO_free(out); if (tbio) BIO_free(tbio); return ret; } Any idea about the problem? From: Dave Thompson dthomp...@prinpay.com To: openssl-users@openssl.org Sent: Wednesday, July 4, 2012 4:17 AM Subject: RE: Convert PKCS7_decrypt output to char* From: owner-openssl-us...@openssl.org On Behalf Of Mohammad khodaei Sent: Monday, 02 July, 2012 10:05 I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use this procedure to encrypt so that I can retreive the encrypted buffer into a char* (and not into a file). Here is the code: p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) return 0; char* chTest = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); BIO_get_mem_data(memorybio, chTest); cout chTest \n; BIO_get_mem_data discards the pointer value (and thus leaks your new char[1000] above. It changes chTest to point to the internal memory buffer, which I don't believe is guaranteed to be null-terminated (although you may be lucky). Now, when I want to do the reverse, I do as follows: BIO* memorybio = BIO_new(BIO_s_mem()); int iLength = BIO_puts(memorybio, chEnc); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* inbio = BIO_push(base64bio, memorybio); BIO_flush(inbio); BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY); You can replace all of the memorybio steps and eliminate the copy with one BIO_new_mem_buf. p7 = d2i_PKCS7_bio(inbio, p7); You don't check this succeeded; in this situation it should, but it's better to make certain. I assume/hope p7 was previously set to null, or to the result of a successful PKCS7_new(). If it was uninitialized that could cause all sorts of problems (some not clearly indicated). if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) return 0; The problem is that the PKCS7_decrypt does not work and it is not derypting correctly. Any idea how to solve it? first *diagnose* what openssl disklikes http://www.openssl.org/support/faq.html#PROG6 and if applicable http://www.openssl.org/support/faq.html#PROG7 http://www.openssl.org/support/faq.html#PROG8 then you can probably correct it. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Asymmetric Cryptography using openssl lib
Hello, I am a bit confused when it comes to asymmetric encryption/decryption. Now I use PKCS7_encrypt() and PKCS7_decrypt() to encrypt using recipient public key and decrypt using the private key. My question is that if they the correct functions to encrypt and decrypt? Or they are supposed to be used for only PKCS7 enveloped Data Structure? Thanks
Re: Convert PKCS7_decrypt output to char*
Hello, I want to encrypt and decrypt using PKCS7_encrypt() and PKCS7_decrypt(). I use this procedure to encrypt so that I can retreive the encrypted buffer into a char* (and not into a file). Here is the code: p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) return 0; char* chTest = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); BIO_get_mem_data(memorybio, chTest); cout chTest \n; Now, when I want to do the reverse, I do as follows: BIO* memorybio = BIO_new(BIO_s_mem()); int iLength = BIO_puts(memorybio, chEnc); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* inbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ BIO_flush(inbio); BIO_set_flags(inbio, BIO_FLAGS_MEM_RDONLY); p7 = d2i_PKCS7_bio(inbio, p7); if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) return 0; The problem is that the PKCS7_decrypt does not work and it is not derypting correctly. Any idea how to solve it? Looking forward to your suggestions and comments. Thanks From: Florian Rüchel florian.ruec...@ruhr-uni-bochum.de To: openssl-users@openssl.org Sent: Monday, June 25, 2012 3:32 PM Subject: Re: Convert PKCS7_encrypt output to char* Hi, A good idea might be to use the following sequence to create a base64 encoded output (safe to send over network): memorybio = BIO_new(BIO_s_mem()); base64bio = BIO_new(BIO_f_base64()); outbio = BIO_push(base64bio, memorybio); /* Copy PKCS#7 */ i2d_PKCS7_bio(outbio, s-request_p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); s-request_len = BIO_get_mem_data(memorybio, s-request_payload); I took this from a software called sscep just for reference. It base64 encodes the data and sends it over the network. On the other side it is easy to base64 decode it. As such it gives you the guarantee it is decoded correctly. On the other side you should of course also have the reverse chain, but I don't have an example at hand for that. Regards On 25.06.2012 15:04, Mohammad Khodaei wrote: Hello, I want to encrypt a small data using recipient public key and decrypt it on the receiver side using recipient private key. I chose PKCS7_encrypt and PKCS7_decrypt api to do so. Are they the correct functions? Is there any other alternative? Now my problem is that I want to convert the encrypted output of PKCS7_encrypt to char* to send it over TCP. I used i2d_PKCS7_fp, d2i_PKCS7_bio and d2i_PKCS7_fp to first write them in the file and later on read them and send them. Here is the procedure to encrypt: P7 = PKCS7_ENCRYPT(RECIPS, IN, EVP_DES_EDE3_CBC(), FLAGS); IF (!P7) GOTO ERR; FILE *FP = NULL; CHAR *FILE = HELLO; SIZE_T LEN = 0; FP = FOPEN(FILE, W); IF (FP == NULL) { PRINTF(ERROR IN OPENING A FILE.., FILE); } I2D_PKCS7_FP(FP, P7); FCLOSE(FP); And here is the code to decrypt? Is the procedure to convert is correct? FILE *P = NULL; CHAR *FILE = HELLO; P = FOPEN(FILE, R); IF (P == NULL) { PRINTF(ERROR IN OPENING A FILE.., FILE); } D2I_PKCS7_FP(P, P7); FCLOSE(P); IF (!P7) GOTO ERR; BIO* OUT; D2I_PKCS7_BIO(OUT, P7); IF (!(OUT2)) GOTO ERR; /* DECRYPT S/MIME MESSAGE */ IF (!PKCS7_DECRYPT(P7, RKEY, RCERT, OUT, 0)) GOTO ERR; It does not work and even the out is not initialized. Any suggestion? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Convert PKCS7_encrypt output to char*
Hello, I want to encrypt a small data using recipient public key and decrypt it on the receiver side using recipient private key. I chose PKCS7_encrypt and PKCS7_decrypt api to do so. Are they the correct functions? Is there any other alternative? Now my problem is that I want to convert the encrypted output of PKCS7_encrypt to char* to send it over TCP. I used i2d_PKCS7_fp, d2i_PKCS7_bio and d2i_PKCS7_fp to first write them in the file and later on read them and send them. Here is the procedure to encrypt: *p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);* *if (!p7)* *goto err;* * * *FILE *fp = NULL;* *char *file = Hello;* *size_t len = 0;* *fp = fopen(file, w);* *if (fp == NULL) {* *printf(Error in opening a file.., file);* *}* *i2d_PKCS7_fp(fp, p7);* * * *fclose(fp);* And here is the code to decrypt? Is the procedure to convert is correct? *FILE *p = NULL;* *char *file = Hello;* *p = fopen(file, r);* *if (p == NULL) {* *printf(Error in opening a file.., file);* *}* *d2i_PKCS7_fp(p, p7);* *fclose(p);* * * *if (!p7)* *goto err;* * * *BIO* out;* *d2i_PKCS7_bio(out, p7);* ** *if (!(out2))* *goto err;* * * */* Decrypt S/MIME message */* *if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))* *goto err;* It does not work and even the out is not initialized. Any suggestion? Thanks a lot