Re: Converting BIO* to PKCS7*
Thanks for the response. The encryption is also done by me. I have generated the cipher text as below: in = BIO_new_mem_buf(pchContent, iPriKeyLen); if (!in) { return 0; } /* encrypt content */ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) { return 0; } char* chEnc = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); int iLength = BIO_get_mem_data(memorybio, chEnc); The encrypted value is generated like this: MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA= And I feed chEnc to the decryption procedure to be decrypted. Is it correct? Any idea if the encoding is incorrect. Thanks From: Dave Thompson dthomp...@prinpay.com To: openssl-users@openssl.org Sent: Monday, September 17, 2012 8:45 PM Subject: RE: Converting BIO* to PKCS7* From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei Sent: Monday, 17 September, 2012 05:01 I've got a problem regarding BIO* to PKCS7* conversion. I want to call PKCS7_decrypt() function to decrypt a cipher text. Before that, I have this section of code: in = BIO_new_mem_buf(chEnc, iLength); if (!in) { snip p7 = d2i_PKCS7_bio(in, NULL); if (!p7) { snip 140172957116064:error:0D0680A8:asn1 encoding routines: ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140172957116064:error:0D07803A:asn1 encoding routines: ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7 Any idea how to fix it? Is it the problem due to encoding? or is it a conversion problem? Yes, it is encoding. The data you supplied isn't correct DER -- perhaps not DER at all, that's an easy way to get this wrong. Check your data is DER and is exactly, octet for octet, that produced by a correct sender (encoder). __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Converting BIO* to PKCS7*
From: Mohammad khodaei [mailto:m_khod...@yahoo.com] Sent: Tuesday, 18 September, 2012 06:52 Thanks for the response. The encryption is also done by me. I have generated the cipher text as below: in = BIO_new_mem_buf(pchContent, iPriKeyLen); if (!in) { // p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); if (!p7) { // char* chEnc = new char[1000]; BIO* memorybio = BIO_new(BIO_s_mem()); BIO* base64bio = BIO_new(BIO_f_base64()); BIO* outbio = BIO_push(base64bio, memorybio); long ll = i2d_PKCS7_bio(outbio, p7); BIO_flush(outbio); BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); int iLength = BIO_get_mem_data(memorybio, chEnc); Asides: I'm pretty sure you don't actually need to set RDONLY to do get_mem_data, and maybe not even flush beforehand. And BIO_get_mem_data overwrites the pointer you give it, so your new char[1000] is leaked. The encrypted value is generated like this: MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA= That is not DER, at least not plain DER; it's base64 *of* DER. And I feed chEnc to the decryption procedure to be decrypted. Is it correct? Any idea if the encoding is incorrect. To decode (and decrypt) that, you need to decode base64 first, *then* decode DER. If/since you have it in memory, basically do the reverse of your creation: BIO_new_mem_buf of the base64 data, BIO_push a base64BIO on the memBIO, and d2i from the result. snip previous __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Converting BIO* to PKCS7*
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei Sent: Monday, 17 September, 2012 05:01 I've got a problem regarding BIO* to PKCS7* conversion. I want to call PKCS7_decrypt() function to decrypt a cipher text. Before that, I have this section of code: in = BIO_new_mem_buf(chEnc, iLength); if (!in) { snip p7 = d2i_PKCS7_bio(in, NULL); if (!p7) { snip 140172957116064:error:0D0680A8:asn1 encoding routines: ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140172957116064:error:0D07803A:asn1 encoding routines: ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7 Any idea how to fix it? Is it the problem due to encoding? or is it a conversion problem? Yes, it is encoding. The data you supplied isn't correct DER -- perhaps not DER at all, that's an easy way to get this wrong. Check your data is DER and is exactly, octet for octet, that produced by a correct sender (encoder). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org