RE: sign data and verify it
From: owner-openssl-us...@openssl.org On Behalf Of Amir Reda
Sent: Wednesday, November 05, 2014 02:42
1- i generate rsa key pairs and try to print it in a pem file but when i open
the file it was empty
You never close or even flush the file. openssl uses C I/O and C I/O by default
is usually buffered and not actually written until the file is closed, flushed,
repositioned, direction changed on an update: file, or the buffer is filled.
Details vary depending on your C implementation which you don't identify.
For file-BIO, the generic BIO_free does the close, otherwise see the manpage.
Also, you tell BIO_new_file to open in mode wb. PEM data is text not binary,
and on implementations where these are different (mostly Windows) writing
PEM as binary will produce a file that other tools may not handle correctly
(Notepad is particularly bad) although other programs using C including those
using openssl file-BIO will probably read okay and that may be enough.
2- when i use function RSA_public_encrypt () to encrypt some data it does
nothing because
i print the data using cout before encryption then print it after
encryption it was the same
You generate a key of 2048 *bits* and then try to encrypt 256 *bytes* of data.
You can’t do that much; the data you encrypt plus some overhead determined
by the padding must be smaller than the modulus. For RSA PKCS1 padding
(actually retronymed PKCS1-v1.5 or some variant) this is 11 bytes; see rsa.h.
If you checked the return code from RSA_public_encrypt you would know
it had an error. When any openssl routine returns an error indication,
you should call the ERR_ routines to get and usually display details about
the error, usually after loading error strings, except that some SSL_ routines
you should first check SSL_get_error to see if it's a real openssl error,
a system call (I/O) error, or a nonblocking case like WANT_READ.
See https://www.openssl.org/support/faq.html#PROG6
and https://www.openssl.org/support/faq.html#PROG7
Most real systems use hybrid encryption: the bulk data is encrypted by
a symmetric cipherusing a newly generated symmetric key (and usually IV
if applicable), and the symmetric key which is a fixed size always small enough
is encrypted with RSA. See the PKCS7_ and CMS_ routines as one example,
although these also protect the publickey with a certificate so that the
encrypted data has a decent chance of actually being safe against attacks,
which is usually the desired result of using cryptography.
- the sign function RSA_sign () has a problem
Similarly you try to sign 256 bytes, which won't work. Again real systems
generate a *hash* of the data, which is a small fixed size, and RSA-sign
the hash with padding, except that here the padding also includes adding
(and removing/checking) an ASN.1 header that identifies the hash algorithm.
The EVP_Digest{Sign,Verify} and EVP_{Seal,Open} series of routines handle
these details for you and are usually better than rolling your own crypto.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: sign data and verify it
dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
RE: sign data and verify it
Please read all of Jeff's message. As well as checking that OpenSSL is installed, he told you that you need to link against OpenSSL's libcrypto as well as against OpenSSL's libssl. In the linker command you show below, change '-lssl' to '-lssl -lcrypto'. Regards, jjf From: Amir Reda [mailto:amirale...@gmail.com] Sent: Monday, November 03, 2014 2:43 PM dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton HYPERLINK mailto:noloa...@gmail.com; \nnoloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda HYPERLINK mailto:amirale...@gmail.comamirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them?
Re: sign data and verify it
On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
