RE: sign data and verify it
From: owner-openssl-us...@openssl.org On Behalf Of Amir Reda Sent: Wednesday, November 05, 2014 02:42 1- i generate rsa key pairs and try to print it in a pem file but when i open the file it was empty You never close or even flush the file. openssl uses C I/O and C I/O by default is usually buffered and not actually written until the file is closed, flushed, repositioned, direction changed on an update: file, or the buffer is filled. Details vary depending on your C implementation which you don't identify. For file-BIO, the generic BIO_free does the close, otherwise see the manpage. Also, you tell BIO_new_file to open in mode wb. PEM data is text not binary, and on implementations where these are different (mostly Windows) writing PEM as binary will produce a file that other tools may not handle correctly (Notepad is particularly bad) although other programs using C including those using openssl file-BIO will probably read okay and that may be enough. 2- when i use function RSA_public_encrypt () to encrypt some data it does nothing because i print the data using cout before encryption then print it after encryption it was the same You generate a key of 2048 *bits* and then try to encrypt 256 *bytes* of data. You can’t do that much; the data you encrypt plus some overhead determined by the padding must be smaller than the modulus. For RSA PKCS1 padding (actually retronymed PKCS1-v1.5 or some variant) this is 11 bytes; see rsa.h. If you checked the return code from RSA_public_encrypt you would know it had an error. When any openssl routine returns an error indication, you should call the ERR_ routines to get and usually display details about the error, usually after loading error strings, except that some SSL_ routines you should first check SSL_get_error to see if it's a real openssl error, a system call (I/O) error, or a nonblocking case like WANT_READ. See https://www.openssl.org/support/faq.html#PROG6 and https://www.openssl.org/support/faq.html#PROG7 Most real systems use hybrid encryption: the bulk data is encrypted by a symmetric cipherusing a newly generated symmetric key (and usually IV if applicable), and the symmetric key which is a fixed size always small enough is encrypted with RSA. See the PKCS7_ and CMS_ routines as one example, although these also protect the publickey with a certificate so that the encrypted data has a decent chance of actually being safe against attacks, which is usually the desired result of using cryptography. - the sign function RSA_sign () has a problem Similarly you try to sign 256 bytes, which won't work. Again real systems generate a *hash* of the data, which is a small fixed size, and RSA-sign the hash with padding, except that here the padding also includes adding (and removing/checking) an ASN.1 header that identifies the hash algorithm. The EVP_Digest{Sign,Verify} and EVP_{Seal,Open} series of routines handle these details for you and are usually better than rolling your own crypto. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: sign data and verify it
dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton noloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Warmest regards and best wishes for a good health,*urs sincerely * *mero*
RE: sign data and verify it
Please read all of Jeff's message. As well as checking that OpenSSL is installed, he told you that you need to link against OpenSSL's libcrypto as well as against OpenSSL's libssl. In the linker command you show below, change '-lssl' to '-lssl -lcrypto'. Regards, jjf From: Amir Reda [mailto:amirale...@gmail.com] Sent: Monday, November 03, 2014 2:43 PM dear sir i already installed ssl lib i use this command amir@amir-Master:~$ sudo apt-get install libssl-dev [sudo] password for amir: Reading package lists... Done Building dependency tree Reading state information... Done libssl-dev is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. amir@amir-Master:~$ as you can see it is already installed are there any solution On Fri, Oct 31, 2014 at 4:14 PM, Jeffrey Walton HYPERLINK mailto:noloa...@gmail.com; \nnoloa...@gmail.com wrote: On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda HYPERLINK mailto:amirale...@gmail.comamirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them?
Re: sign data and verify it
On Fri, Oct 31, 2014 at 6:57 AM, Amir Reda amirale...@gmail.com wrote: dear all i made a code for sign some data and verify it i am using eclipse as IDE and ubuntu 13.10 i have linked eclipse with ssl lib and crypto++ which i use in this code i got an error Invoking: Cross G++ Linker g++ -L/usr/include/openssl -L/usr/include/cryptopp -L/usr/include/crypto++ -L/usr/include -o sign ./src/sign.o -lssl -lcryptopp -lcrypto++ /usr/bin/ld: ./src/sign.o: undefined reference to symbol 'RSA_sign@@OPENSSL_1.0.0' /lib/i386-linux-gnu/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line collect2: ld returned 1 exit status Be sure you have the dev package installed for Ubuntu. I think that's 'sudo apt-get install libssl-dev'.(See https://packages.debian.org/search?keywords=libssl-dev). Add '-lss -lcrypto'. They are the OpenSSL libraries. Add them in the order shown. '-lcryptopp -lcrypto++' are Wei Dai's Crypto++ libraries. Are you sure you need them? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org