Hi Martin,
Here's the detail output for the original "key integrity failed" error.
It seems to inciate that the "ASN1 tag 0x30 expected, but is 0x02 log message"
is related to some PKCS#8 vs. traditional standard format issue. This is what
our setup is generating using our Openssl0.9.8q + OCF cryptodev engine?
I used the openssl command line on our setup to generate the key.
root@devux03gw2:/# openssl req -new -newkey rsa:2048 -nodes -subj
'/CN=devux03gw2.uxdev.com/O=Sonus/OU=Symphony/C=US/ST=IL/L=Schaumburg' -keyout
mykey2.pem -out myreq2.pem
RSA_PKCS1_SSLeay
Generating a 2048 bit RSA private key
RSA_PKCS1_SSLeay
RSA_new_method no engine
rsa->meth->rsa_keygen
RSA_eay_keygen
............................................................................................+++
......................................+++
writing new private key to 'mykey2.pem'
-----
RSA_eay_private_encrypt: padding = 1
00[ASN] -----BEGIN RSA PRIVATE KEY-----
00[ASN] -----END RSA PRIVATE KEY-----
00[ASN] L0 - RSAPrivateKey:
00[ASN] L1 - version:
00[ASN] => 1 bytes @ 0x2675e
00[ASN] 0: 00 .
00[ASN] L1 - modulus:
00[ASN] => 257 bytes @ 0x26763
00[ASN] 0: 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0 69 F5 C7 AD ..[...n..}%.i...
00[ASN] 16: 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D 94 FF AC 2A V..s.....oH}...*
00[ASN] 32: 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E 86 C2 91 C3 +=..Kd.....n....
00[ASN] 48: 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF B7 82 3C 0D .z=....P......<.
00[ASN] 64: 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4 D5 28 45 7E .p.6.........(E~
00[ASN] 80: 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3 87 47 F4 E0 .g....4YO....G..
00[ASN] 96: A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52 0A 99 CB 99 ...M*.F...{R....
00[ASN] 112: EE F9 CE DB BE EF BC 50 66 87 F9 D8 17 72 FB 49 .......Pf....r.I
00[ASN] 128: D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5 F0 BC DC A1 ......v...c.....
00[ASN] 144: EF 27 95 15 2B 37 E3 BD 2A 05 64 F5 8C 0C DD 42 .'..+7..*.d....B
00[ASN] 160: 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB B3 49 EF A8 C&M.Jo;.z.9..I..
00[ASN] 176: BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C C7 36 6A 55 ..Y;.4...2.\.6jU
00[ASN] 192: BA 4C DE CE 80 01 C5 17 E5 3B 5E D6 F0 5F 81 10 .L.......;^.._..
00[ASN] 208: 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7 FC FA 76 AC ......LL.'....v.
00[ASN] 224: 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72 4B F3 6C C0 ?>J..|.N..zrK.l.
00[ASN] 240: 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F A1 37 B6 9E ...i.....#...7..
00[ASN] 256: 53
00[ASN] L1 - publicExponent:
00[ASN] => 3 bytes @ 0x26866
00[ASN] 0: 01 00 01 ...
00[ASN] L1 - privateExponent:
00[ASN] => 256 bytes @ 0x2686d
00[ASN] 0: 0F D0 BB 27 26 BA 25 69 97 39 E6 61 50 E5 E1 AB ...'&.%i.9.aP...
00[ASN] 16: 94 95 19 F4 12 6C BE E4 72 2F 0B 6F 34 A9 EF CC .....l..r/.o4...
00[ASN] 32: 53 A9 00 D6 A0 B6 8F A7 48 3C F0 96 03 D4 31 68 S.......H<....1h
00[ASN] 48: 9A 28 E8 5F 10 8A E0 F7 FB 52 40 D8 BE 85 B9 97 .(._.....R@.....
00[ASN] 64: 52 7D 4D 69 2F D2 5F E7 25 D9 4D 7C F3 32 5F D4 R}Mi/._.%.M|.2_.
00[ASN] 80: 3B 76 38 2D 74 80 99 D8 E6 09 DF 45 7D 76 93 97 ;v8-t......E}v..
00[ASN] 96: 5B 54 50 4E E7 E8 D2 09 62 7A FD 51 76 4B 6E 76 [TPN....bz.QvKnv
00[ASN] 112: EF 07 4F FD 38 3C DD 15 3C DC ED 07 3E 66 66 53 ..O.8<..<...>ffS
00[ASN] 128: 10 F5 EA 92 0F 29 45 6C 4E 91 04 BF 2F AF 8F 94 .....)ElN.../...
00[ASN] 144: 6B 46 76 D3 1B 7C 6C E0 A6 32 B8 49 C3 37 25 EA kFv..|l..2.I.7%.
00[ASN] 160: 8D 0B F4 48 19 D9 5C DC B5 8F 2F BA 42 50 AB 4B ...H..\.../.BP.K
00[ASN] 176: A2 4B E0 1C 3B 0B B6 FF F7 FC 4B EC F2 0E D8 E8 .K..;.....K.....
00[ASN] 192: E4 72 15 74 28 79 48 26 FC 8F 00 08 A2 7F 7A BD .r.t(yH&......z.
00[ASN] 208: 78 47 ED 44 49 93 AE 62 55 DA 62 C6 56 75 17 E7 xG.DI..bU.b.Vu..
00[ASN] 224: B3 80 88 71 F2 BF FE F3 D6 76 5E F2 B6 88 A7 BA ...q.....v^.....
00[ASN] 240: AB C1 36 C1 2D 6C 1D 7A 2F E4 3A E2 7B 49 BC C9 ..6.-l.z/.:.{I.
00[ASN] L1 - prime1:
00[ASN] => 129 bytes @ 0x26970
00[ASN] 0: 00 FB F2 DE A0 94 D7 FB 11 1F 15 81 3D 7D 09 18 ............=}..
00[ASN] 16: A1 BE 6E A9 84 59 65 E3 51 D4 83 FE 84 88 15 B8 ..n..Ye.Q.......
00[ASN] 32: 12 A4 DB 0D 29 37 5E E2 16 DB 8B 19 27 B3 57 82 ....)7^.....'.W.
00[ASN] 48: 92 50 05 78 92 E8 32 9B 73 34 7B 14 D2 2C 93 EC .P.x..2.s4{..,..
00[ASN] 64: 88 4A 58 BE 39 5A 98 1E 62 3C 12 34 54 0A C1 A9 .JX.9Z..b<.4T...
00[ASN] 80: 0A 44 6F 27 C5 7C 63 26 BD AF 44 B3 36 30 C4 32 .Do'.|c&..D.60.2
00[ASN] 96: 8B 10 E3 76 B3 19 90 4D 58 CE B5 7A 2F 3E 72 3E ...v...MX..z/>r>
00[ASN] 112: BC 68 24 E3 D2 09 AC EA 28 07 FB 55 1E 8B 29 40 .h$.....(..U..)@
00[ASN] 128: D7 .
00[ASN] L1 - prime2:
00[ASN] => 129 bytes @ 0x269f4
00[ASN] 0: 00 E5 FF 4D F0 5E 2B F7 EF AF E7 C5 C7 68 5F 91 ...M.^+......h_.
00[ASN] 16: CD 2A D1 E2 08 21 70 5B 60 B6 6B C1 7F BF 51 CA .*...!p[`.k...Q.
00[ASN] 32: 9C 93 A4 8E 0E C2 EF 65 F4 FC 1E 7B A7 7B D1 96 .......e...{.{..
00[ASN] 48: 75 61 83 09 69 F6 1B 1F 76 98 5B 7B 7D 82 62 AF ua..i...v.[{}.b.
00[ASN] 64: 34 BA BD 6A E3 6B E3 A5 21 E6 FA FA 2E 9C 6A 21 4..j.k..!.....j!
00[ASN] 80: EC EF 78 26 74 2D D0 1A CF D6 80 EA 2B 68 81 89 ..x&t-......+h..
00[ASN] 96: 41 EF 8E 8F 69 13 66 48 19 9A CC E2 95 45 B3 C4 A...i.fH.....E..
00[ASN] 112: 8B 62 E1 A1 2E 29 A4 92 06 EE C5 FC A5 C6 33 92 .b...)........3.
00[ASN] 128: E5 .
00[ASN] L1 - exponent1:
00[ASN] => 257 bytes @ 0x26a79
00[ASN] 0: 00 D7 F2 E1 8F 5F 3A 60 A2 36 9F 27 A8 9D 9A A8 ....._:`.6.'....
00[ASN] 16: 56 E5 90 7C 4D 33 BE CC 48 1E 50 59 8C 3A AB B2 V..|M3..H.PY.:..
00[ASN] 32: 14 DC D7 2F B0 B5 8C 0C 43 85 1A 95 A5 0C E3 08 .../....C.......
00[ASN] 48: 64 78 1B DA F0 A5 4D 51 2D C9 6C D5 95 1C 21 69 dx....MQ-.l...!i
00[ASN] 64: 82 67 AD 55 B1 68 34 DC BC 8F B9 2F 42 63 27 88 .g.U.h4..../Bc'.
00[ASN] 80: 95 A0 59 58 4C 4C 59 78 0A C0 BA D3 72 90 B9 93 ..YXLLYx....r...
00[ASN] 96: 94 4D 63 EF EB CF 7C 14 B8 48 8A 98 9E FD 98 24 .Mc...|..H.....$
00[ASN] 112: 15 75 4B 34 49 79 A5 5E 84 3E 7C 44 16 B1 58 E7 .uK4Iy.^.>|D..X.
00[ASN] 128: B4 9F 2A 7E 39 17 DB 53 E8 23 5C D4 A7 C6 72 B9 ..*~9..S.#\...r.
00[ASN] 144: 1B 38 F7 45 93 C1 F9 1A 9B 03 59 76 29 13 4D B6 .8.E......Yv).M.
00[ASN] 160: 09 9A 93 F1 1C AD 1C A1 CD AD B7 79 D3 01 1C 46 ...........y...F
00[ASN] 176: 39 A3 1D 3E B1 9E B9 8F 38 1B 39 0F DC 41 76 7B 9..>....8.9..Av{
00[ASN] 192: 6B 78 FA CA 05 94 E0 CE C1 FE 8B F9 5D FE 74 EF kx..........].t.
00[ASN] 208: EC 2A 74 EF DB 83 BF F0 63 65 8B B6 68 4D 7A 86 .*t.....ce..hMz.
00[ASN] 224: 0A 90 6E C6 31 AE 01 DD 99 7C 87 E5 86 0A A3 D1 ..n.1....|......
00[ASN] 240: 8E 5A 63 A4 31 3A 02 22 2F 13 A8 40 13 57 F4 94 .Zc.1:."/[email protected]..
00[ASN] 256: E7
00[ASN] L1 - exponent2:
00[ASN] => 256 bytes @ 0x26b7e
00[ASN] 0: 62 08 1C 0D 4C 16 4C 2D C9 71 9E E6 FE B5 3A F7 b...L.L-.q....:.
00[ASN] 16: 66 0C EF 18 B3 13 A7 75 58 A9 2C F0 78 B8 DB 0D f......uX.,.x...
00[ASN] 32: 93 A5 8F FC 1D 36 2B AB 3D CE 94 21 40 02 3F 1F .....6+.=..!@.?.
00[ASN] 48: A6 6A D1 AC 38 84 8F D2 BD 39 78 26 EB 8D D2 F0 .j..8....9x&....
00[ASN] 64: 44 EB E3 40 9D 79 34 B9 DE 6D 2F D3 91 DF 75 4B [email protected]/...uK
00[ASN] 80: B0 9D F3 3A 2D 80 E7 A9 37 E2 1E 28 5A 41 0B 5E ...:-...7..(ZA.^
00[ASN] 96: 12 5F 5C C0 A3 68 D0 4F 97 92 59 9D AB AB 11 40 ._\..h.O..Y....@
00[ASN] 112: 74 66 F5 4D D7 32 26 3D 00 97 81 8A C6 53 53 66 tf.M.2&=.....SSf
00[ASN] 128: 18 D3 C1 98 FB 4A FC F5 F3 0B 23 1E C0 90 D6 41 .....J....#....A
00[ASN] 144: 3F 09 1C 87 8B 65 C5 9F 5B 0A 7D A8 08 86 CE 7C ?....e..[.}....|
00[ASN] 160: 6C 78 81 D0 BA B6 5B 84 D0 5B 9E EE 3A 3C 1F C8 lx....[..[..:<..
00[ASN] 176: 3F 90 DD 31 B4 EF C6 95 9C E3 EA 54 5F 3A 34 00 ?..1.......T_:4.
00[ASN] 192: 4A 82 B4 CD 6B 82 40 FA 96 EB B3 6C 7B 00 B8 EC [email protected]{...
00[ASN] 208: 11 1B 10 C8 3F DB 67 87 66 6F D9 5A 4A E7 F9 A2 ....?.g.fo.ZJ...
00[ASN] 224: C0 AF E6 C6 FE 31 56 B2 9C A5 DD 2B ED 19 75 C0 .....1V....+..u.
00[ASN] 240: D4 CF 1C 2C C3 FA FE ED 45 54 1E 16 05 7B DD A1 ...,....ET...{.
00[ASN] L1 - coefficient:
00[ASN] => 129 bytes @ 0x26c81
00[ASN] 0: 00 D1 11 4F C8 2E 46 7D 1B 3E B4 8D 13 44 EE F2 ...O..F}.>...D..
00[ASN] 16: 9D 64 EF AC 88 5F 48 97 48 5B AA 8C 31 25 87 ED .d..._H.H[..1%..
00[ASN] 32: 1C 99 49 F2 B8 DC CF 9F 8F 0E FB 4F 37 73 1F 68 ..I........O7s.h
00[ASN] 48: 39 4C F8 15 56 D5 29 15 E5 C1 11 79 03 2B EB C0 9L..V.)....y.+..
00[ASN] 64: 16 60 3C 68 62 74 0D 64 C0 FB D2 C7 D0 3F 99 3A .`<hbt.d.....?.:
00[ASN] 80: 85 F5 16 1F 34 04 54 43 F3 57 9C 81 C4 6A 34 51 ....4.TC.W...j4Q
00[ASN] 96: CA AA 79 DF 91 1F 0E 61 21 FF 35 8C 13 E6 A8 D7 ..y....a!.5.....
00[ASN] 112: 05 3A 05 D1 08 D1 DA D3 2E 77 9A 6C 22 4E 89 F8 .:.......w.l"N..
00[ASN] 128: 3D =
00[LIB] key integrity tests failed
00[ASN] L0 - encryptedPrivateKeyInfo:
00[ASN] L1 - encryptionAlgorithm:
00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02
00[ASN] => 3 bytes @ 0x2675c
00[ASN] 0: 02 01 00 ...
00[ASN] L0 - privateKeyInfo:
00[ASN] L1 - version:
00[ASN] => 1 bytes @ 0x2675e
00[ASN] 0: 00 .
00[ASN] L1 - privateKeyAlgorithm:
00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02
00[ASN] => 261 bytes @ 0x2675f
00[ASN] 0: 02 82 01 01 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0 ......[...n..}%.
00[ASN] 16: 69 F5 C7 AD 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D i...V..s.....oH}
00[ASN] 32: 94 FF AC 2A 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E ...*+=..Kd.....n
00[ASN] 48: 86 C2 91 C3 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF .....z=....P....
00[ASN] 64: B7 82 3C 0D 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4 ..<..p.6........
00[ASN] 80: D5 28 45 7E 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3 .(E~.g....4YO...
00[ASN] 96: 87 47 F4 E0 A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52 .G.....M*.F...{R
00[ASN] 112: 0A 99 CB 99 EE F9 CE DB BE EF BC 50 66 87 F9 D8 ...........Pf...
00[ASN] 128: 17 72 FB 49 D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5 .r.I......v...c.
00[ASN] 144: F0 BC DC A1 EF 27 95 15 2B 37 E3 BD 2A 05 64 F5 .....'..+7..*.d.
00[ASN] 160: 8C 0C DD 42 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB ...BC&M.Jo;.z.9.
00[ASN] 176: B3 49 EF A8 BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C .I....Y;.4...2.\
00[ASN] 192: C7 36 6A 55 BA 4C DE CE 80 01 C5 17 E5 3B 5E D6 .6jU.L.......;^.
00[ASN] 208: F0 5F 81 10 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7 ._........LL.'..
00[ASN] 224: FC FA 76 AC 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72 ..v.?>J..|.N..zr
00[ASN] 240: 4B F3 6C C0 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F K.l....i.....#..
00[ASN] 256: A1 37 B6 9E 53 .7..
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
00[CFG] loading private key from '/tmp/ssl/private/MyServerKey.pem' failed
Regards Kiran
________________________________
From: Martin Willi <[email protected]>
To: Kiran Joshi <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Thursday, January 24, 2013 2:59 AM
Subject: Re: [strongSwan] Unable to load the private key without openssl plugin
Hi Kiran,
> 00[LIB] key integrity tests failed: chect that exp1(150380) is d(150368) mod
> (p(150344)-1), t=-1097449556
> 00[LIB] key integrity tests failed: checkt that exp2(150392) is d(150368) mod
> (q(150356)-1), t=-1097449556
Seems like this key is definitely invalid. By definition in PKCS#1:
exponent1 is d mod (p - 1)
exponent2 is d mod (q - 1)
But in your key, this is not the case.
> is created with the openssl -engine cryptodev (OCF + h/w driver) option.
Looks like a bug to me in your hardware or driver.
> works fine for our SIP TLS
This is absolutely possible, for example if it regenerates the
exponents. Nonetheless, the key is not valid according to PKCS#1.
Regards
Martin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
