I'm trying to do a modification of the /demos/sign/sign.c code.
I had it working, but have managed to mess up my certificates/keys and
can't
seem to re-create ones that will function.
1) what I'd _like_ to do is generate an RSA private/public key pair and
then read them in directly, without having to generate a certificate,
x509 object
etc.
demos/sign/sign.c uses PEM_read_PrivateKey, but there doesn't appear to
be
a corresponding PEM_read_PublicKey. The read of the private key works
fine, but
I get a
13451:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: CERTIFICATE
when it pass it a publickey.pem generated using the openssl rsa ...
command.
If I pass it the newcert.pem generated by CA.pl, I get a core dump on
the PEM_read_X509
There is a PEM_read_RSAPublicKey, but then there is no obvious way to
convert this
to a EVP_PKEY
2) The second option is to generate the right x509 object. I've run
through the
CA.pl about a zillion times, and tried to use
openssl req -key R1.pem -x509 -days 99999 -out foo.pem
which hangs after printing out
Using configuration from /var/ssl/openssl.cnf
./CA.pl -newca
./CA.pl -newreq
./CA.pl -sign
then using
openssl rsa -in key.pem -out keyout.pem
to strip out unencrypted private key. That private key works, but I
can't get the
%#%$%$#@%!@ public key read in
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include "apps.h"
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include "fstream.h"
int main(int argc, char **argv)
{
std::cout << argv[1]<<std::endl;
ERR_load_crypto_strings();
char * pub=argv[1];
char * pvate=argv[2];
int err;
X509 * x509;
FILE * fp;
fp = fopen(pvate,"r");
if (fp == NULL) exit(9);
EVP_PKEY * prikey,*foo;
prikey = foo = NULL;
prikey = PEM_read_PrivateKey(fp,&foo,NULL,NULL);
fclose(fp);
std::cout << " read private key " <<std::endl;
if(prikey==NULL) std::cout << " pri key is null " << std::endl;
if(foo==NULL) std::cout << " foo key is null " << std::endl;
fp = fopen(pub,"r");
if (fp == NULL) exit(9);
cout << " before pem_read_x509" <<std::endl;
x509 = PEM_read_X509(fp, &x509, NULL, NULL);
fclose(fp);
cout << " after pem_read_x509" <<std::endl;
if (x509 == NULL) {
cout << " x509 was null " << endl;
ERR_print_errors_fp (stderr);
exit (1);
}
EVP_PKEY * pubkey;
// = PEM_read_RSAPublicKey(fp,NULL,NULL,NULL);
pubkey=X509_get_pubkey(x509);
if (pubkey == NULL) {
cerr << " pubkey was NULL"<<std::endl;
ERR_print_errors_fp (stderr);
exit (1);
}
cout << " read pubkey " << endl;
EVP_MD_CTX md_ctx;
std::string licbuff;
std::string temp;
ifstream lictext(argv[3]);
while(lictext)
{
getline(lictext,temp);
licbuff+=temp;
std::cout << temp << std::endl;
licbuff+='\n';
}
unsigned char *clicbuff = new unsigned char [licbuff.size()];
memcpy(clicbuff,licbuff.data(),licbuff.size());
EVP_SignInit (&md_ctx, EVP_sha1());
cout << " signinit" << endl;
EVP_SignUpdate (&md_ctx, clicbuff, licbuff.size());
cout << " signupdate " << endl;
unsigned char * sig_buf = new unsigned char [4096];
unsigned int sig_len =0;
err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, prikey);
std::cout << sig_len<<std::endl;
std::cout.setf(ios::hex,ios::basefield);
for (int ik = 0 ; ik< sig_len ; ik++)
std::cout << (unsigned int) sig_buf[ik]<<" ";
std::cout<<endl;
EVP_VerifyInit (&md_ctx, EVP_sha1());
EVP_VerifyUpdate (&md_ctx, clicbuff, licbuff.size());
err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pubkey);
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
if(err!=1)
std::cerr<< " didn't work " << err <<std::endl;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
