chris luchini wrote:
>
> I'm trying to do a modification of the /demos/sign/sign.c code.
>
> I had it working, but have managed to mess up my certificates/keys and
> can't
> seem to re-create ones that will function.
>
> 1) what I'd _like_ to do is generate an RSA private/public key pair and
> then read them in directly, without having to generate a certificate,
> x509 object
> etc.
>
> demos/sign/sign.c uses PEM_read_PrivateKey, but there doesn't appear to
> be
> a corresponding PEM_read_PublicKey. The read of the private key works
> fine, but
> I get a
> 13451:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:662:Expecting: CERTIFICATE
> when it pass it a publickey.pem generated using the openssl rsa ...
> command.
>
> If I pass it the newcert.pem generated by CA.pl, I get a core dump on
> the PEM_read_X509
>
Yes, you would... see below.
> There is a PEM_read_RSAPublicKey, but then there is no obvious way to
> convert this
> to a EVP_PKEY
>
You can do.
pkey = EVP_PKEY_new();
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
You can use "certificate format" for public keys using the:
PEM_*_PUBKEY()
functions. These will read and write the public part of an EVP_PKEY
structure.
> x509 = PEM_read_X509(fp, &x509, NULL, NULL);
The above line is the problem with your code. Don't put &x509 in there
because it will try to free or reuse it if it isn't NULL. Put NULL in
there instead.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
