Hi,
Thanks for your information... I'm a novice student about openssl. What I
want to do is convert (encrypt) a private from traditional to PKCS#5 v2.0
format using triple DES. I've read openssl pkcs#8 at
http://www.openssl.org/docs/apps/pkcs8.html and it mentioned, to do that run
command "openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem". It
works. But how to do it with code, not just type command at command prompt?
My code as below, I write the code regarding pkcs8.c (provided by
openssl-0.9.6 in c:\...\openssl-0.9.6\apps\). The library used are
libeay32.lib & ssleay32.lib. Thanks.
//--------------------------------------------------------------------------
-
#include <stdio.h>
#include <string.h>
#include <apps.h>
#include <apps.c>
#include <app_rand.c>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
void main()
{
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
char *passargin = NULL, *passargout = NULL;
char *infile = "key.pem", *outfile = "enckey.pem";
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
const EVP_CIPHER *cipher = NULL;
BIO *in = NULL, *out = NULL;
BIO *bio_err = NULL;
EVP_PKEY *pkey;
int p8_broken = PKCS8_OK; // p8_broken = 0
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int pbe_nid = NID_pbeWithMD5AndDES_CBC; // pbe_nid = 10
int iter = PKCS12_DEFAULT_ITER;
char buffer[200];
cipher=EVP_get_cipherbyname("des3");
if (!cipher)
{ printf("Unknown cipher 'des3'\n");
return;
}
if (!(in = BIO_new_file(infile, "rb")))
{ printf("Can't open input file %s\n", infile);
return;
}
if (!(out = BIO_new_file (outfile, "wb")))
{ printf("Can't open output file %s\n", outfile);
return;
}
passargin = "pass:password_in";
passargout = "pass:password_out";
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{ printf("Error getting passwords\n");
return;
}
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
if (!pkey)
{ printf("Error reading key\n");
return;
}
BIO_free(in);
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
{ printf("Error converting key\n");
return;
}
p8pass = passout;
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,p8pass, strlen(p8pass),NULL, 0,
iter, p8inf)))
{ printf("Error encrypting key\n");
return;
}
app_RAND_write_file(NULL, bio_err);
PEM_write_bio_PKCS8(out, p8);
PKCS8_PRIV_KEY_INFO_free (p8inf);
EVP_PKEY_free(pkey);
BIO_free_all(out);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
}
//--------------------------------------------------------------------------
-
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chandu
Sent: Wednesday, September 19, 2001 7:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Encrypt Private Key
Hi,
I didnt understand the problem. You want to encrypt the Private key.
With which key you want to encrypt and what encryption algorithm you would
like to use.
If you are using the DES encryption then the functions EVP_encrypt_init(),
EVP_encrypt_update() and EVP_encrypt_final() functions. Thats the help I
can do.
Regards
Chandu
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
