Hi I am unable to provide u with exact answer. but i thought it relevent to reply u. because I have also worked on RSA api's
Following are the command to generate rsa keys 1) openssl genrsa -out private.pem 1024 <- This generates a 1024 bit keypair, but both keys are held in a single file initially. 2) openssl rsa -in private.pem -pubout -out public.pem <-extracts the public key from private.pem. Further u can go through website http://www.madboa.com/geek/openssl/ I feel this website shall be very useful to u. Thanks Rafeeq On Mon, 28 Feb 2005 21:51:38 -0800 (PST), prakash babu <[EMAIL PROTECTED]> wrote: > Hello All, > > I am working on an IPF(Itanium Processor Family) HPUX machine. > Using the configure option > > hpux-ia64-cc would be the appropriate configure option while building > OpenSSL in this platform. > But I have problems with OpennSSH authentication when I use this > option. > > OpenSSH uses > libcrypto of OpenSSL to generate the RSA key pair. > > > Scenario 1 - SSH built using OpenSSL configured with hpux-ia64-cc > > i. Generate RSA key pair > #/usr/bin/ssh-keygen -t rsa1 > > ii. View the public key > #cat //.ssh/identity.pub > 1024 35 > > 1329300000000020907656400000000001780747579000000000426351223300000000029905744590000000002509467023000 > > 0000003490192052000000000107451472800000000005030360980000000000597134397000000000316864390100000000029 > > 1017538400000000027044763640000000002448290262000000000263627463900000000020287714850000000000919047739 > [EMAIL PROTECTED] > > iii. Run the sshd daemon > #/opt/ssh_hpux-cc/sbin/sshd -o'protocol 1' -ddd -e > > iv. Run the client > #/opt/ssh_hpux-cc/bin/ssh -1 -l root -o > 'PreferredAuthentications="pubkey"' localhost -vvv > > The sshd daemon > rejects this key as a result the > client authentication fails > > The compiler options for hpux-ia64-cc > "hpux-ia64-cc","cc:-Ae +DD32 +O1 +Olit=all -z > -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR > DES_U > NROLL DES_RISC1 > DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", > > > Scenario 2 -SSH built using OpenSSL configured with hpux-cc > > i. Generate RSA key pair > #/usr/bin/ssh-keygen -t rsa1 > > ii. View the public key > #cat //.ssh/identity.pub > 1024 35 > > 1437122910944460067534870792490584153638875494206294171941680796472959390850506068660764130660092003114 > > 6511827709926115182557164733137352007577919492698063416540177245308126918665480672846829658795559358482 > > 1448512729384759808648867203588282392206887007723304276717097798871889974434155451797730883704857498211 > [EMAIL PROTECTED] > > iii. Run the sshd daemon > #/opt/ssh_hpux-cc/sbin/sshd -o'protocol 1' -ddd -e > > iv. Run the client > #/opt/ssh_hpux-cc/bin/ssh -1 -l root -o > 'PreferredAuthentications="pubkey"' localhost -vvv > > The sshd daemon > accepts this key as a result the > client authentication passes > > The Compiler options for hpux-cc are as follows : > > hpux-cc > "hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit > +O1 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROL > L > DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", > > My Analysis of the problem so far. > > 1. The problem occurs while creation of > n in the public key part of the rsa key > > n=p*q (where p and q are prime big numbers) > > 2 . The value of > dmax in the big number structure indicates the size of the big number > > 3. The following function returns the value of dmax > #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= > (a)->dmax)? (a):bn_expand2((a),(bits)/BN_BITS2+1)) > In this macro dmax is calculated as (bits)/BN_BITS2+1 > > > OpenSSL configure option is hpux-cc dmax=(512)/32 +1 = 17 > > OpenSSL configure option is hpux-ia64-cc > dmax=(512)64 +1= 9 > > Is this change in the value of dmax causes the variation in > the public key. > > 4. The compiler options > SIXTY_FOUR_BIT and > asm/ia64-cpp.o in > hpux-ia64-cc causes this problem. When > SIXTY_FOUR_BIT is replaced by > BN_LLONG and the > asm/ia64-cpp.o option is removed then > hpux-ia64-cc configure option works fine. > > Please correct me if I am wrong ? > > Thanks, > Prakash > > > > ________________________________ > Do you Yahoo!? > Yahoo! Mail - Easier than ever with enhanced search. Learn more. > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
