How to read a EC_KEY from a certificate

Thu, 08 Mar 2007 05:42:41 -0800 

Dear list,

I am writing an application that uses ECC and certificates.

At initialization time, the idea is to generate both a self-signed root
certificate (as in the examples in the /demos examples) for the CA,
and a set of long terms EC keys for each client.

In the program I intend to use both command line and C code.

Initialization in the server side:

# openssl  ecparam -name sect233r1 -out sect233r1.pem
# openssl req -keyout testcafile.key.pem -newkey ec:sect233r1.pem -new -out
testcafile.req.pem
# openssl x509 -req -in testcafile.req.pem -signkey testcafile.key.pem  -out
testcafile.cert.pem

or alternatively:

# openssl x509 -req -in testcafile.req.pem -signkey testcafile.key.pem  -out
testcafile.cert.der

After this, I have the self signed root certificate stored in
testcafile.cert.pem (or also in DER format)

Now, how can I retrieve the server's Public Key from the certificate and
store it in a  EC_KEY data ?

I have tried this:

#include <stdio.h>
#include <string.h>
#include <errno.h >
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/ecdsa.h>
#include <openssl/bio.h>

// Program to open a DER key file that stores EC keys

int main()
{
   FILE *fp;
   BIO *out;
   EC_KEY *pub = NULL;

   /* load OpenSSL stuff */
   OpenSSL_add_all_algorithms();
   ERR_load_crypto_strings();

   fp = fopen("/home/jordi/Work/test /myCA2/testcafile.cert.der", "r");

   if (!fp) {
       printf("Error opening file: %s (%d)\n", strerror(errno), errno);
       exit(-1);
   }

   printf("Opened key file...\nTrying to read the keys...\n");

   pub = d2i_EC_PUBKEY_fp(fp, NULL);
   printf("File offset : %ld\n", ftell(fp));

   if(!pub) {
       printf("Error in d2i_EC_PUBKEY_fp...\n");
       ERR_print_errors_fp(stderr);
       exit(-1);
   }

   // init BIO for stdout
   out = BIO_new(BIO_s_file());
   BIO_set_fp(out, stdout, BIO_NOCLOSE);

   EC_KEY_print(out, pub, 1);

   fclose(fp);

   return 0;

}

But I get the following error:

[EMAIL PROTECTED]:~/Work/test$ ./opencert
Opened key file...
Trying to read the keys...
File offset : 47
Error in d2i_EC_PUBKEY_fp...
9298:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1291:
9298:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=X509_PUBKEY
[EMAIL PROTECTED]:~/Work/test$



Any hints ?

Best regards,

Jordi

Reply via email to