Re: using an embedded private key

Thu, 05 Jul 2007 13:43:39 -0700 

You've been very helpful Jim.

I grabbed "Network Security with OpenSSL" on Safari and have been
reading the relevant sections. If I understand correctly, to read an
external file, decrypt it using an internal private key and write the
decrypted out to internal data, I would do:

void fn(char *infile)
{
   char *pk_data = NULL;
   int keysize = 0;
   unsigned char rsa_in = NULL;
   unsigned char rsa_out = NULL;
   unsigned char pad = RSA_PKCS1_PADDING;
   BIO *in = NULL;
   BIO *out = NULL;
   BIO *pk_bio = NULL;
   EVP_PKEY *pkey = NULL;
   RSA *rsa = NULL;

   pk_data = get_internal_data();

   pk_bio = BIO_new_mem_buf(pk_data, strlen(pk_data));
   pkey = PEM_read_bio_RSAPrivateKey(pk_bio, NULL, 0, NULL);
   rsa = EVP_PKEY_get1_RSA(pkey);

   in = BIO_new_file(infile, "rb")
   out = BIO_new_mem_buf(data, DATA_SIZE);

   keysize = RSA_size(rsa);

   rsa_in = OPEN_malloc(keysize *2);
   rsa_out = OPENSSL_malloc(keysize);

   rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
   rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, padding);
}

I realize, I need some error handling. But, I want to make sure I
understand the interoperability of the core calls and that my process
is correct.

Thanks again!

On 7/4/07, Jim Fox <[EMAIL PROTECTED]> wrote:


>
> Does anyone know of an alternative for populating EVP_PKEY * that
> emulates what load_key() does?
>

load_key() is complicated only because it deals with lots of types of
files and formats.  Presumably you already know the format and
location of your key.  Just use

   pkey = PEM_read_bio_PrivateKey(<your mem bio>, ...

if your's is PEM and use

    pkey = d2i_PrivateKey_bio(<your mem bio>, ...

if its DER.

Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]




--
==============================================================================
                               John T. Cox
                         e-mail [EMAIL PROTECTED]
                   www http://members.iglou.com/vampire
==============================================================================
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to