Jeremy R. wrote: > I'm writing a client application that needs to verify some content > from a server. I've generated an RSA key pair: the private key for the > server and the public key for the client.
Okay. > I also would like the data to be encrypted, so I'm trying to use > EVP_OpenInit on the receiving end to do my decryption. I'm reading a > public key in from DER format in memory (using d2i_PUBKEY), which is > working fine for signature verification. However, the key in memory is > only a public key (by design), and OpenSSL seems to be expecting a > private key to be in the EVP_PKEY I send to EVP_OpenInit. Think about it. For encryption to work, the intended recipient must know something that no attacker can possibly know. That will allow them, and only, to decrypt it. > How can I get OpenSSL to look at the public key in the EVP_PKEY and > use it? From what I know of RSA, there's no reason this public key > can't be used in a role a private key normally would be. I'd rather > not have to create a second key pair, which seems redundant. It's not redundant. The second key pair would provide the intended recipient, the client, with something nobody else could know. It's not possible for encryption to work without that. Using the server's RSA key "in reverse" would produce something that was "encrypted" such that only public information was needed to decrypt it. What wold the point of that be? > I know it's not that hard to extract the key from the client > executable, but I'm more concerned about eavesdropping third parties > who will not have access to the client executable. Can you prove that access to the client executable is the only way to get the server's public key? Is it really easier to do a full analysis on the security of your protocol to ensure that the server's public key is not revealed in any way? Because most existing protocols take no efforts whatsoever to protect public keys. I strongly advise you not to do something different from the way everyone else does it. That's very unlikely to produce a solution that is actually secure. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
