Re: Check the private key

Fri, 20 Aug 2010 08:13:43 -0700 

 Hi Ingo,
You are mistaken : this keys is not an encoded RSAPrivateKey as defined by PKCS#1 but it's an encoded PrivateKeyInfo as defined in PKCS#8. Here is the ASN.1 definitions : 

PrivateKeyInfo ::= SEQUENCE {
  version Version,
  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
  privateKey PrivateKey,
  attributes [0] Attributes OPTIONAL }

Version ::= INTEGER {v1(0)} (v1,...)
PrivateKey ::= OCTET STRING


As you can see from the ASN.1 dump, it starts with the version, followed 
by the algorithm identifier and then the RSAPrivateKey encoding inside 
an OctetString.



Concerning Vladimir's question, the answer is simple : your key is OK 
and it was verified successfully by OpenSSL. The error message you are 
getting is due to the fact that in the source code of the rsa utility 
there is a line that dumps the errors on OpenSSL stack and in this case 
there is an error that is harmless and that is caused by the way OpenSSL 
tries to decode the PEM content.

In the file "apps/rsa.c", at line 335, there is the following  :

        if (r == -1 || ERR_peek_error() != 0) /* should happen only if 
r == -1 */

            {
            ERR_print_errors(bio_err);
            goto end;
            }


A more correct version would be to change "||" in the if test by "&&", 
and thus there will be no misleading error.

I hope this clarifies things.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 8/20/2010 4:25 PM, Ingo Naumann wrote:

Vladimir,

To me, your key looks like a standard 1024 RSA private key, in PKCS#1
format (see below). And, I'm getting the same error when I type

openssl rsa -check<key

with OpenSSL 1.0.0a, also with other, similar keys.

Ingo

---

RFC 3447 (PKCS#1), A.1.2

http://www.rsa.com/rsalabs/node.asp?id=2125

       RSAPrivateKey ::= SEQUENCE {
           version           Version,
           modulus           INTEGER,  -- n
           publicExponent    INTEGER,  -- e
           privateExponent   INTEGER,  -- d
           prime1            INTEGER,  -- p
           prime2            INTEGER,  -- q
           exponent1         INTEGER,  -- d mod (p-1)
           exponent2         INTEGER,  -- d mod (q-1)
           coefficient       INTEGER,  -- (inverse of q) mod p
           otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Your key:

30 : SEQUENCE (Length: 0x277)
  02 : Integer (Length: 0x01)
       00
  30 : SEQUENCE (Length: 0x0D)
   06 : Object Identifier (OID): 1.2.840.113549.1.1.1 rsaEncryption
   05 : NULL
  04 : Octet String (Length: 0x261)
  30 : SEQUENCE (Length: 0x25D)
   02 : Integer (Length: 0x01)
        00
   02 : Integer (Length: 0x81)
        00
        C5 F1 4E FF 1C 97 02 A2 02 A1 C7 A0 8D E6 9F 9D EF D5 56 87
        D7 B2 BF A3 7B 68 73 4E 34 A4 5E FE 41 86 3E 3E 7D 55 6F 9D
        F1 42 D6 FB CC 27 BB 0C D3 C6 C8 0E 40 CA 53 F8 5A 81 E2 90
        18 A8 94 C0 12 72 15 98 0F 1C A2 8F 75 A9 26 E6 A0 8A 7B AB
        [0x0030 bytes skipped.]
   02 : Integer (Length: 0x03)
        01 00 01
   02 : Integer (Length: 0x81)
        00
        90 06 E3 5A 11 2D 78 06 F6 2F 4D 17 EF E8 6D 1F F8 50 9C E3
        BE F9 1B 24 13 39 8F 1C CA 85 07 71 AD AF C6 3E A5 E7 B2 8D
        93 EC F4 8C C6 A1 EA 22 8D 3D C8 77 46 81 71 D3 F5 D7 28 49
        7D 07 BD 23 33 AD 3D A7 76 33 6C 47 D7 A2 5B 62 58 A7 06 5B
        [0x0030 bytes skipped.]
   02 : Integer (Length: 0x41)
        00
        F7 D7 7F 0E C3 04 7D B3 69 AE 54 4F 70 A5 47 E3 D5 1F DC DE
        40 AB 99 6D 93 BD 96 4F 31 92 11 F8 43 54 D5 9C EC 3D DF B6
        AA 9B AA 3D 60 14 A5 A3 C7 78 DD DE E5 A1 7C C4 5C DF 5F 56
        2F EC 41 DB
   02 : Integer (Length: 0x41)
        00
        CC 75 52 E6 9A 0A 1B B7 35 7C D1 D0 51 65 D8 B0 35 BE EA AE
        D3 88 53 7C AF A5 36 C5 41 09 95 CF 66 73 8F 3D 57 87 FB A0
        77 7E B1 D2 95 9D 83 5E 92 5B 95 AB 2A CF 9F FA F7 01 2B 69
        4D C7 52 C3
   02 : Integer (Length: 0x40)
        17 3B 24 D6 BE 62 EA 61 69 D3 84 65 99 DA 74 3D 9F D9 87 BB
        71 76 64 40 48 2B EA 2D EC 28 93 F4 A0 63 10 4E D0 3A 10 81
        2F C6 BD 93 59 31 36 41 7E CE 0E 85 F9 22 44 EE A7 01 ED 0E
        C8 19 2E 27
   02 : Integer (Length: 0x41)
        00
        BC 97 5F DF 8B A8 D5 45 DA 15 87 67 33 1D D1 91 40 12 19 61
        27 87 71 12 EA E5 67 2E ED BD CC AC E1 20 A8 B8 79 5B DA 33
        7A E5 A7 5A CA 5C DF 47 45 93 2A EC 16 F2 2A EC 10 18 C9 15
        3A 04 28 87
   02 : Integer (Length: 0x40)
        20 4C 8C 60 52 94 CA 42 30 DC 1B EF 3D 1E 5F 84 82 40 D1 25
        84 BE 1E 18 35 0F F9 4A 5A 40 16 B0 E2 8F 5B 9B C3 FC C5 E7
        08 0A BC F0 D1 BA 01 4B 47 08 08 60 15 48 80 A2 C1 98 03 56
        FC A4 D9 DC
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to