Hi Dave,
Thanks for your detailed explanation.
My application will accept strings and interger.
we are replacing RSA bsafe library to openssl. using RSA bsafe, we have
generated the private and public key in BER format. Then convert the keys,
BER format into ASCII format to send the calling function. (these everything
done by using RSA supplied bsafe library)
same way i have to right using openssl..i m now able convert the RSA public
and private key into DER format
rsa = RSA_generate_key(1024, 3, NULL, NULL);
{
size_t size;
unsigned char *iend, *keybuf;
int i;
size = i2d_RSAPublicKey(rsa, NULL);
printf("size %d\n",size);
keybuf = (unsigned char *) malloc(size * sizeof( unsigned
char));
iend = keybuf;
size = i2d_RSAPublicKey(rsa, &iend);
/* size returns the size of public key in bytes */
printf("\n");
printf("key :");
for(i=0;i<size;++i) {
printf("\n%02X", keybuf[i]);
1. is it possible to convert this DER format into ASCII?
2. I am able to print the keybuf value into stdout in the as mentioned below
size 138
key :
30818702818100BAEF6AB1AD2503FFDC900B612BA2BCED9AF74E337A43B21D1FF69A30651AD7A492C1E199CB40A9DF693
is it possible to convert the key into DER format again?
Thanks in advance,
kris
On Wed, Sep 8, 2010 at 9:36 AM, krishnamurthy santhanam <
krishnamurth...@gmail.com> wrote:
---------- Forwarded message ----------
From: *Dave Thompson* <dthomp...@prinpay.com>
Date: Wed, Sep 8, 2010 at 3:59 AM
Subject: RE: sending RSA public and private keys to calling function
To: openssl-users@openssl.org
> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Tuesday, 07 September, 2010 13:09
> Thanks for your explanation. i have to create RSA Public/Praivate
key
> and send back to my application. My application will read only character
> and string format , it will not accept RSA format.. please guide me how to
do that?
This is confused. What character and string format(s)? If it contains
an RSA key, it has to be some kind of RSA format.
PS- 'sending' a private key is usually a bad idea. If more than
one party has the opportunity to see a given private key, in
storage or in transit, it isn't really private anymore and
any security it was supposed to provide is most likely lost.
There are some specialized cases like KDCs and mirrors
where it is appropriate, but these are pretty rare.
> I had return below program for that but it is not resolving the
purpose...
> rsa = RSA_generate_key(1024, RSA_3, NULL, NULL);
size = i2d_RSAPublicKey (rsa, NULL); //how i can get this
public key
> pub_key = p = (unsigned char *) malloc(size * sizeof(unsigned
char));
> i2d_RSAPublicKey (rsa, &p);
> pub_rsa = d2i_RSAPublicKey(NULL,&pub_key,size);
This isn't necessary. You can just do PEM_write_RSA_PUBKEY(,rsa)
and it writes only the public-key parts of the 'rsa' structure.
> PEM_write_RSA_PUBKEY(stdout,pub_rsa);
> size = i2d_RSAPrivateKey(rsa, NULL);
> priv_key = pp = (unsigned char *) malloc(size * sizeof(unsigned
char));
> i2d_RSAPrivateKey (rsa, &pp);
> priv_rsa = d2i_RSAPrivateKey(NULL,&priv_key,size);
> if( priv_rsa==NULL ) { fprintf(stderr,"priv key error!\n"); return
0; }
> PEM_write_RSAPrivateKey(stdout,priv_rsa,NULL, NULL, 0, NULL, NULL);
Similarly .
Okay, so that writes the PEM (base64) encoded publickey and privatekey.
These are text formats. If your application can read these formats and
you give it this data, it should work. What's the problem? Be specific.
A few minor points on the rest:
> len1 = (strlen(mess)*sizeof(unsigned char)+1);
> encrypted = (unsigned char *) malloc ((size_t) RSA_size(pub_rsa));
#include <stdlib.h> for the correct prototype of malloc() and don't cast.
It's clearer AND more robust.
> len= RSA_public_encrypt(len1, mess, encrypted, pub_rsa,
RSA_PKCS1_PADDING);
Again you can use rsa and only the public-key parts are used.
> printf("encrypted: %s len: %d\n",encrypted, len);
This will not print anything useful for 'encrypted'. In some cases
it will screw up your terminal (emulator) so no printing works at all.
> if(!(decrypt_mess = (unsigned char *) malloc ((size_t)
RSA_size(priv_rsa))))
> fprintf(stderr,"can't allocate memory for encrypted text!\n");
> printf("decrypting!\n");
> len= RSA_private_decrypt(RSA_size(priv_rsa), encrypted,
decrypt_mess, priv_rsa, RSA_PKCS1_PADDING);
Ditto and ditto.
> printf("decrypted: %s len:%d\n",decrypt_mess,len);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
