> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Thursday, 09 September, 2010 08:02
> My application will accept strings and interger.
> we are replacing RSA bsafe library to openssl. using RSA bsafe,
> we have generated the private and public key in BER format. Then
> convert the keys, BER format into ASCII format to send the calling
> function. (these everything done by using RSA supplied bsafe library)
> same way i have to right using openssl..i m now able convert
> the RSA public and private key into DER format
Posted code only does public, which is probably good see below.
> rsa = RSA_generate_key(1024, 3, NULL, NULL);
<snip: get size, alloc keybuf, iend=keybuf>
> size = i2d_RSAPublicKey(rsa, &iend);
> /* size returns the size of public key in bytes */
> printf("\n");
> printf("key :");
> for(i=0;i<size;++i) {
> printf("\n%02X", keybuf[i]);
This can't be the code that produced your data below. It would
put every hex byte (two chars) on a separate line. (Except the
last, which if left unterminated won't work on some platforms.)
> 1. is it possible to convert this DER format into ASCII?
ASCII isn't a format; ASCII is a character code that can be used
for many formats. Code like you show converts (binary) DER to
hex of DER in ASCII, or some people say DER as hex in ASCII.
(And the DER is of PKCS#1 RSAPublicKey, that's implicit here.)
Is that (or will it be) the format 'my application' wants?
<pedantic> Actually hex of DER in your C implementation's
charcode, very commonly ASCII or a superset but C doesn't
require that; there are still EBCDIC machines -- and OpenSSL
is supposed to work on them, though I can't test </>
> 2. I am able to print the keybuf value into stdout ...
> size 138
> key :
30818702818100BAEF6AB1AD2503FFDC900B612BA2BCED9AF74E337A43B21D1FF69A30651AD7
A492C1E199CB40A9DF693
This is obviously incomplete (nowhere near 138*2 hex chars)
(which is right for 1024 d=3) so I assume it got truncated.
> is it possible to convert the key into DER format again?
If you get (complete) hex-of-DER into another C program,
you can just convert from hex back to (binary) DER. E.g.:
char hexstr [whatever]; /* contains chars 3 0 8 1 8 7 etc */
unsigned int hexlen = validlength; /* determined somehow */
unsigned char der [whatever]; /* or *der = malloc(hexlen/2) */
unsigned int i, t;
for( i = 0; i < hexlen/2; i++ ){
if( sscanf (&hexstr[i*2], "%02X", &t) != 1 ) error;
der[i] = t;
}
/* or if you prefer, perhaps slightly more efficient */
unsigned int i; char t [3];
for( i = 0; i < hexlen/2; i++ ){
memcpy (t, &hexstr[i*2], 2); t[2] = '\0';
der[i] = strtol (t, NULL, 16);
}
If you want/need to have line breaks in your format,
add and remove or skip them as appropriate.
Note DER is not directly usable in OpenSSL; it's just a
standard and convenient transfer/storage format. If/once
you have DER of an RSA public key, use d2i_RSAPublicKey().
Similarly for private key if you actually want to send it,
although as I said before that's usually a bad design.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
