Again thank you Steve, Invoking "OpenSSL_add_all_algorithms()" made the certificate processing without any trouble.
Thanks John Paul -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, October 08, 2010 4:09 PM To: openssl-users@openssl.org Subject: Re: FIPS mode - fails to read the RSA key On Fri, Oct 08, 2010, john.mattapi...@wipro.com wrote: > Thank you Steve, > > I had problem in creating certificate and key in FIPS mode. With your > suggestion now I am able to create FIPS supported certificate > > When I create it with a passphrase the key looks as below > > -----BEGIN ENCRYPTED PRIVATE KEY----- > MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIKdsTY4y2xlsCAggA > ..<snip> > toGSfl42MUwLRpuoYfQ/WFNVMKUr78WqrFHd1VV1VCAnaFi95seEJKqE > -----END ENCRYPTED PRIVATE KEY----- > > Now it fails at "PKCS8_decrypt" in "PEM_read_bio_PrivateKey". I > verified that passphase returned by the cb is as same as the one that > I used to create the certificate. Any hint if I miss something in the > key generation > > The command I used to create this key is > > ./openssl req -x509 -days 1460 -newkey rsa:1024 -keyout wv-key.pem > -out wv-cert.pem > > If I create the key with out passphrase then the code hits this > snippet of the code (PEM_read_bio_PrivateKey) and works fine > .. > .. > p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); > if(!p8inf) goto p8err; > ret = EVP_PKCS82PKEY(p8inf); > .. > .. > Have you included OpenSSL_add_all_algorithms() in your code? If so then see the FAQ for details of how to print out error messages. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
