> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Tuesday, 09 August, 2011 16:23
> Thanks a lot for your detailed explanation. GT.M supports ASCII
format
> also. i believe converting base64 is better way instead of ASCII.
There are no standard ASCII formats for RSA keys (or most other crypto
material); if you want a custom format you'll have to be specific; but
apparently you don't. Even base64-DER for RSA has two standard choices,
as already noted; and there are base64-non-DER possibilities, notably
the OpenSSH pubkey format (which OpenSSL doesn't directly support).
Base64 is good for armoring binary data like this in general, which
is precisely why it is standardized for the purpose; but I'm taking
your word it is what GT.M wants, I have no knowledge about that.
> I had changed as per your suggestion and code worked for me.
additionally
> i had tested the Decode also, now everything is fine. can you please
verify
> the decoded pubkey and d2i_RSA_PUBKEY implemented correctly here.
<snip>
> next=buf;
> printf("generating key...\n");
> fp=fopen("public.pem","r");
> key =(RSA *)PEM_read_RSA_PUBKEY(fp,NULL,NULL,NULL);
That printf is (now) misleading; you should check fopen and
PEM_read_ results for null especially on a system like yours
(apparently) that doesn't trap null; and cast isn't needed.
> printf("RSA size for key=%d\n",RSA_size(key));
> //len=i2d_RSAPublicKey(key, &next);
> len=i2d_RSA_PUBKEY(key, &next);
> fclose(fp);
> printf("DER character buffer length=%d",len);
This DER isn't characters, although C uses the type named
'char' and especially 'unsigned char' for arbitrary memory.
(There are other DER structures that are partly characters,
but not always C characters, and almost never C strings.)
> /* Base64 using EVP */
> printf("\nEncoding RSA string...");
> EVP_EncodeInit(&ectx);
> EVP_EncodeUpdate(&ectx, b64buf, &outlen, buf, len);
> total += outlen;
Good so far.
> EVP_EncodeFinal(&ectx, b64buf + outlen, &len);
> total += outlen;
You get the additional output length (in b64buf) to len
but add outlen to total (which is measuring the output).
That doesn't make sense, and it makes this display wrong:
> printf("\nBase64 encoded length string: %d,%d\n",total,len);
However, you don't use total (or len) for anything below,
so its wrongness doesn't cause a noticeable problem.
The correct total is 195 from Update + 25 from Final = 220.
> printf("\nBase64 encoded string: %s\n",b64buf);
> /* Base64 decodification */
> printf("\nDecoding string...");
> EVP_DecodeInit(&ectx);
> EVP_DecodeUpdate(&ectx, bfbuf, &len1, b64buf, strlen(b64buf));
> total1 +=len1;
> EVP_DecodeFinal(&ectx, bfbuf + len1, &len1);
> total1 +=len1;
> printf("\nBase64 decoded length string: %d,%d\n",total1,len1);
> <--------- here len1 is 0, why len1 is zero here is it right?
Because for complete delimited data, which it is here, DecodeUpdate
doesn't need to leave anything buffered for DecodeFinal to finish.
Don't worry about it; just do the Init,Update,Final pattern the same
always and you don't have to vary for differing internal details;
that's why the OpenSSL API (and some others too) uses this pattern.
> printf("\nBase64 decoded string: %s\n",bfbuf);
> <------------------- i understood this will not print
Well, not print anything useful. It could even run off
your buffer and fault, although that's pretty unlikely.
> next1=bfbuf;
> length=total1;
> pub_key=d2i_RSA_PUBKEY(NULL,(const unsigned char**)&next1,
total1);
> printf("RSA size for pub_key=%d\n",RSA_size(pub_key));
In general should check for null although *after the code above*
*this time* it isn't needed; and cast isn't needed.
You do understand that decoding the base64 gives you the same data
(PUBKEY DER) you had before you encoded, and re-parsing that data
with d2i_ gives you the same key value (in a new object) you had
before i2d_ ? As an exercise in learning how to use OpenSSL this
may be useful, but in a real program it would be silly.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
