Duh... I was sure these were the needed parts. Now, I tried to call
CryptExportKey with PRIVATEKEYBLOB flag, and of course it returned error,
because the certificate was imported to store without Mark as Exportable
option. But there has to be way to use certificate and private key somehow with
OpenSSL? I'm really beginner with this certificate thing, maybe I just don't
understand something? :)
>
> Simple, really:
>
> You have not set the "private" part of the private key (d, p, q, dmp1,
> dmq1, iqmp).
>
> You need to export the private key from CryptoAPI too, and convert that
> blob, not the public key blob.
>
> Alternatively, I have heard rumors of a "CryptoAPI engine" plug in for
> OpenSSL which will let OpenSSL directly use the keys and certificates
> stored by Windows.
>
>
> On 10/28/2011 9:48 AM, Andrejs Štrumfs wrote:
> > Hi!
> >
> > I am trying to make a program, that uses some Web Services in Delphi
> XE. To connect to the Web Services, i have to use self signed (hope
> this is correct term) certificate, which is stored in Windows cert
> store. So, i open the cert store with CertOpenSystemStore, get cert
> with CertFindCertificateInStore and set it with
> SSL_CTX_use_certificate. No problem with this. Then i get the public
> key blob with CryptExportKey and make up a private key like this:
> >
> > function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength:
> > Integer; const ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY; var
> > modulus: PByte;
> > bh: PBLOBHEADER;
> > rp: PRSAPUBKEY;
> > rsa_modlen: DWORD;
> > rsa_modulus: PAnsiChar;
> > rkey: PRSA;
> > begin
> > bh := PBLOBHEADER(AKeyBlob);
> > Assert(bh^.bType = PUBLICKEYBLOB);
> > rp := PRSAPUBKEY(AKeyBlob + 8);
> > Assert(rp.magic = $31415352);
> > rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
> > rkey := RSA_new_method(ASSLCtx.client_cert_engine);
> > rkey^.References := 1;
> > rkey^.e := BN_new;
> > rkey^.n := BN_new;
> > BN_set_word(rkey^.e, rp^.pubexp);
> > rsa_modlen := (rp^.bitlen div 8) + 1;
> > modulus := AllocMem(rsa_modlen);
> > CopyMemory(modulus, rsa_modulus, rsa_modlen);
> > RevBuffer(modulus, rsa_modlen);
> > BN_bin2bn(modulus, rsa_modlen, rkey^.n);
> > Result := EVP_PKEY_new;
> > EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey)); end;
> >
> > and set it up with SSL_CTX_use_PrivateKey and
> SSL_CTX_check_private_key. Also, no problem so far. But then, when data
> transfer begins, i get access violation in libeay32.dll - Access
> violation at address 09881C5F in module 'libeay32.dll'. Read of address
> 00000000. If i load the key from .pem file, everything is fine.
> >
> > The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something
> too - got the same error, just different address.
> >
> > Below is the RSA structure i get in PrivKeyBlob2RSA:
> >
> > pad 0
> > version 0
> > meth $898030C
> > engine nil
> > n $A62D508
> > e $A62D4D8
> > d nil
> > p nil
> > q nil
> > dmp1 nil
> > dmq1 nil
> > iqmp nil
> > ex_data (nil, -1163005939 {$BAADF00D}) references 1
> > flags 6
> > _method_mod_n nil
> > _method_mod_p nil
> > _method_mod_q nil
> > bignum_data nil {#0}
> > blinding nil
> > mt_blinding nil
> >
> > I checked the n and e bignums, and they are CORRECT, and everything
> > else looks ok. The error happens when calling function ssl_read. I
> > can't see what i am doing wrong, please help :) Thanks
> >
> > Andrejs
> >
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
