Viktor,
The key format needed by the system is algorithm-specific DER format. It is
received from the user in the same algorithm-specific in PEM format.
The algorithm can be:
1) secp384r1 (i.e. created by "openssl ecparam -out ec_key.pem -name
secp384r1 -genkey")
2) rsa:2048 (i.e. created by "openssl genrsa -out rsa2048_key.pem 2048)
3) rsa:4096 (i.e. created by "openssl genrsa -out rsa4096_key.pem 4096)
I tried to create a program based on the code of the command "openssl pkey
-in key.pem -outform DER -out keyout.der" in file /apps/pkey.c in openssl
project. I suppressed what I thought was not needed:
static int convert_key_pem_to_der(struct cm_module *module, char
*pem_key_file_name, char *der_key_file_name )
{
BIO *in = NULL, *out = NULL;
EVP_PKEY *pkey=NULL;
BIO *bio_err;
int ret = 0;
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
if (!(out = BIO_new_file (der_key_file_name, "wb")))
{
ret = 1;
printf("Can't open output file %s", der_key_file_name);
}
else
{
pkey = load_key(bio_err, pem_key_file_name, FORMAT_PEM, 1, NULL,
NULL, "key");
if (!pkey)
{
printf("Can't load key from file %s", pem_key_file_name);
ret = 1;
}
else
{
i2d_PrivateKey_bio(out, pkey);
}
}
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
return ret;
}
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
key=BIO_new(BIO_s_file());
if (key == NULL)
{
ERR_print_errors(err);
goto end;
}
if (BIO_read_filename(key,file) <= 0)
{
BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
ERR_print_errors(err);
goto end;
}
/* Read from PEM format file*/
pkey=PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
{
BIO_printf(err,"unable to load %s\n", key_descrip);
ERR_print_errors(err);
}
return(pkey);
}
But using this program, the DER file obtained in output is different of the
one I obtain when using the openssl command (it is about half size only).
When I try to convert is back to PEM I get the following errors:
openssl pkey -inform DER -in key.der -outform PEM -out key_after.pem
unable to load key
1073868400:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1319:
1073868400:error:0D06C03A:asn1 encoding
routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831
:
1073868400:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:7
51:Field=version, Type=PKCS8_PRIV_KEY_INFO
1073868400:error:0D0CF0A7:asn1 encoding
routines:d2i_AutoPrivateKey:unsupported public key type:d2i_pr.c:157:
Any help would be appreciated.
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Program-to-convert-private-key-from-pem-to-der-format-tp52282p52286.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
