Re: X52219/X448 export public key coordinates

Thanks for the explanation, that probably makes sense. Thank you Matt From: Kyle Hamilton Date: Monday, 21 November 2022 12:46 To: ORNEST Matej - Contractor Cc: openssl-users Subject: Re: X52219/X448 export public key coordinates The reason has to do with the type of curve representation

Re: X52219/X448 export public key coordinates

wrote: > >> Hi all, >> >> >> >> I need to implement support for X52219/X448 for DH key exchange (and >> Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export >> public key for DH exchange in form of DER encoded chunk in form >> t

Re: X52219/X448 export public key coordinates

-users@openssl.org>> wrote: Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC

Re: X52219/X448 export public key coordinates

X25519? On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users < openssl-users@openssl.org> wrote: > Hi all, > > > > I need to implement support for X52219/X448 for DH key exchange (and > Ed52219/Ed448 for DSA) elliptic curves in our project. I need to ex

X52219/X448 export public key coordinates

Hi all, I need to implement support for X52219/X448 for DH key exchange (and Ed52219/Ed448 for DSA) elliptic curves in our project. I need to export public key for DH exchange in form of DER encoded chunk in form tag+X-coordinate+Y-coordinate. Thus I need to get EC_POINT from EVP_PKEY and

Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

very much, > > Diego Gonzalez > - > - >   > > -Original Message- > From: Tomas Mraz > Sent: Friday, September 30, 2022 1:22 AM > To: GonzalezVillalobos, Diego ; > openssl-users@openssl.org > Subject: Re: Updating RSA public key generation and signature >

RE: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

Subject: Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0 Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Hi, unfortunately I do not see anything wrong with the code. Does

RE: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

> From: openssl-users On Behalf Of Tomas > Mraz > Sent: Friday, 30 September, 2022 00:22 > > unfortunately I do not see anything wrong with the code. Does the > EVP_DigestVerifyFinal return 0 or negative value? I do not think this > is a bug in OpenSSL as this API is thoroughly tested and it is h

Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

ret == 0) { >     cout << "EC Verify digest fails" << endl; >     break; >         } else if (ret < 0) { >     printf("Failed Final Verify > %s\n",ERR_error_string(ERR_get_error(),NULL)); &

RE: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

that, it is the same. Could it be a bug? Thank you, Diego Gonzalez --   -Original Message- From: Tomas Mraz Sent: Thursday, September 29, 2022 1:12 AM To: Gon

Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

Hi, comments below. On Wed, 2022-09-28 at 22:12 +, GonzalezVillalobos, Diego wrote: > [AMD Official Use Only - General] > > Hello Tomas, > > I generated the key as you suggested, and I am no longer getting an > error message! Thank you for that. Here is how I'm generating the key > now: >

RE: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

break; } found_match = true; cout << "SEV EC verification Succesful" << endl; Could it be because I'm creating a ECDSA SIG object and then turning it into a der format to verify? Again, suggestions would

Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

Please look at the answer in this question in GitHub: https://github.com/openssl/openssl/issues/19219#issuecomment-1247782572 Matt Caswell's answer to very similar question is presented there. I'm copying the answer here for convenience: You are attempting to create an EC public key

RE: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

EC public key from raw data: Generation: // Store the x and y components as separate BIGNUM objects. The values in the // SEV certificate are little-endian, must reverse bytes before storing in BIGNUM if ((cert->pub_key_algo == SEV_SIG_ALGO_ECDSA_SHA

Re: Updating RSA public key generation and signature verification from 1.1.1 to 3.0

deprecated > 1.1.1 functions to the appropriate 3.0 versions. The function takes > in 2 certificate objects (parent and cert), which are not x509 > certificates, but certificates the company had previously defined. > Using the contents from parent we create an RSA public key and using >

Updating RSA public key generation and signature verification from 1.1.1 to 3.0

cert), which are not x509 certificates, but certificates the company had previously defined. Using the contents from parent we create an RSA public key and using the contents from cert we create the digest and grab the signature to verify. In the 1.1.1 version we were using the RSA Object and the

Re: “EC PUBLIC KEY”

On 17/11/2021 21:49, Michael Wojcik wrote: Further on this, I'd like to know where the OP got a file with a "BEGIN EC PUBLIC KEY" header. Various discussions elsewhere (including one from this list in 2017) cast doubt on the existence of any such beast. AFAIK no such fo

自动回复: Re: “EC PUBLIC KEY”

您好，您的邮件我已收到，我会尽快阅读，谢谢！

自动回复: Re: “EC PUBLIC KEY”

您好，您的邮件我已收到，我会尽快阅读，谢谢！

Re: “EC PUBLIC KEY”

On Wed, Nov 17, 2021 at 11:11:58AM -0500, Felipe Gasper wrote: > Does OpenSSL intend to handle EC public keys that in PEM begin “BEGIN EC > PUBLIC KEY”? I doubt it, but there is: $ openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 | openssl ec read

Re: “EC PUBLIC KEY”

On Wed, Nov 17, 2021 at 10:37:01PM -0500, Felipe Gasper wrote: > It came from my own (very incomplete) crypto implementation. > (https://github.com/FGasper/p5-Crypt-Perl) It looks like I just had > the wrong idea about EC public keys back-when. > > Funny thing is that the “EC PUB

Re: “EC PUBLIC KEY”

> On Nov 17, 2021, at 16:49, Michael Wojcik > wrote: > >> From: Michael Wojcik >> Sent: Wednesday, 17 November, 2021 14:22 >> To: openssl-users@openssl.org >> Subject: RE: “EC PUBLIC KEY” >> >>> From: openssl-users On Behalf Of >> Billy

RE: “EC PUBLIC KEY”

> From: Michael Wojcik > Sent: Wednesday, 17 November, 2021 14:22 > To: openssl-users@openssl.org > Subject: RE: “EC PUBLIC KEY” > > > From: openssl-users On Behalf Of > Billy > > Brumley > > Sent: Wednesday, 17 November, 2021 12:40 > > To: openssl-use

RE: “EC PUBLIC KEY”

> From: openssl-users On Behalf Of Billy > Brumley > Sent: Wednesday, 17 November, 2021 12:40 > To: openssl-users@openssl.org > Subject: Re: “EC PUBLIC KEY” > > That's an ed25519 key. Not an ECC key. They are different formats, at > both the OID and asn1 structure

Re: “EC PUBLIC KEY”

> # Generate a new Ed25519 key pair: > $ openssl genpkey -algorithm ed25519 -out ed25519-key.pem > > # Extract its public key: > $ openssl pkey -in ed25519-key.pem -pubout ed25519-key-public.pem > > # Confirm the public key: > $ openssl pkey -pubin -in ed25519-key-public.p

RE: “EC PUBLIC KEY”

> From: openssl-users On Behalf Of > Felipe Gasper > Sent: Wednesday, 17 November, 2021 09:12 > To: openssl-users@openssl.org > Subject: “EC PUBLIC KEY” > > Does OpenSSL intend to handle EC public keys that in PEM begin > “BEGIN EC PUBLIC KEY”? > > I c

“EC PUBLIC KEY”

Hello, Does OpenSSL intend to handle EC public keys that in PEM begin “BEGIN EC PUBLIC KEY”? I can’t find a way to output this format and am not sure if it’s actually defined anywhere, but it seems like a logical analogue to the default/legacy RSA public key format

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

On Thu, 2021-10-14 at 17:36 -0400, Ken Goldman wrote: > On 10/14/2021 6:39 AM, Matt Caswell wrote: > > > > "priv" (OSSL_PKEY_PARAM_PRIV_KEY) > > > > The private key value. > > > > Since its an integer using EVP_PKEY_get_bn_param() would be > > appropriate here, but not EVP_PKEY_get_octet_string

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

On 10/14/2021 6:39 AM, Matt Caswell wrote: "priv" (OSSL_PKEY_PARAM_PRIV_KEY) The private key value. Since its an integer using EVP_PKEY_get_bn_param() would be appropriate here, but not EVP_PKEY_get_octet_string_param(). Basically you need to know the type of the parameter you are attemptin

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

On 13/10/2021 21:12, Ken Goldman wrote: I tried     irc = EVP_PKEY_get_octet_string_param(eccKey, OSSL_PKEY_PARAM_PRIV_KEY,   *priv, 256, (size_t *)privLen); which failed. In your original email you were attempting to access OSSL_PKEY_PARAM_PUB_KEY as a B

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

essed ECC public key? Refer to this man page: https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html For an EC key, the public key parameter is: "pub" (OSSL_PKEY_PARAM_PUB_KEY) The public key value in EC point format. You will note that this is an octet string and not an integ

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

,    *modulusBin, *modulusBytes, NULL); In 3.0.0, I tried this, expecting to get a BIGNUM and then convert     irc = EVP_PKEY_get_bn_param(eccKey, OSSL_PKEY_PARAM_PUB_KEY, (BIGNUM **)pub); It returns 0. What's the correct way to get the uncompressed ECC public key? Refer to this man

openssl 3.0.0 get ECC public key modulus from EVP_PKEY

, *modulusBin, *modulusBytes, NULL); In 3.0.0, I tried this, expecting to get a BIGNUM and then convert irc = EVP_PKEY_get_bn_param(eccKey, OSSL_PKEY_PARAM_PUB_KEY, (BIGNUM **)pub); It returns 0. What's the correct way to get the uncompressed ECC public key?

Re: Consultation:Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

standardization proposal for TLS handshaking that includes the above protocols at this stage. What we would like to hear: 1. what exactly is the structure that stores ephemeral keys in ECDHE/DHE? 2. What is the function that calculates the ephemeral public key of ECDHE/DHE and stores the value in the above

Re: Consultation:Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

On 29/08/2021 20:41, Nobuo Aoki wrote: I am trying to identify the implementation where “ephemeral public key” and “ephemeral private key” can be added, I am unclear from your question whether you are asking how to add a new public/private key scheme for integration into TLS. Or whether

Re: Consultation:Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

apan) > > Right now, I am doing research on secure communication protocols. > Specifically, we are trying to enable “ephemeral public key” and  > “ephemeral private key” for SSL/TLS. > > I have been using quictls/openssl as an implementation of SSL/TLS. > It is publicly available on G

RE: Consultation：Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

> From: openssl-users On Behalf Of > Sent: Sunday, 29 August, 2021 07:04 > Specifically, we are trying to enable “ephemeral public key” and  > “ephemeral private key" for SSL/TLS. I'm afraid it is not clear to me, at least, what you are trying to do. Are you att

Re: Consultation:Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

Dear OpenSSL users (reshaped) My name is Nobuo Aoki, and I am a master's student. (Hiroshima City University, Japan) Right now, I am doing research on secure communication protocols. Specifically, we are trying to enable “ephemeral public key” and “ephemeral private key” for SSL/TLS. I

Consultation：Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens

Dear OpenSSL users My name is Nobuo Aoki, and I am a master's student. （Hiroshima City University, Japan） Right now, I am doing research on secure communication protocols. Specifically, we are trying to enable “ephemeral public key” and “ephemeral private key" for SSL/TLS. I have

Re: Set X509 public key in 1.0.2

On 8/20/2021 7:19 PM, Thomas Dwyer III wrote: 1.0.2 has X509_PUBKEY_get() (without the zero) which I believe increases the reference count on the EVP_PKEY. Perfect! It was not in the 1.0.2 man page, but it seems to be portable across 1.0.1, 1.1.1, 3.0.0.

Re: Set X509 public key in 1.0.2

1.0.2 has X509_PUBKEY_get() (without the zero) which I believe increases the reference count on the EVP_PKEY. Tom.III On Fri, Aug 20, 2021 at 3:31 PM Ken Goldman wrote: > I have an X509_PUBKEY structure holding the algorithm and public key. > I want to set it in the X509 structure.

Set X509 public key in 1.0.2

I have an X509_PUBKEY structure holding the algorithm and public key. I want to set it in the X509 structure. In 1.1.1 and up, I can use evpPubkey = X509_PUBKEY_get0(addToCert->key);/* X509_PUBKEY */ X509_set_pubkey(x509Certificate, evpPubkey); However, 1.0.2 does

Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2

Dear Dmitry, I just submitted a new issue, #16256. Thank you, Nestor Melo From: Dmitry Belyavsky Sent: Friday, August 6, 2021 12:21 PM To: Nestor Melo Cc: openssl-users@openssl.org Subject: Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2 Dear

Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2

m2-software/tpm2-tss-engine > > While attempting to extract the public key from a TSS2 private key using > OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format > not supported": > > openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout >

Public key from TSS2 private key with OpenSSL 3.0.0-beta2

Greetings, We use a TPM2 device to generate private keys with tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine While attempting to extract the public key from a TSS2 private key using OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format not supp

RE: Edwards and public key validation

against some test vectors Regard Johns >>-Original Message- >>From: Billy Brumley >>Sent: 23 February 2021 13:42 >>To: john.hug...@secid.co.uk >>Cc: openssl-users@openssl.org >>Subject: Re: Edwards and public key validation >> >>Hey John, &g

Re: Edwards and public key validation

n 800-186 I don’t actually need any more > functionality - as the BN functions will (I think) do what I need. Having, > said that I can't get the "public key on the curve" test working as yet given > the RFC 8032 test vectors. Hopefully, I will sort it out soon! > >

RE: Edwards and public key validation

nctions will (I think) do what I need. Having, said that I can't get the "public key on the curve" test working as yet given the RFC 8032 test vectors. Hopefully, I will sort it out soon! Regards John >>-Original Message- >>From: Billy Brumley >

Re: Edwards and public key validation

Hey John, > I want to implement a function that validates a public key produced by either > ed25519 or ed448 – according to the tests in NIST SP 800-186 appendix D.1.3 > > > > There doesn’t appear to be any helper functions to assist in this – at least > for Edwards c

Edwards and public key validation

I want to implement a function that validates a public key produced by either ed25519 or ed448 - according to the tests in NIST SP 800-186 appendix D.1.3 There doesn't appear to be any helper functions to assist in this - at least for Edwards curves. I have implemented somethin

encoding/decoding ECX private key with optional public key

Hello, Is there any option either in 1.1.1 or 3.0.0 to encode ECX(x25519, x448, ed25519, ed448) private keys along with optional/implicit public key as specified in https://tools.ietf.org/html/rfc8410#page-7 Is there any plan to provide this support in future? I ask this as I have come across

Re: Failing unit tests after adding public key check to pkey_ec_derive()

KEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters,

Failing unit tests after adding public key check to pkey_ec_derive()

some validation on the public key provided via the EVP_PKEY_derive() call. To that end, I backported this patch which purports to implement the required validation in EC_KEY_check_key(): commit 5173cdde7d758824e6a07f2a6c6808b254602e11 Author: Shane Lontis Date: Sat Mar 23 13:12:08 2019 +1000

Re: Extracting the public modulus from an RSA public key?

de from OpenSSL 1.0.2 to OpenSSL 3.0.0. A > portion of this code reads X509 certificates, extracts the public key, and > passes it to firmware that I cannot modify. Unfortunately, this legacy > firmware API was very poorly designed such that the public key is passed in > a way similar to:

Re: Extracting the public modulus from an RSA public key?

rting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A > portion of this code reads X509 certificates, extracts the public key, and > passes it to firmware that I cannot modify. Unfortunately, this legacy > firmware API was very poorly designed such that the public key is passed

Extracting the public modulus from an RSA public key?

I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed

Re: JSON Web Key (JWK) for public key requires x and y coordinates.

ules supporting JOSE for NodeJS/Ruby/Erlang/Elixir/Python also have methods to parse a public key PEM file and transform into an RFC7518 key. So depending on what language you are using to develop your application you should be able to call something like `JOSE::JWK::from_pem_file('pubkey.pem

JSON Web Key (JWK) for public key requires x and y coordinates.

requires for public key representation key-value pairs for keys 'crv', 'x', and 'y'.The 'crv' value is easy. It's the line NIST CURVE: P-256 from the -text for named curve format, not shown above.The 'x' and the 'y' are not shown. M

Re: CSR with only public key

You are right. Cannot create a certificate with CSR containing only public key. Thanks for the explanation. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

Re: CSR with only public key

Hey, Try calculating the private Key from the public key ;-) but this can last a little time you don't have; Walter On Thu, September 12, 2019 09:50, Bharathi Prasad wrote: > Hi, > I have the public key of the client but not the private key. > ... > > Regards, > Bharathi

Re: CSR with only public key

Hi, Thanks for the prompt replies. I agree signature from private key should be present in a CSR. However, as per RFC 2511, Proof Of Possession is optional though it strongly recommends to have it. I was able to create the CSR with only public key. I was unintentionally adding an extra line at

Re: CSR with only public key

On Thu, Sep 12, 2019 at 12:50:23AM -0700, Bharathi Prasad wrote: > I have the public key of the client but not the private key. I am required > to generate a CSR with only public key. I understand private key is required > for Proof of Possession. However, as per my requirement I am su

Re: CSR with only public key

>I used CX509CertificateRequestCertificate class to create CSR with only public key. Those functions/classes/names/whatever are not part of OpenSSL. The OpenSSL "req" command cannot process as CSR unless it is signed by the private key. If you have a requirement

Re: CSR with only public key

it's not a complete request, and doesn't match the expected ASN.1 structure. -Kyle H On Thu, Sep 12, 2019, 02:47 Bharathi Prasad wrote: > Hi, > I have the public key of the client but not the private key. I am required > to generate a CSR with only public key. I understand p

R: CSR with only public key

:46 A: Francesco Petruzzi Cc: openssl-users@openssl.org Oggetto: Re: CSR with only public key Dare any CA proceed to sign a CSR without verifying the signature… Maybe there are scenarios we are not aware about... On Sep 12, 2019, at 4:41 PM, Francesco Petruzzi mailto:francesco.petru

Re: CSR with only public key

: Openssl Users > Oggetto: Re: CSR with only public key > > How could you create the CSR with only public key? > > > On Sep 12, 2019, at 3:50 PM, Bharathi Prasad <mailto:barati.j.pra...@gmail.com>> wrote: > > Hi, > I have the public key of the client but no

R: CSR with only public key

: Openssl Users Oggetto: Re: CSR with only public key How could you create the CSR with only public key? On Sep 12, 2019, at 3:50 PM, Bharathi Prasad mailto:barati.j.pra...@gmail.com>> wrote: Hi, I have the public key of the client but not the private key. I am required to generate a CSR wit

Re: CSR with only public key

I used CX509CertificateRequestCertificate class to create CSR with only public key. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

Re: CSR with only public key

How could you create the CSR with only public key? > On Sep 12, 2019, at 3:50 PM, Bharathi Prasad > wrote: > > Hi, > I have the public key of the client but not the private key. I am required > to generate a CSR with only public key. I understand private key is requi

CSR with only public key

Hi, I have the public key of the client but not the private key. I am required to generate a CSR with only public key. I understand private key is required for Proof of Possession. However, as per my requirement I am supposed to create CSR only with public key and my CA would create a certificate

Re: Convert eddsa public key fro PEM to DER

On 8/14/19 8:42 AM, Matt Caswell wrote: On 14/08/2019 13:21, Robert Moskowitz wrote: On 8/14/19 6:22 AM, Matt Caswell wrote: On 14/08/2019 11:06, Robert Moskowitz wrote: I googled how to convert a PEM public key to DER and only found examples for RSA keys.  Mine are ed25519.  I thought

Re: Convert eddsa public key fro PEM to DER

On 14/08/2019 13:21, Robert Moskowitz wrote: > > > On 8/14/19 6:22 AM, Matt Caswell wrote: >> >> On 14/08/2019 11:06, Robert Moskowitz wrote: >>> I googled how to convert a PEM public key to DER and only found examples >>> for RSA >>> keys.  M

Re: Convert eddsa public key fro PEM to DER

On 8/14/19 6:22 AM, Matt Caswell wrote: On 14/08/2019 11:06, Robert Moskowitz wrote: I googled how to convert a PEM public key to DER and only found examples for RSA keys.  Mine are ed25519.  I thought it would be a simple algorithm substitution: $ openssl ed25519 -pubin -inform PEM -in

Re: Convert eddsa public key fro PEM to DER

On 14/08/2019 11:06, Robert Moskowitz wrote: > I googled how to convert a PEM public key to DER and only found examples for > RSA > keys.  Mine are ed25519.  I thought it would be a simple algorithm > substitution: > > $ openssl ed25519 -pubin -inform PE

Convert eddsa public key fro PEM to DER

I googled how to convert a PEM public key to DER and only found examples for RSA keys.  Mine are ed25519.  I thought it would be a simple algorithm substitution: $ openssl ed25519 -pubin -inform PEM -in $dir/private/intermediate.key.pem\ >  -outform DER -out $dir/private/intermediate.key.

Public-key based authentication of clients

ives the public key-file to the server, and the private key-file to the client. Then, when the client program connects to the server, it has to prove to the server (via cryptographic math) that it has the private-key file in its possession, and the server uses the public-key to verify that proof,

Re: [openssl-users] Problems with deriving EC public key from private

On Dec 17, 2018, at 11:42 PM, Billy Brumley wrote: > > But 0.4% is suspiciously close to 1/256, so I'm willing to bet your > problem surrounds your size assumptions in various functions. Check > the manpage of e.g. EC_POINT_point2oct and grep for usage in the > library, but the idea is to pass NU

Re: [openssl-users] Problems with deriving EC public key from private

On Tue, Dec 18, 2018 at 12:07 AM Mike Blaguszewski wrote: > > Some code of mine reads a NIST P256 private key from bytes and derives the > public key from it, and this derived public key is incorrect about 0.4% of > the time. I’ve attached a sample program that does the foll

[openssl-users] Problems with deriving EC public key from private

Some code of mine reads a NIST P256 private key from bytes and derives the public key from it, and this derived public key is incorrect about 0.4% of the time. I’ve attached a sample program that does the following. 1. Generate a key-pair of type NID_X9_62_prime256v1 2. Write the public and

Re: [openssl-users] RSA Public Key error

Bonjour, Without knowing what functions you’re calling when you try to encrypt data using the key Key3_wo16, I can only guess. And I’m guessing that you’re calling a function that expects to find a public key encoded in a SubjectPublicKeyInfo structure, and since this Key3_wo16 object is not

Re: [openssl-users] RSA Public Key error

Bonjour, Assuming the first 24 bytes you’re talking about are the very beginning of the SPKI structure (that is, the enclosing SEQUENCE, and the AlgorithmIdentifier), that means you’ve replaced up to the first byte of the BITSTRING containing the public key (this byte indicates the number of

[openssl-users] RSA Public Key error

Hi, I have a RSA public key(PKCS 1v1.5) that I have obtained from somewhere. That key has been obtained after removing the first 24 bytes from the originally generated RSA public key. Those 24 bytes are being replaced by some custom 16 byte information which is being used as some sort of

Re: [openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

> On Jul 25, 2018, at 4:50 PM, Ken Goldman wrote: > > For background, this is the TPM 1.2 endorsement key certificate. I.e., this > is a real application with millions of certificates issued. The key is an > RSA-2048 key. > > The TCG (for a while) specified > >

Re: [openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

he TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. The TCG (for a while) specified Public Key Algorithm: rsaesOaep rather than the commonly used Public Key Algorithm: rsaEncryption because

Re: [openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

> On Jul 25, 2018, at 3:00 PM, Ken Goldman wrote: > > > If you're suggesting that altering the above code to do the level check > before the call to get pkey, I think that would fix my problem. Yes, that's what I'm saying, but also asking the broader list for feedback on such a change. Sho

Re: [openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

On 7/25/2018 10:47 AM, Viktor Dukhovni wrote: On Jul 25, 2018, at 10:05 AM, Ken Goldman wrote: I have a certificate with a non-standard public key algorithm -rsaesOaep. See snippet #2. With openssl 1.0, I can validate the certificate chain. With openssl 1.1 it fails with the error

Re: [openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

> On Jul 25, 2018, at 10:05 AM, Ken Goldman wrote: > > I have a certificate with a non-standard public key algorithm -rsaesOaep. > See snippet #2. > > With openssl 1.0, I can validate the certificate chain. With openssl 1.1 it > fails with the error X509_V_ERR_E

[openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

Seeking advice. I have a certificate with a non-standard public key algorithm -rsaesOaep. See snippet #2. With openssl 1.0, I can validate the certificate chain. With openssl 1.1 it fails with the error X509_V_ERR_EE_KEY_TOO_SMALL. See dump #1. I believe that this is due to new 1.1

Re: [openssl-users] how to import external rsa public key in openssl.

sznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB" $ echo; echo "$b64" | openssl base64 -A -d | openssl pkey -inform

Re: [openssl-users] how to import external rsa public key in openssl.

On 08/06/18 11:29, Sangsub wrote: > char buf[2] = {0,}; > memcpy(buf, pStr, sizeof(buf)); > > out[i] = (unsigned char)strtol(buf, NULL, 16); This looks wrong. "buf" is not NUL terminated so strtol could give an incorrect result.

Re: [openssl-users] how to import external rsa public key in openssl.

Thanks Matt for your reply. The purpose I am doing this is to find the modulus and exponent in the RSA public key. My sample code and the current results are shown below. = void fnStr2Hex(char* out, char* in) { int data_len = strlen

Re: [openssl-users] how to import external rsa public key in openssl.

On 08/06/18 08:02, Sangsub wrote: > > I would like to perform operations such as RSA signature verification > through an RSA public key file received from an external server. > Key values are given in der format or pem format as follo

[openssl-users] how to import external rsa public key in openssl.

I would like to perform operations such as RSA signature verification through an RSA public key file received from an external server. Key values are given in der format or pem format as follows. der

Re: [openssl-users] Get raw RSA public key from X509 certificate

On 27/04/18 15:01, Ken Goldman wrote: > That was it!  What threw me off is that the documentation says: > > TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); > > but RSAPublicKey isn't a type.  So the pattern of TYPE being a structure > name didn't hold. Ahh. Interesting. In mo

Re: [openssl-users] Get raw RSA public key from X509 certificate

On 04/27/18 04:50, Matt Caswell wrote: On 26/04/18 23:48, Ken Goldman wrote: On 04/26/18 16:37, Matt Caswell wrote: On 26/04/18 21:17, Ken Goldman wrote: I have to get the raw public modulus, but I cannot X509_get_pubkey() because of a non-standard object identifier. I can use X509_get_X5

Re: [openssl-users] Get raw RSA public key from X509 certificate

On 26/04/18 23:48, Ken Goldman wrote: > On 04/26/18 16:37, Matt Caswell wrote: >> >> >> On 26/04/18 21:17, Ken Goldman wrote: >>> I have to get the raw public modulus, but I cannot X509_get_pubkey() >>> because of a non-standard object identifier. >>> >>> I can use X509_get_X509_PUBKEY() to get p

Re: [openssl-users] Get raw RSA public key from X509 certificate

On 04/26/18 16:37, Matt Caswell wrote: On 26/04/18 21:17, Ken Goldman wrote: I have to get the raw public modulus, but I cannot X509_get_pubkey() because of a non-standard object identifier. I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER wrapped key in the public_key.d

Re: [openssl-users] Get raw RSA public key from X509 certificate

On 26/04/18 21:17, Ken Goldman wrote: > I have to get the raw public modulus, but I cannot X509_get_pubkey() > because of a non-standard object identifier. > > I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER > wrapped key in the public_key.data element, but I don't know an

[openssl-users] Get raw RSA public key from X509 certificate

I have to get the raw public modulus, but I cannot X509_get_pubkey() because of a non-standard object identifier. I can use X509_get_X509_PUBKEY() to get part way there. I see the DER wrapped key in the public_key.data element, but I don't know an API to get to that element. Am I on the rig

Re: [openssl-users] Generating unsigned RSA Public Key with openssl

The API cannot do it. The encoding requires that numbers with the high-bit on have a leading zero to avoid being interpreted as negative numbers as you noticed. You could maybe generate our own RSA numbers with the high-bit off – i.e., make your own RSA_new kind of API. The BN code can have f

  1   2   3   4   5   6   7   8   >