�ֿ�� schrieb:
>
> >From : Holger Reif <[EMAIL PROTECTED]>
> >>I'm not sure what you want. OpenSSL's private key always has
> >>a public part attached. Some functions dealing with private
> >>keys (e.g. d2i converting) assume that both parts are available.
> >>
> >>What you can do is to split the public part and put it into
> >>another key handle like you have done.
> >>
> >>And yes, you are right, that the code seg faults because the public
> >>key doens't have private parts. I suggest to run the code inside
> >>a debugger, have a look at the members of rsa struct
> >>and compare the values of private and public keys. You will
> >>find e.g. that rsa->d is NULL for pub key.
> >>
> >>OpenSSL schrieb:
> >>>
> >>> I'm a newbie to openssl.
> >>>
> >>> I want to get public key and private key separately in DER form.
> >>> Below is my code to make this with reference to the exam.c in "demo" directory.
> >>>
> >>> ----------------------------------------------------------
> >>>
> >>> #include <stdio.h>
> >>> #include <string.h>
> >>> #include <openssl/rsa.h>
> >>>
> >>> typedef struct {
> >>> unsigned char der_pubkey[BUFSIZ*10];
> >>> int siz_pubkey;
> >>> unsigned char der_privkey[BUFSIZ*10];
> >>> int siz_privkey;
> >>> } DER_RSAKEY;
> >>>
> >>> void gen_rsaderkey(DER_RSAKEY *rk, int keysize)
> >>> {
> >>> RSA *rsa, *pub_rsa, *priv_rsa;
> >>> unsigned char keybuf[BUFSIZ*10], *pbuf;
> >>> int len;
> >>>
> >>> rsa = RSA_generate_key(keysize, RSA_F4, callback, (char *)stdout);
> >>>
> >>> pbuf = keybuf;
> >>> len = i2d_RSAPublicKey(rsa, &pbuf);
> >>> len += i2d_RSAPrivateKey(rsa, &pbuf);
> >>>
> >>> /* get separated rsa key pair */
> >>> pbuf = keybuf;
> >>> pub_rsa = d2i_RSAPublicKey(NULL, &pbuf, (long) len);
> >>> len -= pbuf - keybuf;
> >>> priv_rsa = d2i_RSAPrivateKey(NULL, &pbuf, (long) len);
At this point *priv_rsa* contains_exactly_ tghe same information
as the previous *rsa* struct that you just generated!
Perhaps you see why I will call your approach circumstancial ;-)
Perhaps what you will really do is
rsa = RSA_generate_key(keysize, RSA_F4, callback, (char *)stdout);
pbuf = rk->der_privkey;
rk->siz_privkey = i2d_RSAPrivateKey(rsa, &pbuf);
pbuf = rk->der_pubkey;
rk->siz_pubkey = i2d_RSAPublicKey(rsa, &pbuf);
RSA_free(rsa);
That's really all!
> >>> /* get separated der key pair */
> >>> pbuf = rk->der_privkey;
> >>> rk->siz_privkey = i2d_RSAPublicKey(priv_rsa, &pbuf);
> >>> rk->siz_privkey += i2d_RSAPrivateKey(priv_rsa, &pbuf);
> >>>
> >>> pbuf = rk->der_pubkey;
> >>> rk->siz_pubkey = i2d_RSAPublicKey(pub_rsa, &pbuf);
> >>> rk->siz_pubkey += i2d_RSAPrivateKey(pub_rsa, &pbuf); //******//
> >>>
> >>> RSA_free(rsa);
> >>> RSA_free(pub_rsa);
> >>> RSA_free(priv_rsa);
> >>> }
> >>>
> >>> ----------------------------------------------------
> >>>
> >>> In the part // ******
> >>> I got segmentation fault and I suppose that it is because
> >>> pub_rsa has no private key.
> >>>
> >>> Please help me with getting separated key pair.
> >>>
> >>> TIA,
> >>> Foombar
> >>> ==================================================
> >>> ��� ���� ���� E-mail �ּ� �Ѹ��ϳ�
> >>> http://www.hanmail.net
> >>> ----- End forwarded message -----
> >>> ______________________________________________________________________
>
> when I just do
> rsa = RSA_generate_key(....);
>
> rsa has both public key and private key, right?
right.
> I want to split to DERed pub_rsa and priv_rsa after this like below;
>
> int len1, len2;
> unsigned char buf1[SOMEBIGENOUGHNUMBER], buf2[SOMEBIGENOUGHNUMBER];
> unsigned char *pbuf;
>
> pbuf=buf1;
> len1 = d2i_RSAPublicKey(NULL, rsa, &pbuf);
>
> pbuf=buf2;
> len2=d2i_RSAPrivateKey(NULL, rsa, &pub);
>
> After this, I want to distribute this buf1 with len1 together and keep buf2 and
>len2 from my side
> then someone will send cypher messages like below;
>
> pbuf = buf1;
> pub_rsa = d2i_RSAPublicKey(NULL, &pbuf, (long) len1);
> RSA_public_encrypt(len_plaintext, plaintext, cyphertext, pub_rsa, RSA_PKCS1_PADDING);
> /* Here, assume that plaintext and cyphertext is defined as unsigned char array */
>
> And then, I will decrypt it like below;
>
> pbuf=buf2;
> priv_rsa=d2i_RSAPrivateKey(NULL, &pbuf, (long) len2);
> RSA_private_encrypt(len_cyphertext, cyphertext, plaintext, priv_rsa,
>RSA_PKCS1_PADDING);
>
> Would you catch what I mean?
Yes.
> Is there any problem here my thinking?
No, except that you make it quite difficult. Why do you want to put
the private key first into the buffer and then reload it from the
same buffer? Or is it anything that is needed by your app?
In short: you should just drop the line from your original
code that causes a seg fault.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
