On 9/4/2012 8:26 AM, redpath wrote:
Testing the i2d_ECPrivateKey to buffer and then back d2i_ECPrivateKey
and it fails. I checked the forum and one guy was passing NULL at least I
missed that mistake but thats not my issue.
Since I want to save the random generated key to use for private and
also I will do this for public. The public works though back and forth. So
where em I going wrong?
Maybe you should look at the OpenSSL apps/ec.c and the apps/ecparam.c
as examples. the ecparam.c can generate a key and write it out using either:
i = i2d_ECPrivateKey_bio(out, eckey);
or
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
openssl ecparam -genkey -name prime256v1
int main(int argc, char **args){
long avail;
FILE *fp;
EC_KEY *eckey = EC_KEY_new(); //allocate a EC_KEY for private
signing and public verify
int ret=
EC_KEY_set_group(eckey,EC_GROUP_new_by_curve_name(NID_secp192k1) );
//Select the curve name
if (!ret){
printf("error set group\n");
return 1;
}
if (!EC_KEY_generate_key(eckey)){ //Pick some random private and
public keys
printf("error generate key\n");
return 1;
}
/**
Okay now get that private key bytes
***/
len= i2d_ECPrivateKey(eckey,NULL);
printf("PRIVATE KEY LENGTH is %d \n",len);
buf = OPENSSL_malloc(len); // malloc(len);
memset(buf,0, len);
ret= i2d_ECPrivateKey(eckey,&buf);
if (!ret){
printf("Private key to DER failed now WHAT?\n");
return 1;
}
//dumpy them let see what it is out of curiosity
printf("PRIVATE KEY is success\n");
for (int i=0; i<len; i++)
printf("%X ",buf[i]);
printf("\n\n");
//Now lets see if this is valid and convert it back
//
eckey = d2i_ECPrivateKey(&eckey, (const unsigned char **)&buf, len);
if (eckey==NULL){
printf("going back failed DER to i \n");
return 1;
}
return 0;
}
Basically this is proof of the API and data will be package appropriately.
But I have to see if I can use this private key later and also use the
public key later
which are saved to validate construction can be performed.
redpath wrote:
Currently I am reading a PEM file which contains a test RSA key
/**
*Load RSA Keys
**/
fp= fopen("test.pem", "rb");
if (fp==NULL){
printf("ERROR opening RSA Keys failed test.pem\n");
return 1;
}
rsapriv= (RSA *) PEM_read_RSAPrivateKey(fp,&rsapriv, (pem_password_cb
*)"password",NULL);
and create a SHA1 message digest
unsigned char *result=SHA1((unsigned char *)sample, strlen(sample), md);
and sign it
int rc= RSA_sign(NID_sha1, md, 20, sigret, &siglen, rsapriv);
Now I have explored also the use of the Elliptical Curve from the SHA1
but and there is always a but, the only example I could figure out is
using the key generation function
EC_KEY_generate_key(eckey); <====
I need to use my private and public key from the RSA PEM file?
Not sure how exactly to do this.
The private would be used for the
ECDSA_do_sign(md, 20, eckey);
The public later is used for verify
ECDSA_do_verify(md, 20, sig, eckey);
The RSA structure consists of several BIGNUM components. It can contain
public as well as private RSA keys:
struct
{
BIGNUM *n; // public modulus
BIGNUM *e; // public exponent
BIGNUM *d; // private exponent
BIGNUM *p; // secret prime factor
BIGNUM *q; // secret prime factor
BIGNUM *dmp1; // d mod (p-1)
BIGNUM *dmq1; // d mod (q-1)
BIGNUM *iqmp; // q^-1 mod p
// ...
};
RSA
There are functions for ECDSA such as
int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *)
and
int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *)
EC_POINT_point2bn(group, point, POINT_CONVERSION_UNCOMPRESSED, ppub_a,
ctx);
The POINT is used for the public key of EC_KEY no real document of how
this is used.
So simply I have a PEM which gives me a RSA* and want to use the public
and privates keys
for the ECDSA.
How?
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
