Bare with me on this .
Self-signed public Key Certificate (give out your public key) ====================== To give out my public key, I need to be put it into a certificate with my name, and signed by my own private key etc.. This process is call generating a self-signed public key certificate. OpenSSL can do this in a single command "openssl req -new -x509" as shown in the following command window session: test.pem contains both public and private RSA keys, so here is the process So create an RSA key pair called test.pem openssl genrsa -out test.pem 2048 Extract the public key only openssl rsa -in test.pem -pubout -out testpublic.pem Then create a certificate openssl req -new -key testpublic.pem -inform pem -x509 -days 3650 -out testpublic.cert openssl x509 -in testpublic.cert -noout -text I can then use the function to open this X509 Certficate. fp = fopen("testpublic.cert","rb"); X509 *cert=PEM_read_X509(fp,NULL,NULL,NULL); So now I have test.pem (RSA keys) testpublic.pem (public key) and testpublic.cert (x509 cert with piublic key). Below is code that uses the PEMs directly. FILE *fp = fopen("test.pem","rb"); RSA *rsapriv=NULL; rsapriv= PEM_read_RSAPrivateKey(fp,&rsapriv,NULL,NULL); fclose(fp); fp = fopen("testpublic.pem","rb"); RSA *rsapub=NULL; rsapub= PEM_read_RSA_PUBKEY(fp,&rsapub,NULL,NULL); fclose(fp); unsigned char *name= (unsigned char *)"richard redpath"; unsigned char to[1024]; int blocksize= RSA_size(rsapub)-41; printf("curious Blocksize is %d\n",blocksize); int rc= RSA_public_encrypt(strlen((char *)name)+1,name,to,rsapub,RSA_PKCS1_OAEP_PADDING); if (rc!=(-1)) printf("Encrypt %d bytes returned\n",rc); unsigned char result[1024]; rc= RSA_private_decrypt(128,to,result,rsapriv,RSA_PKCS1_OAEP_PADDING); printf("Decrypt rc=%d \n",rc); printf("result is [%s]\n",result); The question I have is that I want to hand out my X509 Public key and have code that can use it to decpher. I can use this function to open the certificate fp = fopen("testpublic.cert","rb"); X509 *cert=PEM_read_X509(fp,NULL,NULL,NULL); if (cert!=NULL) printf("CERT is good***\n"); But how can I get the Public key from this x509? So I can use decryption of data? In this example I use the public key PEM directly and thats what I should not hand out. I am not that familiar with all API functions in openssl and how to get artifacts to use them. This below is simply open the pubic key file and use it. fp = fopen("testpublic.pem","rb"); RSA *rsapub=NULL; rsapub= PEM_read_RSA_PUBKEY(fp,&rsapub,NULL,NULL); fclose(fp); unsigned char result[1024]; rc= RSA_private_decrypt(128,to,result,rsapriv,RSA_PKCS1_OAEP_PADDING); printf("Decrypt rc=%d \n",rc); printf("result is [%s]\n",result); The reason I need the public key is that I don't encrypt a chunk of data as would be in a PKCS7 but I have some data encrypted and other data not encrypted sort of interlaced lets say. -- View this message in context: http://old.nabble.com/How-to-use-X509-public-key-tp34415232p34415232.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org