Hi, people

I was tinkering with some piece of code (modified from /demos/selfsign)
and I was shocked to find that I saw a private key where
I shouldn't. Here is the code


CODE
=====
#include <stdio.h>
#include <stdlib.h>

#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>


int main() {

 X509   *x509;
 EVP_PKEY *pkey;
 RSA  *rsa;
 X509_NAME *name=NULL;
 X509_NAME_ENTRY *ne=NULL;
 X509_EXTENSION *ex=NULL;
 BIO   *bio= NULL;

 pkey = EVP_PKEY_new();
 rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
 EVP_PKEY_assign_RSA(pkey, rsa);

 x509 = X509_new();
 X509_set_version(x509,2);
 ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
 X509_gmtime_adj(X509_get_notBefore(x509),0);
 X509_gmtime_adj(X509_get_notAfter(x509), (long) 60*60*24*365);

 name = X509_get_subject_name(x509);
 X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "ES", -1, -1, 0);
 X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, "GMV Sistemas
S.A.", -1, -1, 0);
 X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, "SGI Soluciones
Globales Internet", -1, -1, 0);
 X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, "CA SGI", -1, -1,
0);
 X509_set_issuer_name(x509, name);

 X509_set_pubkey(x509, pkey);
 X509_sign(x509, pkey, EVP_md5());

 RSA_print_fp(stdout,pkey->pkey.rsa,0);
 X509_print_fp(stdout,x509);
 PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
 PEM_write_X509(stdout,x509);
}


RESULT
=======
Private-Key: (1024 bit)
modulus:
    00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
    64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
    9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
    28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
    88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
    b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
    bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
    ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
    88:47:92:6d:3c:c7:f8:5f:51
publicExponent: 65537 (0x10001)
privateExponent:
    00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
    f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
    20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
    3e:16:ba:62:d3:22:be:46:ae:c4:d9:3d:af:6c:2b:
    13:2a:54:01:6a:2e:21:37:b4:5c:28:f8:14:46:aa:
    b6:d7:56:bc:a2:f0:8d:8b:62:9f:dc:96:3b:54:76:
    21:13:10:7d:bf:d2:73:5d:3f:7f:66:c6:26:84:ae:
    3d:db:79:e5:e8:af:66:a7:37:c8:94:17:87:63:71:
    44:0d:34:c0:fb:84:34:4c:01
prime1:
    00:f8:1a:52:d5:61:68:b9:7d:b2:f7:4d:80:ea:b9:
    1d:a1:b9:cf:25:e3:88:ff:81:7b:72:3b:c6:4e:07:
    fc:8b:6b:4a:8f:e1:b9:7b:d4:7e:e5:7e:a2:68:00:
    67:5d:9d:db:33:71:ab:33:2f:c2:e6:eb:24:b2:77:
    af:61:22:44:a1
prime2:
    00:d9:96:43:85:a9:13:ce:66:c1:8c:52:80:4e:1f:
    4c:f7:32:48:12:38:9c:fe:af:b6:79:5a:8a:73:aa:
    9f:6e:fa:db:da:d8:a3:e0:de:da:08:a1:01:29:da:
    f5:db:fe:b5:d5:ed:4e:a2:54:75:01:3e:64:b4:3a:
    45:96:73:6c:b1
exponent1:
    35:7a:07:0c:b3:38:4d:73:08:96:41:80:5e:17:94:
    89:7d:71:66:eb:4a:66:38:54:91:64:cc:f3:98:c9:
    18:8c:01:c0:4d:99:1b:55:cc:1c:4f:55:56:31:70:
    16:3f:a6:35:ca:74:6a:4e:0b:26:96:dc:8c:13:3c:
    1c:25:b4:c1
exponent2:
    13:75:79:c2:69:55:89:1e:ed:6e:44:2e:8f:4e:03:
    4f:14:23:17:e6:12:3c:40:b0:9b:f7:b9:ec:10:35:
    43:f2:91:58:e8:08:f7:e2:56:33:71:5a:ae:48:93:
    b6:41:f8:37:12:8a:f6:bf:80:db:44:9e:32:f4:07:
    27:26:59:71
coefficient:
    18:76:56:a4:b1:b7:5c:f6:55:c4:a4:28:66:ae:ce:
    0d:d4:55:13:eb:77:58:d3:27:0a:90:21:16:06:78:
    02:79:35:27:35:5c:9d:1a:62:aa:62:ee:fa:a3:b0:
    54:c2:bf:8e:b9:1a:33:06:a6:bc:a6:9b:5a:d0:69:
    3a:10:d5:3c
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
        Validity
            Not Before: Mar 22 07:17:19 2000 GMT
            Not After : Mar 22 07:17:19 2001 GMT
        Subject: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Private-Key: (1024 bit)
                modulus:
                    00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
                    64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
                    9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
                    28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
                    88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
                    b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
                    bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
                    ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
                    88:47:92:6d:3c:c7:f8:5f:51
                publicExponent: 65537 (0x10001)
                privateExponent:
                    00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
                    f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
                    20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
                    3e:16:ba:62:d3:22:be:46:ae:c4:d9:3d:af:6c:2b:
                    13:2a:54:01:6a:2e:21:37:b4:5c:28:f8:14:46:aa:
                    b6:d7:56:bc:a2:f0:8d:8b:62:9f:dc:96:3b:54:76:
                    21:13:10:7d:bf:d2:73:5d:3f:7f:66:c6:26:84:ae:
                    3d:db:79:e5:e8:af:66:a7:37:c8:94:17:87:63:71:
                    44:0d:34:c0:fb:84:34:4c:01
                prime1:
                    00:f8:1a:52:d5:61:68:b9:7d:b2:f7:4d:80:ea:b9:
                    1d:a1:b9:cf:25:e3:88:ff:81:7b:72:3b:c6:4e:07:
                    fc:8b:6b:4a:8f:e1:b9:7b:d4:7e:e5:7e:a2:68:00:
                    67:5d:9d:db:33:71:ab:33:2f:c2:e6:eb:24:b2:77:
                    af:61:22:44:a1
                prime2:
                    00:d9:96:43:85:a9:13:ce:66:c1:8c:52:80:4e:1f:
                    4c:f7:32:48:12:38:9c:fe:af:b6:79:5a:8a:73:aa:
                    9f:6e:fa:db:da:d8:a3:e0:de:da:08:a1:01:29:da:
                    f5:db:fe:b5:d5:ed:4e:a2:54:75:01:3e:64:b4:3a:
                    45:96:73:6c:b1
                exponent1:
                    35:7a:07:0c:b3:38:4d:73:08:96:41:80:5e:17:94:
                    89:7d:71:66:eb:4a:66:38:54:91:64:cc:f3:98:c9:
                    18:8c:01:c0:4d:99:1b:55:cc:1c:4f:55:56:31:70:
                    16:3f:a6:35:ca:74:6a:4e:0b:26:96:dc:8c:13:3c:
                    1c:25:b4:c1
                exponent2:
                    13:75:79:c2:69:55:89:1e:ed:6e:44:2e:8f:4e:03:
                    4f:14:23:17:e6:12:3c:40:b0:9b:f7:b9:ec:10:35:
                    43:f2:91:58:e8:08:f7:e2:56:33:71:5a:ae:48:93:
                    b6:41:f8:37:12:8a:f6:bf:80:db:44:9e:32:f4:07:
                    27:26:59:71
                coefficient:
                    18:76:56:a4:b1:b7:5c:f6:55:c4:a4:28:66:ae:ce:
                    0d:d4:55:13:eb:77:58:d3:27:0a:90:21:16:06:78:
                    02:79:35:27:35:5c:9d:1a:62:aa:62:ee:fa:a3:b0:
                    54:c2:bf:8e:b9:1a:33:06:a6:bc:a6:9b:5a:d0:69:
                    3a:10:d5:3c
    Signature Algorithm: md5WithRSAEncryption
        9a:79:74:ba:4b:a8:fb:a5:ee:ff:ca:bd:48:e5:1b:46:25:74:
        9e:84:7d:c3:bd:46:1e:c5:27:68:eb:f1:d5:f1:23:a6:43:ef:
        dd:ac:72:63:c6:76:33:f1:88:cf:b5:d5:8c:2a:e2:fa:82:cd:
        a2:da:85:12:d6:c8:5e:4a:8b:1f:e9:7a:2a:21:ab:8e:60:04:
        0f:0b:c1:bc:61:dd:5c:0d:35:79:6e:4a:9e:4b:e1:dd:c6:c8:
        f6:ad:ee:97:33:6b:b3:29:54:18:d6:a7:4c:91:28:e9:e1:89:
        2f:ea:eb:89:84:c8:5c:d7:1d:10:9e:7f:37:94:47:c4:92:70:
        c0:98
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDS3/ET1dBMnggrqywrRGSg5Uu2xhDSsilJvvPRsJ3jshL7Q3HO
OI2zxCTlrihUH20pysvvp71nMe3jwohMl8zBSdC+1NbxJ30UQLRcO1tAjg+5GXCy
FFEi+L/GD+0LM+i4b+isn48iCqsJk6gdQdao5q1xPpju14hHkm08x/hfUQIDAQAB
AoGBAJTrRUrmskWJTOfZ6EVd9VqS05dt5K+G1hWYXoN1IOuN9E2xYYtq8NdE63Gw
Pha6YtMivkauxNk9r2wrEypUAWouITe0XCj4FEaqttdWvKLwjYtin9yWO1R2IRMQ
fb/Sc10/f2bGJoSuPdt55eivZqc3yJQXh2NxRA00wPuENEwBAkEA+BpS1WFouX2y
902A6rkdobnPJeOI/4F7cjvGTgf8i2tKj+G5e9R+5X6iaABnXZ3bM3GrMy/C5usk
snevYSJEoQJBANmWQ4WpE85mwYxSgE4fTPcySBI4nP6vtnlainOqn27629rYo+De
2gihASna9dv+tdXtTqJUdQE+ZLQ6RZZzbLECQDV6BwyzOE1zCJZBgF4XlIl9cWbr
SmY4VJFkzPOYyRiMAcBNmRtVzBxPVVYxcBY/pjXKdGpOCyaW3IwTPBwltMECQBN1
ecJpVYke7W5ELo9OA08UIxfmEjxAsJv3uewQNUPykVjoCPfiVjNxWq5Ik7ZB+DcS
iva/gNtEnjL0BycmWXECQBh2VqSxt1z2VcSkKGauzg3UVRPrd1jTJwqQIRYGeAJ5
NSc1XJ0aYqpi7vqjsFTCv465GjMGprymm1rQaToQ1Tw=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADBlMQswCQYDVQQGEwJFUzEa
MBgGA1UEChMRR01WIFNpc3RlbWFzIFMuQS4xKTAnBgNVBAsTIFNHSSBTb2x1Y2lv
bmVzIEdsb2JhbGVzIEludGVybmV0MQ8wDQYDVQQDEwZDQSBTR0kwHhcNMDAwMzIy
MDcxNzE5WhcNMDEwMzIyMDcxNzE5WjBlMQswCQYDVQQGEwJFUzEaMBgGA1UEChMR
R01WIFNpc3RlbWFzIFMuQS4xKTAnBgNVBAsTIFNHSSBTb2x1Y2lvbmVzIEdsb2Jh
bGVzIEludGVybmV0MQ8wDQYDVQQDEwZDQSBTR0kwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANLf8RPV0EyeCCurLCtEZKDlS7bGENKyKUm+89GwneOyEvtDcc44
jbPEJOWuKFQfbSnKy++nvWcx7ePCiEyXzMFJ0L7U1vEnfRRAtFw7W0COD7kZcLIU
USL4v8YP7Qsz6Lhv6KyfjyIKqwmTqB1B1qjmrXE+mO7XiEeSbTzH+F9RAgMBAAEw
DQYJKoZIhvcNAQEEBQADgYEAmnl0ukuo+6Xu/8q9SOUbRiV0noR9w71GHsUnaOvx
1fEjpkPv3axyY8Z2M/GIz7XVjCri+oLNotqFEtbIXkqLH+l6KiGrjmAEDwvBvGHd
XA01eW5Knkvh3cbI9q3ulzNrsylUGNanTJEo6eGJL+rriYTIXNcdEJ5/N5RHxJJw
wJg=
-----END CERTIFICATE-----

It seems that the call to X509_print_fp() is showing the private key. I
thought that X509_set_pubkey()  only take the public part of the RSA key

to the X509 structure, but it seems that it puts all the key .

When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of
the result)   and use "openssl x509" command line utility I do not see
the private key . This makes me think that it is when you output the
certificate (for example thorugh PEM_write_X509() call) that only the
public part is codified. Am I right? As I do not know the whole library
is a bit hard to look through the low level stuff :-(.


Some hint?

Thank you very much.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to