Hi, people
I was tinkering with some piece of code (modified from /demos/selfsign)
and I was shocked to find that I saw a private key where
I shouldn't. Here is the code
CODE
=====
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
int main() {
X509 *x509;
EVP_PKEY *pkey;
RSA *rsa;
X509_NAME *name=NULL;
X509_NAME_ENTRY *ne=NULL;
X509_EXTENSION *ex=NULL;
BIO *bio= NULL;
pkey = EVP_PKEY_new();
rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(pkey, rsa);
x509 = X509_new();
X509_set_version(x509,2);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 0);
X509_gmtime_adj(X509_get_notBefore(x509),0);
X509_gmtime_adj(X509_get_notAfter(x509), (long) 60*60*24*365);
name = X509_get_subject_name(x509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "ES", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, "GMV Sistemas
S.A.", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, "SGI Soluciones
Globales Internet", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, "CA SGI", -1, -1,
0);
X509_set_issuer_name(x509, name);
X509_set_pubkey(x509, pkey);
X509_sign(x509, pkey, EVP_md5());
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,x509);
PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
PEM_write_X509(stdout,x509);
}
RESULT
=======
Private-Key: (1024 bit)
modulus:
00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
88:47:92:6d:3c:c7:f8:5f:51
publicExponent: 65537 (0x10001)
privateExponent:
00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
3e:16:ba:62:d3:22:be:46:ae:c4:d9:3d:af:6c:2b:
13:2a:54:01:6a:2e:21:37:b4:5c:28:f8:14:46:aa:
b6:d7:56:bc:a2:f0:8d:8b:62:9f:dc:96:3b:54:76:
21:13:10:7d:bf:d2:73:5d:3f:7f:66:c6:26:84:ae:
3d:db:79:e5:e8:af:66:a7:37:c8:94:17:87:63:71:
44:0d:34:c0:fb:84:34:4c:01
prime1:
00:f8:1a:52:d5:61:68:b9:7d:b2:f7:4d:80:ea:b9:
1d:a1:b9:cf:25:e3:88:ff:81:7b:72:3b:c6:4e:07:
fc:8b:6b:4a:8f:e1:b9:7b:d4:7e:e5:7e:a2:68:00:
67:5d:9d:db:33:71:ab:33:2f:c2:e6:eb:24:b2:77:
af:61:22:44:a1
prime2:
00:d9:96:43:85:a9:13:ce:66:c1:8c:52:80:4e:1f:
4c:f7:32:48:12:38:9c:fe:af:b6:79:5a:8a:73:aa:
9f:6e:fa:db:da:d8:a3:e0:de:da:08:a1:01:29:da:
f5:db:fe:b5:d5:ed:4e:a2:54:75:01:3e:64:b4:3a:
45:96:73:6c:b1
exponent1:
35:7a:07:0c:b3:38:4d:73:08:96:41:80:5e:17:94:
89:7d:71:66:eb:4a:66:38:54:91:64:cc:f3:98:c9:
18:8c:01:c0:4d:99:1b:55:cc:1c:4f:55:56:31:70:
16:3f:a6:35:ca:74:6a:4e:0b:26:96:dc:8c:13:3c:
1c:25:b4:c1
exponent2:
13:75:79:c2:69:55:89:1e:ed:6e:44:2e:8f:4e:03:
4f:14:23:17:e6:12:3c:40:b0:9b:f7:b9:ec:10:35:
43:f2:91:58:e8:08:f7:e2:56:33:71:5a:ae:48:93:
b6:41:f8:37:12:8a:f6:bf:80:db:44:9e:32:f4:07:
27:26:59:71
coefficient:
18:76:56:a4:b1:b7:5c:f6:55:c4:a4:28:66:ae:ce:
0d:d4:55:13:eb:77:58:d3:27:0a:90:21:16:06:78:
02:79:35:27:35:5c:9d:1a:62:aa:62:ee:fa:a3:b0:
54:c2:bf:8e:b9:1a:33:06:a6:bc:a6:9b:5a:d0:69:
3a:10:d5:3c
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
Validity
Not Before: Mar 22 07:17:19 2000 GMT
Not After : Mar 22 07:17:19 2001 GMT
Subject: C=ES, O=GMV Sistemas S.A., OU=SGI Soluciones Globales
Internet, CN=CA SGI
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Private-Key: (1024 bit)
modulus:
00:d2:df:f1:13:d5:d0:4c:9e:08:2b:ab:2c:2b:44:
64:a0:e5:4b:b6:c6:10:d2:b2:29:49:be:f3:d1:b0:
9d:e3:b2:12:fb:43:71:ce:38:8d:b3:c4:24:e5:ae:
28:54:1f:6d:29:ca:cb:ef:a7:bd:67:31:ed:e3:c2:
88:4c:97:cc:c1:49:d0:be:d4:d6:f1:27:7d:14:40:
b4:5c:3b:5b:40:8e:0f:b9:19:70:b2:14:51:22:f8:
bf:c6:0f:ed:0b:33:e8:b8:6f:e8:ac:9f:8f:22:0a:
ab:09:93:a8:1d:41:d6:a8:e6:ad:71:3e:98:ee:d7:
88:47:92:6d:3c:c7:f8:5f:51
publicExponent: 65537 (0x10001)
privateExponent:
00:94:eb:45:4a:e6:b2:45:89:4c:e7:d9:e8:45:5d:
f5:5a:92:d3:97:6d:e4:af:86:d6:15:98:5e:83:75:
20:eb:8d:f4:4d:b1:61:8b:6a:f0:d7:44:eb:71:b0:
3e:16:ba:62:d3:22:be:46:ae:c4:d9:3d:af:6c:2b:
13:2a:54:01:6a:2e:21:37:b4:5c:28:f8:14:46:aa:
b6:d7:56:bc:a2:f0:8d:8b:62:9f:dc:96:3b:54:76:
21:13:10:7d:bf:d2:73:5d:3f:7f:66:c6:26:84:ae:
3d:db:79:e5:e8:af:66:a7:37:c8:94:17:87:63:71:
44:0d:34:c0:fb:84:34:4c:01
prime1:
00:f8:1a:52:d5:61:68:b9:7d:b2:f7:4d:80:ea:b9:
1d:a1:b9:cf:25:e3:88:ff:81:7b:72:3b:c6:4e:07:
fc:8b:6b:4a:8f:e1:b9:7b:d4:7e:e5:7e:a2:68:00:
67:5d:9d:db:33:71:ab:33:2f:c2:e6:eb:24:b2:77:
af:61:22:44:a1
prime2:
00:d9:96:43:85:a9:13:ce:66:c1:8c:52:80:4e:1f:
4c:f7:32:48:12:38:9c:fe:af:b6:79:5a:8a:73:aa:
9f:6e:fa:db:da:d8:a3:e0:de:da:08:a1:01:29:da:
f5:db:fe:b5:d5:ed:4e:a2:54:75:01:3e:64:b4:3a:
45:96:73:6c:b1
exponent1:
35:7a:07:0c:b3:38:4d:73:08:96:41:80:5e:17:94:
89:7d:71:66:eb:4a:66:38:54:91:64:cc:f3:98:c9:
18:8c:01:c0:4d:99:1b:55:cc:1c:4f:55:56:31:70:
16:3f:a6:35:ca:74:6a:4e:0b:26:96:dc:8c:13:3c:
1c:25:b4:c1
exponent2:
13:75:79:c2:69:55:89:1e:ed:6e:44:2e:8f:4e:03:
4f:14:23:17:e6:12:3c:40:b0:9b:f7:b9:ec:10:35:
43:f2:91:58:e8:08:f7:e2:56:33:71:5a:ae:48:93:
b6:41:f8:37:12:8a:f6:bf:80:db:44:9e:32:f4:07:
27:26:59:71
coefficient:
18:76:56:a4:b1:b7:5c:f6:55:c4:a4:28:66:ae:ce:
0d:d4:55:13:eb:77:58:d3:27:0a:90:21:16:06:78:
02:79:35:27:35:5c:9d:1a:62:aa:62:ee:fa:a3:b0:
54:c2:bf:8e:b9:1a:33:06:a6:bc:a6:9b:5a:d0:69:
3a:10:d5:3c
Signature Algorithm: md5WithRSAEncryption
9a:79:74:ba:4b:a8:fb:a5:ee:ff:ca:bd:48:e5:1b:46:25:74:
9e:84:7d:c3:bd:46:1e:c5:27:68:eb:f1:d5:f1:23:a6:43:ef:
dd:ac:72:63:c6:76:33:f1:88:cf:b5:d5:8c:2a:e2:fa:82:cd:
a2:da:85:12:d6:c8:5e:4a:8b:1f:e9:7a:2a:21:ab:8e:60:04:
0f:0b:c1:bc:61:dd:5c:0d:35:79:6e:4a:9e:4b:e1:dd:c6:c8:
f6:ad:ee:97:33:6b:b3:29:54:18:d6:a7:4c:91:28:e9:e1:89:
2f:ea:eb:89:84:c8:5c:d7:1d:10:9e:7f:37:94:47:c4:92:70:
c0:98
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDS3/ET1dBMnggrqywrRGSg5Uu2xhDSsilJvvPRsJ3jshL7Q3HO
OI2zxCTlrihUH20pysvvp71nMe3jwohMl8zBSdC+1NbxJ30UQLRcO1tAjg+5GXCy
FFEi+L/GD+0LM+i4b+isn48iCqsJk6gdQdao5q1xPpju14hHkm08x/hfUQIDAQAB
AoGBAJTrRUrmskWJTOfZ6EVd9VqS05dt5K+G1hWYXoN1IOuN9E2xYYtq8NdE63Gw
Pha6YtMivkauxNk9r2wrEypUAWouITe0XCj4FEaqttdWvKLwjYtin9yWO1R2IRMQ
fb/Sc10/f2bGJoSuPdt55eivZqc3yJQXh2NxRA00wPuENEwBAkEA+BpS1WFouX2y
902A6rkdobnPJeOI/4F7cjvGTgf8i2tKj+G5e9R+5X6iaABnXZ3bM3GrMy/C5usk
snevYSJEoQJBANmWQ4WpE85mwYxSgE4fTPcySBI4nP6vtnlainOqn27629rYo+De
2gihASna9dv+tdXtTqJUdQE+ZLQ6RZZzbLECQDV6BwyzOE1zCJZBgF4XlIl9cWbr
SmY4VJFkzPOYyRiMAcBNmRtVzBxPVVYxcBY/pjXKdGpOCyaW3IwTPBwltMECQBN1
ecJpVYke7W5ELo9OA08UIxfmEjxAsJv3uewQNUPykVjoCPfiVjNxWq5Ik7ZB+DcS
iva/gNtEnjL0BycmWXECQBh2VqSxt1z2VcSkKGauzg3UVRPrd1jTJwqQIRYGeAJ5
NSc1XJ0aYqpi7vqjsFTCv465GjMGprymm1rQaToQ1Tw=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQQFADBlMQswCQYDVQQGEwJFUzEa
MBgGA1UEChMRR01WIFNpc3RlbWFzIFMuQS4xKTAnBgNVBAsTIFNHSSBTb2x1Y2lv
bmVzIEdsb2JhbGVzIEludGVybmV0MQ8wDQYDVQQDEwZDQSBTR0kwHhcNMDAwMzIy
MDcxNzE5WhcNMDEwMzIyMDcxNzE5WjBlMQswCQYDVQQGEwJFUzEaMBgGA1UEChMR
R01WIFNpc3RlbWFzIFMuQS4xKTAnBgNVBAsTIFNHSSBTb2x1Y2lvbmVzIEdsb2Jh
bGVzIEludGVybmV0MQ8wDQYDVQQDEwZDQSBTR0kwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBANLf8RPV0EyeCCurLCtEZKDlS7bGENKyKUm+89GwneOyEvtDcc44
jbPEJOWuKFQfbSnKy++nvWcx7ePCiEyXzMFJ0L7U1vEnfRRAtFw7W0COD7kZcLIU
USL4v8YP7Qsz6Lhv6KyfjyIKqwmTqB1B1qjmrXE+mO7XiEeSbTzH+F9RAgMBAAEw
DQYJKoZIhvcNAQEEBQADgYEAmnl0ukuo+6Xu/8q9SOUbRiV0noR9w71GHsUnaOvx
1fEjpkPv3axyY8Z2M/GIz7XVjCri+oLNotqFEtbIXkqLH+l6KiGrjmAEDwvBvGHd
XA01eW5Knkvh3cbI9q3ulzNrsylUGNanTJEo6eGJL+rriYTIXNcdEJ5/N5RHxJJw
wJg=
-----END CERTIFICATE-----
It seems that the call to X509_print_fp() is showing the private key. I
thought that X509_set_pubkey() only take the public part of the RSA key
to the X509 structure, but it seems that it puts all the key .
When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of
the result) and use "openssl x509" command line utility I do not see
the private key . This makes me think that it is when you output the
certificate (for example thorugh PEM_write_X509() call) that only the
public part is codified. Am I right? As I do not know the whole library
is a bit hard to look through the low level stuff :-(.
Some hint?
Thank you very much.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]