rrln wrote:
> I was tinkering with some piece of code (modified from /demos/selfsign)
> and I was shocked to find that I saw a private key where
> I shouldn't. Here is the code
I might be missing the point here, but the following calls look pretty
explicit to me:
> RSA_print_fp(stdout,pkey->pkey.rsa,0);
Which I guess is what outputs
> Private-Key: (1024 bit)
> modulus:
> ...
> PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
Which would give you this:
> -----BEGIN RSA PRIVATE KEY-----
> ...
> It seems that the call to X509_print_fp() is showing the private key. I
> thought that X509_set_pubkey() only take the public part of the RSA key
> to the X509 structure, but it seems that it puts all the key .
IMHO, X509_print_fp() isn't showing the private key, but RSA_print_fp()
is.
> When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of
> the result) and use "openssl x509" command line utility I do not see
> the private key .
True, the data inside the BEGIN/END CERTIFICATE headers would only
contain the public key. Had you cut the data inside the BEGIN/END
PRIVATE KEY headers you would have found both public and private keys
(through "openssl rsa".)
Cheers,
//oscar
S/MIME Cryptographic Signature
