rrln> It seems that the call to X509_print_fp() is showing the private key. I
rrln> thought that X509_set_pubkey() only take the public part of the RSA key
rrln>
rrln> to the X509 structure, but it seems that it puts all the key .
rrln>
rrln> When I cut the PEM code ( BEGIN CERTIFICATE --- END CERTIFICATE part of
rrln> the result) and use "openssl x509" command line utility I do not see
rrln> the private key . This makes me think that it is when you output the
rrln> certificate (for example thorugh PEM_write_X509() call) that only the
rrln> public part is codified. Am I right? As I do not know the whole library
rrln> is a bit hard to look through the low level stuff :-(.
rrln>
rrln>
rrln> Some hint?
Yup. Compile the following program:
-----snip-----
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
main()
{
X509 *x;
x = PEM_read_X509(stdin, NULL, NULL, NULL);
X509_print_fp(stdout, x);
}
-----snip-----
Pipe the output of your program to my program ('./your_program | ./my_program')
and observe what comes out.
So yeah, X509_set_pubkey() will not look too closely at the pkey you
give it, as long as it has a public part (I got that from a very quick
look at the source). However, PEM_write_X509 won't output the private
parts.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]