Re: Problems decrypting PKCS# Private Key , Help needed

Fri, 23 Apr 2004 13:20:25 -0700 

On Fri, Apr 23, 2004, Carlos Roberto Zainos H wrote:

> Hi all!!!
>  
> Thanks again for the answers.
>  
> The question that I now post refers to decrypt a private key PBE (PKCS#5).
> I've working with priv/pub keys gotten from openssl, but now my C
> applications needs to work with ones generated with another application
> (commercial software). I've been discovered (with openssl help) that private
> key is in "clear" PEM format (not encrypted) and PBE (PKCS#5 v2(?))
> protected (form DER: privkey.key ). My problem is that I can't decrypt that
> key for use this in my C application. Follows my code:
>  
>  alg = PKCS5_pbe2_set (EVP_des_cbc(), -1, NULL, 0); /*pkcs5 v2.0 */ err =
>  EVP_PBE_CipherInit (alg->algorithm, password, strlen(password),
>  alg->parameter, &ctx, decripta); /*descripta is defined as 0 */ decr_buf =
>  (unsigned char *) malloc (longitud + EVP_CIPHER_CTX_block_size(&ctx) + 1);
>  err = EVP_CipherUpdate (&ctx, decr_buf, &bytes_decr, privkey_pointer,
>  length_privkey); err = EVP_CipherFinal (&ctx, decr_buf+bytes_decr,
>  &bytes_final); if ( err == 0 ) { printf("Ha ocurrido un error
>  EVP_CipherFinal \n"); while ( c_error = ERR_get_error() ) fprintf(stderr,
>  ERR_error_string(c_error, NULL)); exit(1); }
>  
> So, err always is 0 in EVP_CipherFinal,  error code returns:
> error:0606506D:digital envelope routines:EVP_DecryptFinal:wrong final block
> length
>  
> I thought that the problem could be the priv key, so I generate privkeys in
> PKCS#5 and PKCS#8 with: openssl pkcs8 -inform DER -in privkey.key -topk8 -v1
> PBE_MD5_DES -outform DER -out privkeyp5.key ; and openssl pkcs8 -inform DER
> -in privkey.key -topk8  -outform DER -out privkeyp8.key
>  
> And test my application again with those keys but results are the same.
>  
> I don't know what is wrong ....... any suggestions or tips???

If the private key is in PEM format that PEM_read_bio_PrivateKey() will
automatically handle PKCS#8 format.

If its in DER format then d2i_PKCS8PrivateKey_bio() will handle the encrypted
form, and d2i_PKCS8_PRIV_KEY_INFO() followed by EVP_PKCS82PKEY() for the
unencrypted form.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to