Hello Stephen,
Thanks for helping me, I'm new using open-ssl I really appreciate your support.
OK firstly no, I didn't find the "private-key" string using the binary
editor, I searched for it but I didn't find it.
Thanks for the suggestion, I generated a dummy key with the same
software. After using "openssl rsa -inform NET -in file.key" I got:
unable to load Private Key
3554:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:946:
3554:error:0D06C03A:asn1 encoding
routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:628:
3554:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:tasn_dec.c:566:Field=os, Type=NETSCAPE_ENCRYPTED_PKEY
3554:error:0D09806F:asn1 encoding routines:d2i_Netscape_RSA:decoding
error:n_pkey.c:242:
Then I used "openssl asn1parse -inform DER -in file.key" and I got this:
0:d=0 hl=4 l= 710 cons: SEQUENCE
4:d=1 hl=2 l= 64 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 51 cons: SEQUENCE
19:d=3 hl=2 l= 27 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 14 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=3 hl=2 l= 20 cons: SEQUENCE
50:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
60:d=4 hl=2 l= 8 prim: OCTET STRING
70:d=1 hl=4 l= 640 prim: OCTET STRING
Hope you can help,
Roberto
On 8/30/05, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Tue, Aug 30, 2005, Roberto Arias Alegria wrote:
>
> > Hello,
> >
> > I tried to sign a file using a private key (a file with a .key
> > extension) using this:
> > openssl rsautl -sign -in myfile.txt -inkey mykey.key -out signed
> >
> > But I got a meesage "unable to load private key".
> >
> > The private key was generated using a propiertary software (in fact, a
> > government-made software, not a known commercial solution) so I have
> > little information about how it was generated. Anyway, I tried to
> > follow the solution with NET files provided in the man pages (open it
> > in a binary editor and found the string "private-key" and then the
> > 0x30 0x80 values, and copy everythin from here to the end of the file)
> > but I found that the file actually starts with 0x30 0x82, so I didn't
> > edit anything.
> >
> > Is there another way to sign information using a ".key" file? It is
> > possible that the file could be in another format and the original
> > software just labeled it as ".key"?
>
> Firstly that command line probably wont "sign a file" in the way you mean. You
> should use the -sign option in the dgst command for that.
>
> So it includes the string "private-key" in it? Ugh, that's a horibly insecure
> private key format. Did you try using NET format for the whole file? That is:
>
> openssl rsa -inform NET -in file.key
>
> How large is the file? What does:
>
> openssl asn1parse -inform DER -in file.key
>
> show? If the output has lots of lines with INTEGER on them and lots of digits
> don't post it.
>
> If you can generate a test key of zero importance with the same software you
> could post that.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
