Thanks for answer Dave,
Actually what I'm trying to do is encode messages using
the public key presumably encoded in a .pem file. I checked the contents of
this .pem file and ir has the -----BEGIN PUBLIC KEY----- and -----END PUBLIC
KEY----- headers. I fixed my code to take away this headers and then base64
decode the string.
I'm new to this technology of using openssl and using certificates, this is
the code I've buit, so far I don't get any RSA object from
the d2i_RSAPublicKey function:
//Get the .pem file contents
NSString *path = [[NSBundle mainBundle] pathForResource:@"publickey"
ofType:@"pem"];
NSString *labeledPemString = [[NSString alloc] initWithContentsOfFile:path
encoding:NSUTF8StringEncoding error:nil];
//Take off new lines and white spaces
NSCharacterSet *newLineCSet = [NSCharacterSet
whitespaceAndNewlineCharacterSet];
NSString *newLinesOffLabeledPemString = [labeledPemString
stringByTrimmingCharactersInSet:newLineCSet];
//Take off -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- headers
//First get begin range
NSRange beginHeaderRange = [newLinesOffLabeledPemString
rangeOfString:@"-----BEGIN
PUBLIC KEY-----"];
//Trim text
NSString *unlabeledBeginPemString = [newLinesOffLabeledPemString
substringFromIndex:(beginHeaderRange.location + beginHeaderRange.length)];
//Now the end header range
NSRange endHeaderRange = [unlabeledBeginPemString rangeOfString:@"-----END
PUBLIC KEY-----"];
//Trim again
NSString *unlabeledEndPemString = [unlabeledBeginPemString
substringToIndex:endHeaderRange.location];
//Un-base64 decode remainig pem representation
const char *base64Text = [unlabeledEndPemString
cStringUsingEncoding:[NSString defaultCStringEncoding]];
char *unBase64Text = unbase64((unsigned char *)base64Text,
strlen(base64Text));
//Create a new RSA instance
int dataLengt = strlen(unBase64Text);
RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)&unBase64Text,
dataLengt);
unsigned char cleartext[2560] = "A";
unsigned char encrypted[2560] = { 0 };
int resultEncrypt = 0;
NSLog(@"here");
resultEncrypt = RSA_public_encrypt ( 1 , cleartext, encrypted, anRSA,
RSA_PKCS1_OAEP_PADDING );
NSLog(@"%d from encrypt.", resultEncrypt);
Well, after all this the long question I think is: am I calling the right
functions to encrypt and send back a message using the public key that's
inside a .pem file?
Thanks in advance.
2010/7/8 Dave Thompson <dthomp...@prinpay.com>
> > From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña
> > Sent: Thursday, 08 July, 2010 18:51
>
> > I'm to openssl and PKI in general and got a problem whit decrypting
> in my application.
> > My partners provided me with two files: publickey.x509 and
> publickey.pem
> > to find a wy to send messages between server and my client application.
>
> Do you want to do this with SSL by calling openssl? Or are you trying
> to re-implement SSL, or some other (likely bad) protocol, yourself?
> If you call openssl, you don't need to decode any of these files,
> just give the correct files to openssl in the correct places.
>
> > So far I've dicovered that .pem files are just base64 encoded DER
> files,
> > DER is the encoding for x509 files that contain the publickey among other
> information.
>
> Only partly right.
> .pem files are (just) base64 of DER *plus BEGIN/END lines plus
> in some cases a few more header lines*. Those can be important.
> DER is part of a general-purpose international standard ASN.1,
> and is the encoding for many different things used in openssl.
> (And in other applications also, not relevant here.)
> An X.509 certificate is *ONE* thing that is encoded in DER,
> *or* in PEM-armored-DER. (There are other things in X.509,
> like CRLs, that you almost certainly don't care about.
> When people just say X.509, they mean an X.509 cert.)
>
> If you are doing an SSL server, using common web ciphersuites,
> you need a *private key* and a (matching) *X.509 certificate*.
> The cert contains the public key, plus additional data.
>
> We can't tell just from the file names what those files contain.
> They might have given you the cert in publickey.x509 (either PEM or DER)
> and the *privatekey* in publickey.pem, although that would be a poor name.
> A file containing only the publickey is possible, but useless.
> Presumably publickey.pem *is* PEM; what type is in its BEGIN line?
>
> > I have the following code:
>
> > //Get the .pem file contents
> > NSString *path = [[NSBundle mainBundle] pathForResource:@
> "publickey"
> ofType:@"pem"];
> > NSString * pemString = [NSString stringWithContentsOfFile:path
> encoding:NSUTF8StringEncoding error:nil];
> > const char *base64Text = [pemString cStringUsingEncoding:[NSString
> defaultCStringEncoding]];
>
> I don't know much ObjectiveC, or any NextStep; does that remove the labels?
>
> > //Base64 decode to obtain a DER representation
> > char *unBase64Text = unbase64((unsigned char *)base64Text,
> strlen(base64Text));
> > int dataLength = strlen(unBase64Text);
>
> Even if base64Text is correctly the base64 data from the .pem,
> after un-base64-ing strlen won't work. DER encodings are binary
> and contain 'null' bytes which C considers to terminate a string.
> Your unbase64 procedure *MUST* tell you the decoded length.
>
> You should better declare the unbase64-ed DER as 'unsigned char *'
> (or 'unsigned char []'). Although you can cast differently-signed chars
> back and forth in C, this data actually is unsigned, and on systems
> where C plain char is signed, the debugger etc. will give misleading
> results.
>
> > //Get RSA representation so we can encode messages to send
> back to the server
> > RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)&unBase64Text,
> dataLength);
>
> In general whenever a libcrypto routine returns an error, and most
> times when a libssl routine does, you should look at the error queue:
> http://www.openssl.org/support/faq.html#PROG6
>
> Even if unBase64Text for dataLength is correctly the unbase64-ed data,
> it is *very* unlikely you have a file containing an RSAPublicKey structure.
> Openssl normally uses files containing a X.509 cert which contains a
> publickey
> for any of several algorithms, possibly with algorithm-dependent
> parameters;
>
> or a "PubKeyInfo" structure which does similarly. For the latter you should
> use d2i_PUBKEY[_*] to get a generic EVP structure and then get the RSA part
> if necessary -- or just use the openssl EVP routines which take it as-is --
> or use d2i_RSA_PUBKEY[_*] which just does those two for you.
>
> > What could am I doing wrong?
>
> See above.
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
--
Saludos
Carlos Saldaña Garcia
TSU en Tecnologías de la Información y Comunicación
