> From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña
> Sent: Friday, 09 July, 2010 12:48
> Thanks for answer Dave,
> Actually what I'm trying to do is encode messages using the public
key
> presumably encoded in a .pem file. I checked the contents of this .pem
file
> and ir has the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----
headers.
> I fixed my code to take away this headers and then base64 decode the
string.
Okay, that's simple enough. Note that your security relies on the
authenticity
and integrity of the pubkey file -- if (any of) your users can be convinced
to
install/use a bogus file, their 'secret' data is exposed. If anyone besides
you
will use this system, make sure this limitation is acceptable to them. And
bear
in mind that user representatives like managers usually promise that people
will
follow rules perfectly, and those promises are almost always broken.
> I'm new to this technology of using openssl and using certificates,
this is
> the code I've buit, so far I don't get any RSA object from the
d2i_RSAPublicKey function:
<snip: get publickey.pem, trim whitespace, drop BEGIN/END lines, trim again>
looks reasonable to me; I don't know ObjC/NS details but I assume you can
see with a debugger that this produces the correct string in memory
> const char *base64Text = [unlabeledEndPemString
cStringUsingEncoding:[NSString defaultCStringEncoding]];
> char *unBase64Text = unbase64((unsigned char *)base64Text,
strlen(base64Text));
> //Create a new RSA instance
> int dataLengt = strlen(unBase64Text);
> RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)&unBase64Text,
dataLengt);
As I mostly said before:
1. unbase64 of a .pem file body block gives DER which is binary data
containing zero/nulls and strlen will not give the correct length.
(And if you don't give the correct length OpenSSL can't decode it.)
2. It's better to treat DER as unsigned char (as you do for the
plaintext and ciphertext below). C will mostly let you 'cheat' on
signed/unsigned/plain, but DER data is in fact unsigned bytes.
3. The contents of a BEGIN/END PUBLIC KEY are NOT an RSAPublicKey object.
They are a PublicKeyInfo object CONTAINING a (labelled) RSAPublicKey.
OpenSSL can only decode a DER if you tell it the correct type.
See below.
> unsigned char cleartext[2560] = "A";
> unsigned char encrypted[2560] = { 0 };
> int resultEncrypt = 0;
> NSLog(@"here");
> resultEncrypt = RSA_public_encrypt ( 1 , cleartext, encrypted,
anRSA, RSA_PKCS1_OAEP_PADDING );
> NSLog(@"%d from encrypt.", resultEncrypt);
The (raw) result of RSA encryption is as big as the key size.
Key sizes > 2560 are possible though unusual. To avoid buffer overflow
and possible exploit of your system, you should either check that the
size of the key you read is not too big, or allocate the output buffer
using the actual key size.
> Well, after all this the long question I think is: am I calling
> the right functions to encrypt and send back a message using the public
key
> that's inside a .pem file?
Once you get the key correctly it should encrypt. Direct RSA encryption
with OAEP is limited to 'message' sizes of the key size minus about 200 bits
(I don't remember the exact number but you'll get an error when you hit it).
For most schemes for most people this is unacceptable and the usual practice
is to encrypt the data with a symmetric cipher (e.g. AES) under a random key
(called Data Encrypting Key, DEK) and encrypt and transport that DEK under
under the RSA key (Key Encrypting Key, KEK) and transport with the data.
The approach you are using works if both/all ends agree, but you probably
won't interoperate with anybody else.
> Thanks in advance.
> 2010/7/8 Dave Thompson <dthomp...@prinpay.com>
> Even if unBase64Text for dataLength is correctly the
unbase64-ed data,
> it is *very* unlikely you have a file containing an
RSAPublicKey structure.
> Openssl normally uses files containing a X.509 cert which
contains a publickey
> for any of several algorithms, possibly with
algorithm-dependent parameters;
This part didn't apply to your case.
> or a "PubKeyInfo" structure which does similarly. For the
latter you should
> use d2i_PUBKEY[_*] to get a generic EVP structure and then
get the RSA part
> if necessary -- or just use the openssl EVP routines which
take it as-is --
> or use d2i_RSA_PUBKEY[_*] which just does those two for you.
This part did. Except maybe the middle point -- I don't think there are
EVP wrappings for just-RSA.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
