Hello Matt,
my question was wrong, because I have to admin, that I did, at the
moment of the post, not know what the line I posted does.
thank you very much for the explanation and the links
Andreas
Am 14.12.2013 14:10, schrieb Matt Caswell:
On 13 December 2013 17:33, andreas
<andreas.moroder-hi6y0cq0...@public.gmane.org> wrote:
Hello,
in our public hospital we have a application that has to encrypt data
with a certificate.
At the moment we call a batch files that does
openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer
-certin -pkcs
I don't know what it is that you are encrypting, however normally you
would not directly encrypt messages in this way. RSA is usually used
to encrypt some symmetric session key, and then your message is
encrypted using this session key. Here you are directly encrypting
files using RSA...if those files are actually raw keys then thats
probably ok.
IS it possible to implement this in our application using openssl
libraries ?
Yes:
To load the certificate you can use PEM_read_X509 (or one of the other
similar variants). See https://www.openssl.org/docs/crypto/pem.html
This will give you an X509 structure. To obtain the public key from
the certificate use X509_get_pubkey. This function is defined in
x509.h and is apparently undocumented as far as I can see. Its quite
straight forward though - just pass the X509 structure in and you get
an EVP_PKEY structure back.
To encrypt use EVP_PKEY_encrypt. See
https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html
The manual page above gives some example code for encrypting. It shows
how to set the padding type. For your particular situation you need to
use RSA_PKCS1_PADDING.
Don't forget to free up your EVP_PKEY and X509 structures using
EVP_PKEY_free and X509_free.
Can anyone please tell me if there are sample file that implement that
encryption ?
You can take a look at how the rsautl app does it in apps/rsautl.c.
This essentially works the same way as I have outlined above except
that it uses RSA_public_encrypt to do the encryption, rather than
EVP_PKEY_encrypt that I have suggested.
Hope that helps,
Matt
Thanks
Andreas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org
Automated List Manager
majordomo-mcmkbn63+blafugrpc6...@public.gmane.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org
Automated List Manager
majordomo-mcmkbn63+blafugrpc6...@public.gmane.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
