I am using openssl 1.0.1e and attempting to generate a CSR. In this case we
are generating our own key pair and will sign independently, so I can't have
openssl generate the key pair and then sign for me. This is all within an
embedded device, so making the calls to the x509_req.
I have the public key I want to set within the CSR. The private key will not
be embedded within the CSR.
I setup the x509_req structure with the new, populated with the subject via
X509_NAME_add_entry_by_txt, then using X509_REQ_set_subject_name.
The problem is when I try to setup the public key. I know I need to use the
X509_REQ_set_pubkey, which takes the req pointer and the evp key pointer,
but the issue I am having is finding what items to set for the Evp key.
>From what I found I need to create an ec key, set the group, point then
ultimately call EVP_PKEY_assign_EC_KEY.
Below is my call stack. Using this, I get a lot of extra information in the
CSR that is not needed, below the call stack. I think the "extra" data is
actually incorrect and I do not need it as part of the CSR. Is there a way I
can just cut off this extra data? (Remember in code so no command line
interaction).
I thank you for any help on this!
>>>Call stack for populating evp key>>>
*ec_key_ptr_ptr = EC_KEY_new()
ec_group_ptr = EC_GROUP_new_by_curve_name(NID_secp384r1)
ec_point_ptr = EC_POINT_new(ec_group_ptr)
EC_KEY_set_group(*ec_key_ptr_ptr, ec_group_ptr)
EC_POINT_oct2point(ec_group_ptr,
ec_point_ptr,
public_key_ptr, /*This is the public key I
want to set*/
public_key_len,
NULL)
EC_KEY_set_public_key(*ec_key_ptr_ptr, ec_point_ptr)
*evp_key_ptr_ptr = EVP_PKEY_new()
EVP_PKEY_assign_EC_KEY(*evp_key_ptr_ptr, *ec_key_ptr_ptr)
>>>Extra items in the CSR that I do not want/need>>>>
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:ff
A:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:fc
B:
00:b3:31:2f:a7:e2:3e:e7:e4:98:8e:05:6b:e3:f8:
2d:19:18:1d:9c:6e:fe:81:41:12:03:14:08:8f:50:
13:87:5a:c6:56:39:8d:8a:2e:d1:9d:2a:85:c8:ed:
d3:ec:2a:ef
Generator (uncompressed):
04:aa:87:ca:22:be:8b:05:37:8e:b1:c7:1e:f3:20:
ad:74:6e:1d:3b:62:8b:a7:9b:98:59:f7:41:e0:82:
54:2a:38:55:02:f2:5d:bf:55:29:6c:3a:54:5e:38:
72:76:0a:b7:36:17:de:4a:96:26:2c:6f:5d:9e:98:
bf:92:92:dc:29:f8:f4:1d:bd:28:9a:14:7c:e9:da:
31:13:b5:f0:b8:c0:0a:60:b1:ce:1d:7e:81:9d:7a:
43:1d:7c:90:ea:0e:5f
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:c7:63:4d:81:f4:
37:2d:df:58:1a:0d:b2:48:b0:a7:7a:ec:ec:19:6a:
cc:c5:29:73
Cofactor: 1 (0x1)
Seed:
a3:35:92:6a:a3:19:a2:7a:1d:00:89:6a:67:73:a4:
82:7a:cd:ac:73
--
View this message in context:
http://openssl.6102.n7.nabble.com/Set-public-key-in-a-CSR-tp48250.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
