I am using openssl 1.0.1e and attempting to generate a CSR. In this case we are generating our own key pair and will sign independently, so I can't have openssl generate the key pair and then sign for me. This is all within an embedded device, so making the calls to the x509_req. I have the public key I want to set within the CSR. The private key will not be embedded within the CSR.
I setup the x509_req structure with the new, populated with the subject via X509_NAME_add_entry_by_txt, then using X509_REQ_set_subject_name. The problem is when I try to setup the public key. I know I need to use the X509_REQ_set_pubkey, which takes the req pointer and the evp key pointer, but the issue I am having is finding what items to set for the Evp key. >From what I found I need to create an ec key, set the group, point then ultimately call EVP_PKEY_assign_EC_KEY. Below is my call stack. Using this, I get a lot of extra information in the CSR that is not needed, below the call stack. I think the "extra" data is actually incorrect and I do not need it as part of the CSR. Is there a way I can just cut off this extra data? (Remember in code so no command line interaction). I thank you for any help on this! >>>Call stack for populating evp key>>> *ec_key_ptr_ptr = EC_KEY_new() ec_group_ptr = EC_GROUP_new_by_curve_name(NID_secp384r1) ec_point_ptr = EC_POINT_new(ec_group_ptr) EC_KEY_set_group(*ec_key_ptr_ptr, ec_group_ptr) EC_POINT_oct2point(ec_group_ptr, ec_point_ptr, public_key_ptr, /*This is the public key I want to set*/ public_key_len, NULL) EC_KEY_set_public_key(*ec_key_ptr_ptr, ec_point_ptr) *evp_key_ptr_ptr = EVP_PKEY_new() EVP_PKEY_assign_EC_KEY(*evp_key_ptr_ptr, *ec_key_ptr_ptr) >>>Extra items in the CSR that I do not want/need>>>> Field Type: prime-field Prime: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00: ff:ff:ff:ff A: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00: ff:ff:ff:fc B: 00:b3:31:2f:a7:e2:3e:e7:e4:98:8e:05:6b:e3:f8: 2d:19:18:1d:9c:6e:fe:81:41:12:03:14:08:8f:50: 13:87:5a:c6:56:39:8d:8a:2e:d1:9d:2a:85:c8:ed: d3:ec:2a:ef Generator (uncompressed): 04:aa:87:ca:22:be:8b:05:37:8e:b1:c7:1e:f3:20: ad:74:6e:1d:3b:62:8b:a7:9b:98:59:f7:41:e0:82: 54:2a:38:55:02:f2:5d:bf:55:29:6c:3a:54:5e:38: 72:76:0a:b7:36:17:de:4a:96:26:2c:6f:5d:9e:98: bf:92:92:dc:29:f8:f4:1d:bd:28:9a:14:7c:e9:da: 31:13:b5:f0:b8:c0:0a:60:b1:ce:1d:7e:81:9d:7a: 43:1d:7c:90:ea:0e:5f Order: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:c7:63:4d:81:f4: 37:2d:df:58:1a:0d:b2:48:b0:a7:7a:ec:ec:19:6a: cc:c5:29:73 Cofactor: 1 (0x1) Seed: a3:35:92:6a:a3:19:a2:7a:1d:00:89:6a:67:73:a4: 82:7a:cd:ac:73 -- View this message in context: http://openssl.6102.n7.nabble.com/Set-public-key-in-a-CSR-tp48250.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org