Hi David,
Your attached sample certificate and private key (1024 bit RSA) works fine.
I am reading it with PEM_read_PrivateKey( fp, &key, NULL, NULL), and also
PEM_read_bio_PrivateKey(pkeybio, NULL, 0, NULL) works.
If you could post the code or code fragment that creates the problem?
d2i_RSAPrivateKey() is not reading PEM, just making sure...
Best wishes,
Frank Migge
David Lobron <mailto:dlob...@akamai.com>
Saturday, October 10, 2015 12:33 AM
Hello openssl people,
I am trying to read a private key of a certificate into memory using
d2i_RSAPrivateKey. I'm able to read the certificate without a problem,
but when I pass the private key to d2i_RSAPrivateKey, it fails to
parse. I do not see an error message or errno being set -
d2i_RSAPrivateKey simply returns NULL. I've generated a self-signed
cert which reproduces the problem, and I've attached it to this
message (this is a throwaway cert, not in use for anything, so I'm
knowingly sending the private key). The command I used to generate
this cert and its key was:
openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days
36500 -nodes -outform PEM
I have another cert where the private key *is* parseable by
d2i_RSAPrivateKey. I printed out both certs from the command line, and
compared them. They appear almost identical. The only difference I see
is that when I print the attached unparseable cert, the Signature
Algorithm section has 8 lines of hex. In the parseable cert, I see 15
lines of hex. Both certs use sha1WithRSAEncryption as the algorithm,
with 1024 bits.
Can anyone help me understand why the private key in the attached cert
is not readable by d2i_RSAPrivateKey? I'm running these tests on a
Mac, but the same thing happens on Ubuntu Linux.
Thank you,
David
Printout of the attached cert, which fails to parse with
d2i_RSAPrivateKey:
MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined
-text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies,
OU=KMI,
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Validity
Not Before: Oct 8 15:47:30 2015 GMT
Not After : Jan 16 15:47:30 2016 GMT
Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies,
OU=KMI,
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:
77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:
63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:
27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:
53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:
ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:
bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:
02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:
e7:82:39:f9:09:1b:ee:56:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Authority Key Identifier:
keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:
66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:
46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:
a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:
58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:
1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:
d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:
37:c8
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
Sent with Postbox <http://www.getpostbox.com>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users