RE: loading an RSA pubkey that is hex encoded and DER
Steve, First my appologies for misspelling your name. Second. Thanks very much for your response. I can happily say that I can now read my key! Now I just need to verify my signature which appears to be in hex as well. I will do a little research but other than converting to b64, is there anything else that I should be aware of with respect to the signature verification? thanks very much for your help. take care, e -Original Message- From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED] Sent: Monday, May 03, 2004 1:22 PM To: [EMAIL PROTECTED] Subject: Re: loading an RSA pubkey that is hex encoded and DER On Mon, May 03, 2004, Eleanor Nagai wrote: Steven, Hi! Thanks very much for your response. I tried the -keyform option in the dgst command but get the message unable to load key file. So I tried your suggestion to convert the key to pem format using: openssl rsa -in key file -pubin -inform der -pubout -outform pem but got the following message: unable to load Public Key 12823:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946 12823:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_PUBKEY The asn1parse tool doesn't seem to be able to understand the key file either as: openssl asn1parse -inform der|txt -in key file -dump returns 0:d=0 hl=2 l= 48 cons:PRINTABLESTRING Error in encoding 12829:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: Well 48 = ASCII '0' so it seems like your data really is in hex format. You'll need to convert it to a binary file first either by writing a program or using a utility: IIRC the xxd utility can do this. After that it depends on what format the data is in. If its a subjectPublicKeyInfo structure OpenSSL should have no problems with it. If its and RSAPublicKey you'll need to convert it because currently there's no command line options to handle that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: loading an RSA pubkey that is hex encoded and DER
Steven, Hi! Thanks very much for your response. I tried the -keyform option in the dgst command but get the message unable to load key file. So I tried your suggestion to convert the key to pem format using: openssl rsa -in key file -pubin -inform der -pubout -outform pem but got the following message: unable to load Public Key 12823:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946 12823:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_PUBKEY The asn1parse tool doesn't seem to be able to understand the key file either as: openssl asn1parse -inform der|txt -in key file -dump returns 0:d=0 hl=2 l= 48 cons:PRINTABLESTRING Error in encoding 12829:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: :( Below is the code,using crypt0++, that created the key: //AutoSeededRandomPool rng; 1. RandomPool rng; 2. InvertibleRSAFunction privKey; 3. privKey.Initialize(rng, length); 4. HexEncoder privString(new StringSink(privateKey)); 5. privKey.DEREncode(privString); 6. privString.MessageEnd(); 7. RSAFunction pubKey(privKey); 8. HexEncoder pubString(new StringSink(publicKey)); 9. pubKey.DEREncode(pubString); 10. pubString.MessageEnd(); My understanding is that the key(pair) is generated in line 3. privateKey is the output file so the key is first DER encoded (line 5) and written in hex to the output file (line 6). A similar process is then used to write the public key to a file. So... I think what I need to do is convert the public key, presumably in hex, to base64? Does this sound reasonable? thanks again for your help, e -Original Message- From: Steven Reddie [mailto:[EMAIL PROTECTED] Sent: Saturday, May 01, 2004 10:41 PM To: [EMAIL PROTECTED] Subject: RE: loading an RSA pubkey that is hex encoded and DER Hi, I think the term you were looking for was binary, meaning not a text file. If by dgst you mean the openssl command line utility, try adding the parameter -keyform der. If that doesn't work you'll need to convert the key to PEM (base64 encoding of the DER). The command openssl rsa -inform der -in infilename -out outfilename should do the trick. There are other options that handle encryption of the key; run openssl rsa help to see them. If you are talking about the API, there are several ways to load such a key. One is to load the contents of the file into a buffer and use the function d2i_RSAPrivateKey to convert from Der to Internal format. Regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eleanor Nagai Sent: Sunday, 2 May 2004 9:34 AM To: '[EMAIL PROTECTED]' Subject: loading an RSA pubkey that is hex encoded and DER Hi! I'm somewhat new to the crypto world and openssl so I appologize if this comes across a bit confusing. I have an RSA public key generated by crypto++ that is in DER format and hex (not base64) encoded. I also have a signature created with the associated RSA private key using SHA1 digest and PKCS1v1.5 formatting that I need to verify. Is it possible to load the public key so that I can use dgst to verify the signature? Any help will be greatly appreciated. thanks, Eleanor __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: loading an RSA pubkey that is hex encoded and DER
On Mon, May 03, 2004, Eleanor Nagai wrote: Steven, Hi! Thanks very much for your response. I tried the -keyform option in the dgst command but get the message unable to load key file. So I tried your suggestion to convert the key to pem format using: openssl rsa -in key file -pubin -inform der -pubout -outform pem but got the following message: unable to load Public Key 12823:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946 12823:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_PUBKEY The asn1parse tool doesn't seem to be able to understand the key file either as: openssl asn1parse -inform der|txt -in key file -dump returns 0:d=0 hl=2 l= 48 cons:PRINTABLESTRING Error in encoding 12829:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: Well 48 = ASCII '0' so it seems like your data really is in hex format. You'll need to convert it to a binary file first either by writing a program or using a utility: IIRC the xxd utility can do this. After that it depends on what format the data is in. If its a subjectPublicKeyInfo structure OpenSSL should have no problems with it. If its and RSAPublicKey you'll need to convert it because currently there's no command line options to handle that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: loading an RSA pubkey that is hex encoded and DER
Hi, I think the term you were looking for was binary, meaning not a text file. If by dgst you mean the openssl command line utility, try adding the parameter -keyform der. If that doesn't work you'll need to convert the key to PEM (base64 encoding of the DER). The command openssl rsa -inform der -in infilename -out outfilename should do the trick. There are other options that handle encryption of the key; run openssl rsa help to see them. If you are talking about the API, there are several ways to load such a key. One is to load the contents of the file into a buffer and use the function d2i_RSAPrivateKey to convert from Der to Internal format. Regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eleanor Nagai Sent: Sunday, 2 May 2004 9:34 AM To: '[EMAIL PROTECTED]' Subject: loading an RSA pubkey that is hex encoded and DER Hi! I'm somewhat new to the crypto world and openssl so I appologize if this comes across a bit confusing. I have an RSA public key generated by crypto++ that is in DER format and hex (not base64) encoded. I also have a signature created with the associated RSA private key using SHA1 digest and PKCS1v1.5 formatting that I need to verify. Is it possible to load the public key so that I can use dgst to verify the signature? Any help will be greatly appreciated. thanks, Eleanor __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]