Re: Harcoded Private RSA Key
Thanks for your help again Stephen, I will try that, if it works I will post my result. []s Douglas Gemignani On Fri, Jan 29, 2010 at 11:14 AM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Jan 29, 2010, Douglas Gemignani wrote: Hello, I would like to know if it is possible to embed a RSA private Key on my code. Yes, I know this is not a very good practice. I currently use PEM_read_PrivateKey(fp, NULL, NULL, password) for reading the key from the file. I tried to call i2d_PrivateKey (pkey, p) hardcoding the output and reading it again with d2i_PrivateKey (0, pkey, p, certlen) but it didn't work, it doesn't build the EVP_PKEY structure properly. My following solution was to create a BIO, exporting the key to it, dumping the output then calling: rsa=PEM_read_bio_RSAPrivateKey(bio,NULL,NULL,NULL)) EVP_PKEY_new() EVP_PKEY_assign_RSA(pkey, rsa) EVP_PKEY_set1_RSA(CApkey, rsa) But I guess I missed something here. Anybody know if a mmap/CreateFileMapping would work with PEM_read_PrivateKey? You can create a BIO from a memory buffer directly using BIO_new_mem_buf(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Harcoded Private RSA Key
Hello, I would like to know if it is possible to embed a RSA private Key on my code. Yes, I know this is not a very good practice. I currently use PEM_read_PrivateKey(fp, NULL, NULL, password) for reading the key from the file. I tried to call i2d_PrivateKey (pkey, p) hardcoding the output and reading it again with d2i_PrivateKey (0, pkey, p, certlen) but it didn't work, it doesn't build the EVP_PKEY structure properly. My following solution was to create a BIO, exporting the key to it, dumping the output then calling: rsa=PEM_read_bio_RSAPrivateKey(bio,NULL,NULL,NULL)) EVP_PKEY_new() EVP_PKEY_assign_RSA(pkey, rsa) EVP_PKEY_set1_RSA(CApkey, rsa) But I guess I missed something here. Anybody know if a mmap/CreateFileMapping would work with PEM_read_PrivateKey? Thanks, []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Generated RSA Data Bigger than Key
Hello, I'm using PKCS#7 for generating an enveloped certificated, but after openssl generating a random TDES key and encrypts it with my pub exp, sometimes the resulting data is bigger than my module / prv exp. Something is wrong, this should never happen... There is my snippet p7 = PKCS7_new()); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_content_new( p7, NID_pkcs7_data); PKCS7_add_recipient(p7, *recipient); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); p7bio = PKCS7_dataInit (p7,NULL); BIO_write(p7bio, Data, DataLenght); BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio); Thanks! []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS#7 enveloped message
Hello, I need to generate a pkcs#7 certificate with a enveloped message inside it. As far as I understand this message (X509) will be encrypted with a random generated TDES key. This is my snippet, but it is still incomplete and some comments regarding my doubts, I hope someone could help me!! //Load rsa key above data=BIO_new_file(file.txt,r); recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_add_recipient(p7, recipient); EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here /* BIO_puts(data, Hello World!); //so here is my data? if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; for (;;){ i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio);*/ PEM_write_PKCS7(stdout,p7); Thanks, []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message
This looks like a recent change in the v1.0.0 beta *) Update PKCS#7 enveloped data routines to use new API. This is now supported by any public key method supporting the encrypt operation. A ctrl is added to allow the public key algorithm to examine or modify the PKCS#7 RecipientInfo structure if it needs to: for RSA this is a no op. [Steve Henson] I'm still using version 0.9.8k. I rather not use beta editions! I noticed the magic in the API is encapsulated here now: in = BIO_new_file(encr.txt, r); if (!in)goto err; /* encrypt content */ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); It probably setups the p7 struct and calls PKCS7_dataInit and PKCS7_dataFinal []s Douglas Gemignani On Tue, Jan 12, 2010 at 2:59 PM, Dr. Stephen Henson st...@openssl.org wrote: On Tue, Jan 12, 2010, Douglas Gemignani wrote: Hello, I need to generate a pkcs#7 certificate with a enveloped message inside it. As far as I understand this message (X509) will be encrypted with a random generated TDES key. This is my snippet, but it is still incomplete and some comments regarding my doubts, I hope someone could help me!! //Load rsa key above data=BIO_new_file(file.txt,r); recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_add_recipient(p7, recipient); EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here /* BIO_puts(data, Hello World!); //so here is my data? if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; for (;;){ i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio);*/ PEM_write_PKCS7(stdout,p7); Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org