Re: Harcoded Private RSA Key
Thanks for your help again Stephen, I will try that, if it works I will post my result. []s Douglas Gemignani On Fri, Jan 29, 2010 at 11:14 AM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Jan 29, 2010, Douglas Gemignani wrote: Hello, I would like to know if it is possible to embed a RSA private Key on my code. Yes, I know this is not a very good practice. I currently use PEM_read_PrivateKey(fp, NULL, NULL, password) for reading the key from the file. I tried to call i2d_PrivateKey (pkey, p) hardcoding the output and reading it again with d2i_PrivateKey (0, pkey, p, certlen) but it didn't work, it doesn't build the EVP_PKEY structure properly. My following solution was to create a BIO, exporting the key to it, dumping the output then calling: rsa=PEM_read_bio_RSAPrivateKey(bio,NULL,NULL,NULL)) EVP_PKEY_new() EVP_PKEY_assign_RSA(pkey, rsa) EVP_PKEY_set1_RSA(CApkey, rsa) But I guess I missed something here. Anybody know if a mmap/CreateFileMapping would work with PEM_read_PrivateKey? You can create a BIO from a memory buffer directly using BIO_new_mem_buf(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Harcoded Private RSA Key
Hello, I would like to know if it is possible to embed a RSA private Key on my code. Yes, I know this is not a very good practice. I currently use PEM_read_PrivateKey(fp, NULL, NULL, password) for reading the key from the file. I tried to call i2d_PrivateKey (pkey, p) hardcoding the output and reading it again with d2i_PrivateKey (0, pkey, p, certlen) but it didn't work, it doesn't build the EVP_PKEY structure properly. My following solution was to create a BIO, exporting the key to it, dumping the output then calling: rsa=PEM_read_bio_RSAPrivateKey(bio,NULL,NULL,NULL)) EVP_PKEY_new() EVP_PKEY_assign_RSA(pkey, rsa) EVP_PKEY_set1_RSA(CApkey, rsa) But I guess I missed something here. Anybody know if a mmap/CreateFileMapping would work with PEM_read_PrivateKey? Thanks, []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Generated RSA Data Bigger than Key
Hello, I'm using PKCS#7 for generating an enveloped certificated, but after openssl generating a random TDES key and encrypts it with my pub exp, sometimes the resulting data is bigger than my module / prv exp. Something is wrong, this should never happen... There is my snippet p7 = PKCS7_new()); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_content_new( p7, NID_pkcs7_data); PKCS7_add_recipient(p7, *recipient); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); p7bio = PKCS7_dataInit (p7,NULL); BIO_write(p7bio, Data, DataLenght); BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio); Thanks! []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PKCS#7 enveloped message
Hello,
I need to generate a pkcs#7 certificate with a enveloped message
inside it. As far as I understand this message (X509) will be
encrypted with a random generated TDES key.
This is my snippet, but it is still incomplete and some comments
regarding my doubts, I hope someone could help me!!
//Load rsa key above
data=BIO_new_file(file.txt,r);
recipient=PEM_read_bio_X509(data,NULL,NULL,NULL);
PKCS7_set_type(p7, NID_pkcs7_enveloped);
PKCS7_add_recipient(p7, recipient);
EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used??
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here
/*
BIO_puts(data, Hello World!); //so here is my data?
if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err;
for (;;){
i=BIO_read(data,buf,sizeof(buf));
if (i = 0) break;
BIO_write(p7bio,buf,i);
}
BIO_flush(p7bio);
PKCS7_dataFinal(p7, p7bio);*/
PEM_write_PKCS7(stdout,p7);
Thanks,
[]s
Douglas Gemignani
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message
This looks like a recent change in the v1.0.0 beta
*) Update PKCS#7 enveloped data routines to use new API. This is now
supported by any public key method supporting the encrypt operation. A
ctrl is added to allow the public key algorithm to examine or modify
the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
a no op.
[Steve Henson]
I'm still using version 0.9.8k. I rather not use beta editions!
I noticed the magic in the API is encapsulated here now:
in = BIO_new_file(encr.txt, r);
if (!in)goto err;
/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
It probably setups the p7 struct and calls PKCS7_dataInit and PKCS7_dataFinal
[]s
Douglas Gemignani
On Tue, Jan 12, 2010 at 2:59 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Jan 12, 2010, Douglas Gemignani wrote:
Hello,
I need to generate a pkcs#7 certificate with a enveloped message
inside it. As far as I understand this message (X509) will be
encrypted with a random generated TDES key.
This is my snippet, but it is still incomplete and some comments
regarding my doubts, I hope someone could help me!!
//Load rsa key above
data=BIO_new_file(file.txt,r);
recipient=PEM_read_bio_X509(data,NULL,NULL,NULL);
PKCS7_set_type(p7, NID_pkcs7_enveloped);
PKCS7_add_recipient(p7, recipient);
EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used??
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here
/*
BIO_puts(data, Hello World!); //so here is my data?
if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err;
for (;;){
i=BIO_read(data,buf,sizeof(buf));
if (i = 0) break;
BIO_write(p7bio,buf,i);
}
BIO_flush(p7bio);
PKCS7_dataFinal(p7, p7bio);*/
PEM_write_PKCS7(stdout,p7);
Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
