rsa key format
Hi I have generated a private key using the below command and want to extract the public key in a format that is compatible with sites using Java. openssl genrsa -out priv_key.txt 1024 Is there a command in openssl that will extract the public key for this private key in a cert file or xml format that is compatible with Java sites? Note: I have used below command to extract public key in default PEM format. But the vendor requires the key format to be one which is compatible with Java. openssl rsa -in priv_key.txt -out pub_key.txt -pubout Regards Vivek Panikulam
Re: Error while trying to get text output from x509 cert file
Thanks for your response. It looks like the .cert file is not in the required format. It is a binary file and I assumed that it is in x509 format. Regards Vivek Panikulam From: Mounir IDRASSI To: openssl-users@openssl.org Sent: Sat, September 18, 2010 11:13:05 PM Subject: Re: Error while trying to get text output from x509 cert file Hi, The error says that it didn't find the expected start line for a certificate which is -BEGIN CERTIFICATE- . So, check that your certificate is indeed BASE64 encoded and that the first line is -BEGIN CERTIFICATE- and the last is -END CERTIFICATE- . Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi > > I am trying to get output from this x509 certificate and am getting the > below > error. Please let me know how to resolve this error and generate text > output > from this cert file. > > $ openssl x509 -in TestCryptPublic.cert -pubkey > unable to load certificate > 557096:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE > > > Regards > Vivek Panikulam > > > __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Queries on rsautl encryption output
Hi I am using the below openssl command to encrypt a string using a public key and get a binary output (symm_key_string_enc.txt). Is this an example of assymetric encryption? and is there a way to get the output in a text/ASCII format? openssl rsautl -encrypt -inkey pub_key.txt -pubin -in symm_key_string.txt -out symm_key_string_enc.txt Thanks & Regards Vivek Panikulam
Error while trying to get text output from x509 cert file
Hi I am trying to get output from this x509 certificate and am getting the below error. Please let me know how to resolve this error and generate text output from this cert file. $ openssl x509 -in TestCryptPublic.cert -pubkey unable to load certificate 557096:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE Regards Vivek Panikulam
Re: How to convert RSA public key XML format to PEM or ASCII format
Hi Thanks for your response. In which platform do I compile/execute the below CODE? I only have UNIX command line and Windows available. Regards Vivek Panikulam From: Mounir IDRASSI To: openssl-users@openssl.org Sent: Fri, September 17, 2010 10:07:10 PM Subject: Re: How to convert RSA public key XML format to PEM or ASCII format Hi, To perform the conversion, use your favorite XML library to extract the BASE64 values in the Modulus and Exponent nodes, then create an EVP_PKEY structure from these using the functions I'm pasting below. From here, call PEM_write_PUBKEY to create a PEM file that will contain your RSA public key and that can be used later by OpenSSL. unsigned char *fromBase64(const char* szInput, int* pLen) { BIO *b64, *bmem; size_t length = strlen(szInput); // The length of BASE64 representation is always bigger // than the actual data length, so the size given to // the malloc below is sufficient to hold all the // decoded data unsigned char *buffer = (unsigned char *)malloc(length); b64 = BIO_new(BIO_f_base64()); // No LF on the input string BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new_mem_buf((void*)szInput, length); bmem = BIO_push(b64, bmem); *pLen = BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } BIGNUM* BN_fromBase64(const char* szBase64) { BIGNUM* bn = NULL; int iLen; unsigned char* pbData = fromBase64(szBase64, &iLen); if (iLen) { bn = BN_bin2bn(pbData, iLen, NULL); } free(pbData); return bn; } EVP_PKEY* RSA_fromBase64(const char* szModulus, const char* szExp) { BIGNUM *n = BN_fromBase64(szModulus); BIGNUM *e = BN_fromBase64(szExp); if (!n) printf("Invalid encoding for modulus\n"); if (!e) printf("Invalid encoding for public exponent\n"); if (e && n) { EVP_PKEY* pRsaKey = EVP_PKEY_new(); RSA* rsa = RSA_new(); rsa->e = e; rsa->n = n; EVP_PKEY_assign_RSA(pRsaKey, rsa); return pRsaKey; } else { if (n) BN_free(n); if (e) BN_free(e); return NULL; } } Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr > Hi All > > I have a RSA public key provided in the below format and would like to > know how > to convert it into a format like PEM or any other format which can be read > by > openssl. I didnt find any conclusive solutions for this on www. Will > the application which generated this key format be capable of generating > the > same key in PEM or ASCII format? > > > - > >dhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq >> > > AQAB > > > Regards > Vivek Panikulam > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
How to convert RSA public key XML format to PEM or ASCII format
Hi All I have a RSA public key provided in the below format and would like to know how to convert it into a format like PEM or any other format which can be read by openssl. I didnt find any conclusive solutions for this on www. Will the application which generated this key format be capable of generating the same key in PEM or ASCII format? - dhjffljkglejDHKJFHkjhSLWSKWLlkNKMNCKJBCKJFKJFBNCJKNLKNCLKMNDLKJSLKWJLJSjsSJJSDkjswlqqq AQAB Regards Vivek Panikulam
Re: openssl and PeopleSoft
hi Kyle Thanks for the response. How do you randomly generate a value? What are the key-derivation functions and how do we use them? Regards From: "aerow...@gmail.com" To: openssl-users@openssl.org Sent: Fri, September 3, 2010 2:25:23 AM Subject: Re: openssl and PeopleSoft The key that is sought in this field is a symmetric key, not an asymmetric key. This means that RSA is not the correct type of key. Randomly generate a value, or use a particular passphrase and feed it into a key-derivation function for the number of bits in the cipher size. -Kyle H On Thu, Sep 2, 2010 at 10:58 PM, Panikulam Vivek wrote: Hi > >I am trying to use openssl to generate RSA keys and use it in PeopleSoft. But >PeopleSoft requires keys in hex notation with specific keysize of 168 which I >am >not able to generate with openSSL. Please let me know if anyone has experience >working with OpenSSL for PeopleSoft.Any help is appreciated. Thanks > >Regards >Vivek Panikulam > > >Use Entered Value Select this option to use key values that aren't in the >PeopleSoft keystore. Enter a key value that's formatted appropriately for the >algorithm that you're configuring. This value will be entered into the PET >keyset table, not the PeopleSoft keystore. > >The value that you enter has a length that depends on the keysize of the >cipher. >For triple DES with keysize 112, this is 16 bytes. For a keysize of 168, this >is >24 bytes. This value should be represented in hex notation. > >You must generate the key value that you enter here. You can use any key >generation utility capable of producing hex encoded keys of the required >length. >PeopleSoft delivers the core OpenSSL command line program precompiled and >ready >to use. You can use it to generate key values and perform other >encryption-related tasks. The executable program is PS_HOME\bin\server\WINX86\ >openssl.exe on Windows, and PS_HOME/bin/openssl on Unix and Linux platforms. > >
openssl and PeopleSoft
Hi I am trying to use openssl to generate RSA keys and use it in PeopleSoft. But PeopleSoft requires keys in hex notation with specific keysize of 168 which I am not able to generate with openSSL. Please let me know if anyone has experience working with OpenSSL for PeopleSoft.Any help is appreciated. Thanks Regards Vivek Panikulam Use Entered Value Select this option to use key values that aren't in the PeopleSoft keystore. Enter a key value that's formatted appropriately for the algorithm that you're configuring. This value will be entered into the PET keyset table, not the PeopleSoft keystore. The value that you enter has a length that depends on the keysize of the cipher. For triple DES with keysize 112, this is 16 bytes. For a keysize of 168, this is 24 bytes. This value should be represented in hex notation. You must generate the key value that you enter here. You can use any key generation utility capable of producing hex encoded keys of the required length. PeopleSoft delivers the core OpenSSL command line program precompiled and ready to use. You can use it to generate key values and perform other encryption-related tasks. The executable program is PS_HOME\bin\server\WINX86\openssl.exe on Windows, and PS_HOME/bin/openssl on Unix and Linux platforms.