Creating AES Key for encryption in server side and share the key
I am implementing SSL on server side to authenticate the client certificate(X.509) and also client will authenticate the servers certificate(X.509). Once the mutual authentication has completed server has to generate AES key for encryption and decryption. In server side I am creating 256 bits AES key for encrypting the plaintext using C programming using OpenSSL. AES_KEY aeskey; RAND_bytes(key32,sizeof(key32)); AES_set_encrypt_key(key32, 32*8, aeskey); AES_cbc_encrypt(inbuf, outbuf, 16, aeskey, iv, AES_ENCRYPT); I have to decrypt the same message in Client side. Client side I am using JAVA Programming. 1. How i can send this AES key to JAVA client? or 2. How can derive common AES key on both side? 2. Can i use Password Based Encryption to derive the common keys for both side(JAVA and C)? Thanks, Krish
Re: AES encryption using RSA keys
Thanks for your detailed Explanation Dave. I am going to encrypt using AES
in server side using EVP ,
EVP_EncryptInit_ex(x, EVP_aes_256_cbc(), NULL, key,iv))
EVP_EncryptUpdate(x, outbuf, outlen, (const unsigned char*) intext,
strlen(intext)))
EVP_EncryptFinal_ex(x,outbuf+outlen,tmplen))
client will be using JAVE to decrypt the same. should i use the above same
funtion to encrypt the or i must use
AES_cbc_encrypt();
to encrypt the same.
Thanks for your time,
Krishnamurthy
On Fri, Aug 26, 2011 at 5:20 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Wednesday, 24 August, 2011 02:32
Basically when we encrypt something using an RSA key (whether
public
or private), the encrypted value must be smaller than the key (due to
the maths used to do the actual encryption). So if you have a 1024-bit
key,
in theory we could encrypt any 1023-bit value (or a 1024-bit value
smaller
than the key) with that key.
More precisely, smaller than the modulus 'N' but
large enough not to be subject to a trivial break.
An RSA public key is the pair (e,n) where e is usually small,
and the private key is in principle the pair (d,n) where d is
usually a substantial fraction of n. RSA private keys may
and in OpenSSL do also include additional 'Chinese Remainder
Theorem' aka CRT information to make computation faster.
Plus, most actual RSA encryption schemes add padding.
In particular simply RSA-encrypting raw user data allows
an adversary to determine if a guessed plaintext is correct,
which in general is considered an unacceptable weakness.
Thus the value size you can encrypt is somewhat less than
the RSA modulus size because of this padding; the commonly
used PKCS#1 v1.5 'classic' and v2 OAEP are 11 and 41 bytes.
If used certain ways v1.5 has weakness (see Bleichenbacher's
attack on early SSL) which is why OAEP was created.
below is the code snippet i am trying to do AES Encryption.
it works fine. if i see some example in openssl they are using KEY value
EVP_MAX_KEY_LENGTH(32 bytes). can i use RSA public key(1024 bit) to
encrypt
the same value and use private to decrypt the value.
It's not entirely 'fine', see below.
EVP_MAX_KEY_LENGTH is the maximum length for *any* (supported)
*symmetric* algorithm. It is useful if you want to write generic
code that works for various algorithms selectable at runtime,
as many common systems like SSL/TLS SMIME/CMS/PKCS7 PGP do.
If you are using only a specific cipher you can use the key length
for that cipher which might be smaller.
However, the key lengths for *asymmetric* algorithms, including RSA,
are all separate. You need to use the correct one for each.
unsigned char key[] =
{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
unsigned char iv[] = {1,2,3,4,5,6,7,8};
char intext[] = string to make the random number generator
think it has entropy;
// Straight encrypt
EVP_CIPHER_CTX x;
EVP_CIPHER_CTX_init(x);
if(!EVP_EncryptInit_ex(x, EVP_aes_256_cbc(), NULL, key,
iv))
printf(\n ERROR!! \n);
The key for AES-256 is 32 bytes, and IV for AES-anything 16 bytes.
You are using partly unknown possibly garbage values, which means
you may be unable to decrypt the result in any other program.
(Of course in any real use the IV should be random or at least unique
and unpredictable, and the key should be random or at least secret.)
if(!EVP_EncryptUpdate(x, outbuf, outlen,
(const unsigned char*) intext, strlen(intext)))
printf(\n ERROR!! \n);
if(!EVP_EncryptFinal_ex(x,outbuf+outlen,tmplen))
printf(\n ERROR!! \n);
outlen+=tmplen;
In general when any OpenSSL call returns an error, you should look
at the error stack: http://www.openssl.org/support/faq.html#PROG6
For these particular calls (symm encrypt without engine) it's not vital,
but if and when you start doing other things it becomes valuable.
}
EVP_CIPHER_CTX_cleanup(x);
This should be within the routine (before the closing brace).
Now to your actual question:
Yes in abstract you can encrypt and decrypt data directly with RSA.
In practice people usually don't, because of the limitations.
Most widespread systems like SSL/TLS and SMIME and PGP are 'hybrid',
where for encryption the data is encrypted with a symmetric algorithm
and a random 'working' or 'session' key, and public-key algorithms
like RSA DH or ECDH are used to transfer or share that working key;
in the simplest case, the working key is just RSA-encrypted.
Similarly for signing people don't actually RSA-sign their data;
instead a hash like SHA1 is computed from the data, and that hash
(plus limited overhead like an OID) is signed by RSA or [EC]DSA
AES encryption using RSA keys
Basically when we encrypt something using an RSA key (whether public or
private), the encrypted value must be smaller than the key (due to the maths
used to do the actual encryption). So if you have a 1024-bit key, in theory
we could encrypt any 1023-bit value (or a 1024-bit value smaller than the
key) with that key.
below is the code snippet i am trying to do AES Encryption. it works fine.
if i see some example in openssl they are using KEY value EVP_MAX_KEY_LENGTH(32
bytes). can i use RSA public key(1024 bit) to encrypt the same value and use
private to decrypt the value.
int main(int argc, char* argv[])
{
unsigned char outbuf2[1024];
unsigned char outbuf[1024];
int outlen, outlen2, tmplen;
unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
unsigned char iv[] = {1,2,3,4,5,6,7,8};
char intext[] = string to make the random number generator think it
has entropy;
// Straight encrypt
EVP_CIPHER_CTX x;
EVP_CIPHER_CTX_init(x);
if(!EVP_EncryptInit_ex(x, EVP_aes_256_cbc(), NULL, key, iv))
printf(\n ERROR!! \n);
if(!EVP_EncryptUpdate(x, outbuf, outlen,(const unsigned char*)
intext, strlen(intext)))
printf(\n ERROR!! \n);
if(!EVP_EncryptFinal_ex(x,outbuf+outlen,tmplen))
printf(\n ERROR!! \n);
outlen+=tmplen;
}
EVP_CIPHER_CTX_cleanup(x);
Thanks,
Krishnamurthy
Re: creating Master-Key for encryption/decryption
Thanks. I gone through the RFC 2246 and understood the Master key generation
part. The Master key is generated and able to print the client side(test C
program) using ssl strucure.
printf(session A\n);
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
for (i=0; i(unsigned int)session-master_key_length; i++)
{
BIO_printf(bp,%02X,session-master_key[i]) );
}
How i can get the same Master key in server side?
in my scenario, server side program is running in C. JDBC clients will
establish the connection to the server. will the same Mester key generated
in the cross platforms(JDBC client side)?
Any help will be great.
Thanks for your time,
Krishnamurthy
On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar suraj...@gmail.com wrote:
Please read the RFC, it would clearly explain how the master secret is
dervied, and from that how the read and write keys are derived. With that
you can get to know how to extract the read n write keys. Meanwhile the read
and wirte keys are available as part of the ssl object.
Check that structure out.
Thanks
--Gayathri
On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam
krishnamurth...@gmail.com wrote:
I have more than 100 clients that will connect to my server and
communicate the data. I am implementing SSL on server side to authenticate
the client certificate(X.509) and also client will authenticate the servers
certificate. Once the mutual authentication has completed I have to generate
master key for encryption and decryption. I am going to use AES for
encryption and decryption.
I had generated the client and server certificates using the bellow
commands and signed by the root,
1. CLIENT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out
clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
clientcert.pem
cat clientkey.pem clientcert.pem rootcert.pem client.pem
openssl x509 -subject -issuer -noout -in client.pem
2. SERVER CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out
serverreq.pem
openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions
usr_
cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
servercert.pem
cat serverkey.pem servercert.pem rootcert.pem server.pem
openssl x509 -subject -issuer -noout -in server.pem
3. ROOT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions
v3_ca -sig
nkey rootkey.pem -out rootcert.pem
cat rootcert.pem rootkey.pem root.pem
openssl x509 -subject -issuer -noout -in root.pem
Initially I am writing ssl/tls programming for server and client. In
this I am able to communicate the data between client and server.
I was struck on master key generation, I have added the below LOC to
programs to get MASTER KEY,
printf(session A\n);
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
It is printing like this ,
session A
SSL-Session:
Protocol : TLSv1
Cipher: AES256-SHA
Session-ID:
9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
Session-ID-ctx:
Master-Key:
56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
6B602878597465F739AD69091DDF6499
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1314015355
Timeout : 7200 (sec)
Is this the Master key for both the server and client?
Is this the key that should be used for the encryption in client side and
decryption in server side?
If this is the Master key how can I extract the key?
Please guide me if I understood anything wrong.
Re: creating Master-Key for encryption/decryption
Thanks. As per my understanding,Before sending master key to client , server
has to maintain the master key. How i can get this in server side? is there
any code sample or snippet to get this key?
Krishna
On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar suraj...@gmail.comwrote:
Master key is unique per session, and its same for both client and server,
thats the concept behind the SSL handshake. The RFC would state the
information accurately. Perhaps you can send the master secret as part of
ur application data, to the client, which can decrypt and use.
Thanks
--Gayathri
On Tue, Aug 23, 2011 at 12:41 PM, krishnamurthy santhanam
krishnamurth...@gmail.com wrote:
Thanks. I gone through the RFC 2246 and understood the Master key
generation part. The Master key is generated and able to print the client
side(test C program) using ssl strucure.
printf(session A\n);
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
for (i=0; i(unsigned int)session-master_key_length; i++)
{
BIO_printf(bp,%02X,session-master_key[i]) );
}
How i can get the same Master key in server side?
in my scenario, server side program is running in C. JDBC clients will
establish the connection to the server. will the same Mester key generated
in the cross platforms(JDBC client side)?
Any help will be great.
Thanks for your time,
Krishnamurthy
On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar suraj...@gmail.comwrote:
Please read the RFC, it would clearly explain how the master secret is
dervied, and from that how the read and write keys are derived. With that
you can get to know how to extract the read n write keys. Meanwhile the read
and wirte keys are available as part of the ssl object.
Check that structure out.
Thanks
--Gayathri
On Mon, Aug 22, 2011 at 10:24 AM, krishnamurthy santhanam
krishnamurth...@gmail.com wrote:
I have more than 100 clients that will connect to my server and
communicate the data. I am implementing SSL on server side to authenticate
the client certificate(X.509) and also client will authenticate the servers
certificate. Once the mutual authentication has completed I have to
generate
master key for encryption and decryption. I am going to use AES for
encryption and decryption.
I had generated the client and server certificates using the bellow
commands and signed by the root,
1. CLIENT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out
clientreq.pem
openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions
usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
clientcert.pem
cat clientkey.pem clientcert.pem rootcert.pem client.pem
openssl x509 -subject -issuer -noout -in client.pem
2. SERVER CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out
serverreq.pem
openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions
usr_
cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out
servercert.pem
cat serverkey.pem servercert.pem rootcert.pem server.pem
openssl x509 -subject -issuer -noout -in server.pem
3. ROOT CERTIFICATE:
openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem
openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions
v3_ca -sig
nkey rootkey.pem -out rootcert.pem
cat rootcert.pem rootkey.pem root.pem
openssl x509 -subject -issuer -noout -in root.pem
Initially I am writing ssl/tls programming for server and client. In
this I am able to communicate the data between client and server.
I was struck on master key generation, I have added the below LOC to
programs to get MASTER KEY,
printf(session A\n);
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
It is printing like this ,
session A
SSL-Session:
Protocol : TLSv1
Cipher: AES256-SHA
Session-ID:
9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E
Session-ID-ctx:
Master-Key:
56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782
6B602878597465F739AD69091DDF6499
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1314015355
Timeout : 7200 (sec)
Is this the Master key for both the server and client?
Is this the key that should be used for the encryption in client side
and decryption in server side?
If this is the Master key how can I extract the key?
Please guide me if I understood anything wrong.
creating Master-Key for encryption/decryption
I have more than 100 clients that will connect to my server and communicate the data. I am implementing SSL on server side to authenticate the client certificate(X.509) and also client will authenticate the servers certificate. Once the mutual authentication has completed I have to generate master key for encryption and decryption. I am going to use AES for encryption and decryption. I had generated the client and server certificates using the bellow commands and signed by the root, 1. CLIENT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem openssl x509 -req -in clientreq.pem -sha1 -extfile openssl.cnf -extensions usr_cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out clientcert.pem cat clientkey.pem clientcert.pem rootcert.pem client.pem openssl x509 -subject -issuer -noout -in client.pem 2. SERVER CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem openssl x509 -req -in serverreq.pem -sha1 -extfile openssl.cnf -extensions usr_ cert -CA rootcert.pem -CAkey rootkey.pem -CAcreateserial -out servercert.pem cat serverkey.pem servercert.pem rootcert.pem server.pem openssl x509 -subject -issuer -noout -in server.pem 3. ROOT CERTIFICATE: openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem openssl x509 -req -in rootreq.pem -sha1 -extfile root.cnf -extensions v3_ca -sig nkey rootkey.pem -out rootcert.pem cat rootcert.pem rootkey.pem root.pem openssl x509 -subject -issuer -noout -in root.pem Initially I am writing ssl/tls programming for server and client. In this I am able to communicate the data between client and server. I was struck on master key generation, I have added the below LOC to programs to get MASTER KEY, printf(session A\n); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); It is printing like this , session A SSL-Session: Protocol : TLSv1 Cipher: AES256-SHA Session-ID: 9FCE46513DD74882D3FF0E0E84CC4A6BE12192B65C426E0B27D0FA15F81D7D5E Session-ID-ctx: Master-Key: 56F90B0D90DEB3430207A74793C9B6565744E06ECA191D9DFA04C29B1EE2B782 6B602878597465F739AD69091DDF6499 Key-Arg : None Krb5 Principal: None Compression: 1 (zlib compression) Start Time: 1314015355 Timeout : 7200 (sec) Is this the Master key for both the server and client? Is this the key that should be used for the encryption in client side and decryption in server side? If this is the Master key how can I extract the key? Please guide me if I understood anything wrong.
SSL Key Exchange
Hi, I am writing client and server program using ssl3/TLS1. i had created both server and client certificate and signed by CA and exchaning the data. further I need to implement the below steps on the program, 1. Key Exchange(DHE-RSA-AES256-SHA) 2. Encryption using AES. I need to use the Diffie Hellman Key exchange to generate the Master key. Using this key i have to encrypt and decrypt data. Is there any sample program available? Thanks for your time, Krishnamurthy
Re: RSA publlic/private key returnig to calling function
Hi Dave,
Thanks a lot for your detailed explanation. GT.M supports ASCII format also.
i believe converting base64 is better way instead of ASCII.
I had changed as per your suggestion and code worked for me. additionally i
had tested the Decode also, now everything is fine. can you please verify
the decoded pubkey and d2i_RSA_PUBKEY implemented correctly here.
#include stdio.h
#include string.h
#include openssl/bio.h
#include openssl/evp.h
#include openssl/rsa.h
#include openssl/pem.h
int main(int argc, char* argv[]) {
/* Variables */
unsigned char bfbuf[2000];
unsigned char buf[2000];
unsigned char b64buf[3000];
unsigned char *next,*next1;
RSA *key,*pub_key;
FILE *fp;
int outlen,status;
int len,len1, total = 0;
int total1=0;
long length;
/* EVP_Encode*() Base64 */
EVP_ENCODE_CTX ectx;
next=buf;
printf(generating key...\n);
fp=fopen(public.pem,r);
key=(RSA *)PEM_read_RSA_PUBKEY(fp,NULL,NULL,NULL);
printf(RSA size for key=%d\n,RSA_size(key));
//len=i2d_RSAPublicKey(key, next);
len=i2d_RSA_PUBKEY(key, next);
fclose(fp);
printf(DER character buffer length=%d,len);
/* Base64 using EVP */
printf(\nEncoding RSA string...);
EVP_EncodeInit(ectx);
EVP_EncodeUpdate(ectx, b64buf, outlen, buf, len);
total += outlen;
EVP_EncodeFinal(ectx, b64buf + outlen, len);
total += outlen;
printf(\nBase64 encoded length string: %d,%d\n,total,len);
printf(\nBase64 encoded string: %s\n,b64buf);
/* Base64 decodification */
printf(\nDecoding string...);
EVP_DecodeInit(ectx);
EVP_DecodeUpdate(ectx, bfbuf, len1, b64buf, strlen(b64buf));
total1 +=len1;
EVP_DecodeFinal(ectx, bfbuf + len1, len1);
total1 +=len1;
printf(\nBase64 decoded length string: %d,%d\n,total1,len1);
- here len1 is 0, why len1 is zero here is it right?
printf(\nBase64 decoded string:
%s\n,bfbuf);--- i
understood this will not print
next1=bfbuf;
length=total1;
pub_key=d2i_RSA_PUBKEY(NULL,(const unsigned char**)next1, total1);
printf(RSA size for pub_key=%d\n,RSA_size(pub_key));
return 1;
}
kicha@kicha-laptop:~/openssl$
outcome:
-
RSA size for key=128
DER character buffer length=162
Encoding RSA string...
Base64 encoded length string: 390,25
Base64 encoded string:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9TI3eLAsOolBjnrrhGEAI7fiy
nnCgn0tzSSNEGNeMOvPcxlwXiTqt2iYZ39LoXJPRfFC6tPIDomcr1ijBXT07Tr2P
mjGq3BDS8a9CNQhIm0m3nIhkP3+hCXbvLYqfuim87voeXgjycD4aVVlqCca82SzI
fVKneZGtvJ7wtxv/uQIDAQAB
Decoding string...
Base64 decoded length string: 162,0--how this value
will be 0.
e64 e*�H�ed string: 0��0
RSA size for pub_key=128
Thanks for your time,
Krishnamurthy
On Tue, Aug 9, 2011 at 2:47 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Saturday, 06 August, 2011 15:13
Thanks for your suggestion. Let me explain in what i am doing.
I have GT.M(MUMPS) calls to C language(external calls) routines that
has to generate RSA key pairs and send it to the GT.M(same server).
DO security.rsakey(char *pubkey,char *privatekey)
GT.M stores the key pairs in database and shares the public key
only.
GTM will accept only strings and characters. hence i had tried to
i2d/d2i methods to right the keys to database.
*If* those are C strings, DER by itself cannot be a C string.
Interlanguage calls sometimes use other kinds of strings, some of
which can handle binary data. I'll assume a C string. There are
several ways of encoding DER (or other binary data) to make it
a printable string and easily manipulable in C and other tools
designed for printable strings; I'll assume that includes GT.M.
You'll need to use whatever method GT.M requires (or allows).
PEM and base64, the two you have (nearly) coded, are two related
and popular ways, but not the only ways. Do you know this is
what GT.M wants?
I had tried below program but it is giving error. i had
created RSA keys and the tried to extract the public key
using i2d_RSApublickey then tried to encode the keys using
EVP_Encodeinit()...Am i doing wrong? any help would be great
See below. (So far you're only trying to encode one key, the
publickey; from your description you will also need to do
the privatekey, but one step at a time.)
code trimmed
unsigned char *next;
RSA *key;
int outlen,status,len, total = 0;
/* EVP_Encode*() Base64 */
EVP_ENCODE_CTX ectx;
EVP_CIPHER_CTX ctx;
EVP_PKEY *pkey;
pkey = EVP_PKEY_new();
next=buf;
printf(generating key...\n);
key = RSA_generate_key(1024,RSA_F4, NULL, NULL);
As I said before, check for failure (null) before using.
EVP_PKEY_assign_RSA(pkey,key
Re: RSA publlic/private key returnig to calling function
Hi Dave,
Thanks for your suggestion. Let me explain in what i am doing. I have
GT.M(MUMPS) calls to C language(external calls) routines that has to
generate RSA key pairs and send it to the GT.M(same server).
DO security.rsakey(char *pubkey,char *privatekey)
GT.M stores the key pairs in database and shares the public key only. GTM
will accept only strings and characters. hence i had tried to i2d/d2i
methods to right the keys to database.
I had tried below program but it is giving error. i had created RSA keys and
the tried to extract the public key using i2d_RSApublickey then tried to
encode the keys using EVP_Encodeinit()...Am i doing wrong? any help would be
great
#include stdio.h
#include openssl/bio.h
#include openssl/evp.h
#include openssl/rsa.h
#include openssl/pem.h
int main(int argc, char* argv[]) {
/* Variables */
unsigned char buf[2000]; -- i shoud not use malloc thats why used
buffers
unsigned char b64buf[3000];
unsigned char *next;
RSA *key;
int outlen,status,len, total = 0;
/* EVP_Encode*() Base64 */
EVP_ENCODE_CTX ectx;
EVP_CIPHER_CTX ctx;
EVP_PKEY *pkey;
pkey = EVP_PKEY_new();
next=buf;
printf(generating key...\n);
key = RSA_generate_key(1024,RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(pkey,key);
if (RSA_check_key(key)==1)
{
fp=fopen(public.pem,w);--
it is writing pem files
PEM_write_PUBKEY(fp,pkey);
fclose(fp);
len=i2d_RSAPublicKey(key, next);
printf(length=%d,len);
--len=140
}
/* Base64 using EVP */
printf(\nEncoding RSA string...);
EVP_EncodeInit(ectx);
EVP_EncodeUpdate(ectx, b64buf, len, buf, outlen);
total += len;
EVP_EncodeFinal(ectx, b64buf + len, len);
total += len;
printf(\nBase64 encoded length string: %d,%d\n,total,len);
-outcome is 0,0
printf(\nBase64 encoded string: %s\n,b64buf);
see the below outcome
EVP_CIPHER_CTX_cleanup(ctx);
return 1;
}
generating key...
length=140
Encoding RSA string...
Base64 encoded length string: 0,0
Base64 encoded string:
*** glibc detected *** ./rsaencrypt: free(): invalid pointer: 0x002e2ff4 ***
=== Backtrace: =
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xc7f591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xc80de8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xc83ecd]
/lib/i686/cmov/libcrypto.so.0.9.8(CRYPTO_free+0x3a)[0x14f03a]
/lib/i686/cmov/libcrypto.so.0.9.8(EVP_CIPHER_CTX_cleanup+0x5e)[0x1c51ce]
./rsaencrypt[0x8048a80]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xc2abd6]
./rsaencrypt[0x8048821]
=== Memory map:
0011-00248000 r-xp 08:03 1321372
/lib/i686/cmov/libcrypto.so.0.9.8
00248000-0025 r--p 00137000 08:03 1321372
/lib/i686/cmov/libcrypto.so.0.9.8
0025-0025e000 rw-p 0013f000 08:03 1321372
/lib/i686/cmov/libcrypto.so.0.9.8
0025e000-00262000 rw-p 00:00 0
00262000-00264000 r-xp 08:03 1310623/lib/tls/i686/cmov/
libdl-2.11.1.so
00264000-00265000 r--p 1000 08:03 1310623/lib/tls/i686/cmov/
libdl-2.11.1.so
00265000-00266000 rw-p 2000 08:03 1310623/lib/tls/i686/cmov/
libdl-2.11.1.so
002c7000-002e2000 r-xp 08:03 1308339/lib/ld-2.11.1.so
002e2000-002e3000 r--p 0001a000 08:03 1308339/lib/ld-2.11.1.so
002e3000-002e4000 rw-p 0001b000 08:03 1308339/lib/ld-2.11.1.so
00712000-00713000 r-xp 00:00 0 [vdso]
00c14000-00d67000 r-xp 08:03 1310609/lib/tls/i686/cmov/
libc-2.11.1.so
00d67000-00d68000 ---p 00153000 08:03 1310609/lib/tls/i686/cmov/
libc-2.11.1.so
00d68000-00d6a000 r--p 00153000 08:03 1310609/lib/tls/i686/cmov/
libc-2.11.1.so
00d6a000-00d6b000 rw-p 00155000 08:03 1310609/lib/tls/i686/cmov/
libc-2.11.1.so
00d6b000-00d6e000 rw-p 00:00 0
00efc000-00f19000 r-xp 08:03 1310643/lib/libgcc_s.so.1
00f19000-00f1a000 r--p 0001c000 08:03 1310643/lib/libgcc_s.so.1
00f1a000-00f1b000 rw-p 0001d000 08:03 1310643/lib/libgcc_s.so.1
00f9c000-00faf000 r-xp 08:03 1310758/lib/libz.so.1.2.3.3
00faf000-00fb r--p 00012000 08:03 1310758/lib/libz.so.1.2.3.3
00fb-00fb1000 rw-p 00013000 08:03 1310758/lib/libz.so.1.2.3.3
08048000-08049000 r-xp 08:03 1580777
/home/kicha/openssl/rsaencrypt
08049000-0804a000 r--p 08:03 1580777
/home/kicha/openssl/rsaencrypt
0804a000-0804b000 rw-p 1000 08:03 1580777
/home/kicha/openssl/rsaencrypt
09221000-09242000 rw-p 00:00 0 [heap]
b770-b7721000 rw-p 00:00 0
b7721000-b780 ---p 00:00 0
b78a9000-b78ab000 rw-p 00:00 0
b78ba000-b78bd000 rw-p 00:00 0
bfdce000-bfde3000 rw-p 00:00 0 [stack]
Aborted
On Sat, Aug 6, 2011 at 2:24 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent
RSA publlic/private key returnig to calling function
Hi,
I have to write back rsa public/private key to calling function, i have
tried below program using i2d_RSAPrivatekey().
My application will not accept RSA * structure, it will accept only char or
strings to be return as s key.
#include stdio.h
#include string.h
#include openssl/rsa.h
typedef struct {
unsigned char cl_priv[1000];
} DER_RSA;
generate(DER_RSA *ctr)
{
RSA *rsa, *pub_rsa, *priv_rsa;
unsigned char keybuf[512], *p;
int len;
// DER_RSA *ctr;
printf(hello);
rsa = RSA_generate_key(512, RSA_F4,NULL,NULL);
/* get separated der key pair */
p=ctr-cl_priv;
len=i2d_RSAPrivateKey(rsa,p);
printf(\nlen=%d\n,len);
return ;
RSA_free(rsa);
}
int main()
{
int i;
DER_RSA *ctr;
generate(ctr);
printf(pubkey=%s,ctr-cl_priv);
}
the output is ,
$ ./first
hello
len=317
pubkey=(null)
while encrypting i will get same value and length: using d2i_RSAPrivatekey()
function convert into RSA *privkey then use RSA_private_encrypt() to encrypt
the message.
is it possible? here pubkey is returning null. how i can check pubkey buffer
has value.
Thanks in advance,
kris
memcpy in RAND_bytes
Hi,
memcpy is not working for the RAND_bytes. could anyone help me to resolve
the issue.
blf.c
#includestdio.h
#includescatype.h
#includestdlib.h
#define BF_DEFAULT_KEY_SIZE 128
typedef struct {
unsigned long length;
unsigned char dsc_type;
unsigned char dsc_class;
char*str;
} STR_DESCRIPTOR;
/* functions have to be external */
extern blfGenKey();
int main() {
printf(in main\n);
/* call function from shared library */
STR_DESCRIPTOR key;
key.str = malloc(1024);
blfGenKey(key);
printf(digest - |%s|\n,key.str);
free (key.str);
return 0;
}
blowfish.c
int blfGenKey(STR_DESCRIPTOR *key)
{
unsigned charkeyData[BF_DEFAULT_KEY_SIZE];
int status = FAILURE;
printf(\n entered\n);
printf(%d\n,BF_DEFAULT_KEY_SIZE);
int i;
printf(\n entered loop\n);
if(!RAND_bytes(keyData,BF_DEFAULT_KEY_SIZE))
memcpy(key-str,keyData,BF_DEFAULT_KEY_SIZE);
key-length = BF_DEFAULT_KEY_SIZE;
printf(key=\n%s\n,key-str);
status = SUCCESS;
printf(\n%d\n,key-length);
output:
in main
entered
128
entered loop
key= --null value
128
status=0
digest - || --key is not printing
Any help would be greatly appreciable.
kris
seeding PRNG
Hi,
I need to seed PRNG of 128 bytes. in the below program is seeding 1024
byte.
is it possible seed 128 bytes of data using RAND_seed(). Any example should
be helpful for me.
#includestring.h
#includeopenssl/rand.h
#includeopenssl/bn.h
main()
{
/*int nb,l;
l=RAND_load_file(/dev/random,bytes );
printf(Seeded the PRNG with %d byte(s) of data from prngseed.dat.\n,l);
RAND_write_file(prngseed.dat);
nb=RAND_load_file(prngseed.dat, -1);
printf(Seeded the PRNG with %d byte(s) of data from prngseed.dat.\n,nb);
*/
}
Thanks for your time,
Krishnamurthy
Re: sending RSA public and private keys to calling function
Hi Dave,
Thanks for your suggestion. I had generated 1024 bytes RSA key. I need to
convert this into DER to ASCII. Is this output is right?
int main()
{
RSA *rsa;
int len, len1;
rsa = RSA_generate_key(1024, 3, NULL, NULL);
size_t size;
unsigned char *iend, keybuf[3000];
int i;
size = i2d_RSAPrivateKey(rsa, NULL);
printf(size %d\n,size);
//keybuf=(unsigned char *) malloc(size * sizeof( unsigned char));
iend = keybuf;
size = i2d_RSAPrivateKey(rsa, iend);
/* size returns the size of public key in bytes */
for(i=0;isize;i++) {
printf(%x|, keybuf[i]);}
//printf(%d\n,RSA_check_key(pub_rsa));
RSA_free(rsa);
}
ki...@kicha-laptop:~/Desktop/FISKrishna$ ./privkey
size 608
30|82|2|5c|2|1|0|2|81|81|0|ba|54|61|c0|8e|3d|98|11|ef|3b|a|22|6c|36|5e|45|e8|ee|a2|8a|81|7|82|a1|af|68|7d|25|f1|e7|7a|e6|b5|34|ff|e3|54|5c|
bd|d4|7c|24|72|af|6f|b5|7b|ce|ff|4e|f5|b5|cc|24|50|f5|b5|79|96|47|de|93|2c|79|f0|f8|82|fa|b3|2c|97|f7|f5|83|a6|fa|7a|4d|84|c6|51|7|7d|fb|e1|50|
45|67|2c|91|6f|55|d6|6e|c7|79|4a|6e|5f|a5|a4|db|7a|f5|98|8f|5a|de|88|fa|5f|cd|ed|5b|c0|20|70|a3|a5|7b|90|df|b5|a3|8b|7b|9a|3d|2|1|3|2|81|80|7
c|38|41|2b|9|7e|65|61|4a|27|5c|16|f2|ce|e9|83|f0|9f|17|7|0|af|ac|6b|ca|45|a8|c3|f6|9a|51|ef|23|78|aa|97|8d|93|29|38|52|c2|f7|1f|9f|ce|52|89|ff|
89|f9|23|dd|6d|8b|4e|78|fb|b9|85|3f|c|c8|50|27|d1|33|65|9|6c|5e|9f|69|c|58|90|a3|22|6c|62|c9|ca|a8|e3|cc|a3|fc|fa|11|de|d3|d5|8b|fd|f8|c4|3|
59|2a|1e|57|71|f0|7c|df|75|50|17|8|5|34|ad|67|e6|c7|65|78|77|13|d1|7a|8c|21|a0|9a|d3|bc|d3|2|41|0|e4|63|e1|88|5a|46|e6|da|c5|1b|31|e7|9c|
1c|30|48|6c|b3|aa|69|b0|d9|69|4f|a4|35|6|58|f7|94|84|67|68|55|dd|be|94|95|c1|17|a4|6c|4a|3b|69|3|c5|6a|28|85|89|e1|bb|2c|16|b3|c7|5d|80|
5f|d1|e7|e|8f|2|41|0|d0|da|d4|5a|ca|c3|23|2e|12|d5|f0|39|e9|7d|b1|e9|b5|a3|d6|3c|7d|80|e0|a0|6d|8e|2b|3c|8c|dd|4d|eb|dd|12|c2|b9|8d|1a|d1|
22|a4|f3|18|80|93|ee|cb|5f|a8|fc|b|26|80|c4|f1|d|91|b0|2|d2|d1|56|f0|73|2|41|0|98|42|96|5a|e6|d9|ef|3c|83|67|76|9a|68|12|ca|da|f3|22|71|9b|
cb|3b|9b|8a|6d|78|ae|e5|fa|63|2|ef|9a|e3|e9|29|b8|63|d6|f|c2|f2|dc|27|9b|57|d8|f1|70|59|6|96|7c|c8|f|22|84|e9|0|3f|e1|44|b4|5f|2|41|0|8b|3c|
8d|91|dc|82|17|74|c|8e|a0|26|9b|a9|21|46|79|17|e4|28|53|ab|40|6a|f3|b4|1c|d3|8|93|89|47|e8|b7|2c|7b|b3|67|36|17|18|a2|10|55|b7|f4|87|95|
1b|52|b2|19|ab|2d|f6|9|b|ca|ac|8c|8b|8f|4a|f7|2|41|0|b1|fa|54|53|2b|27|50|e9|c|77|2c|9|83|e1|d9|fe|67|54|b|74|4e|45|12|cf|9b|34|bc|81|81|30|
71|5e|e0|ff|d4|2e|27|99|9|68|c9|7b|eb|d8|cb|4e|c|7b|b6|eb|37|78|44|9a|10|8b|7|b8|b4|31|84|fa|18|36|
For generating public key,
int main()
{
RSA *rsa;
int len, len1;
rsa = RSA_generate_key(1024, 3, NULL, NULL);
size_t size;
unsigned char *iend, keybuf[3000];
int i;
size = i2d_RSAPublicKey(rsa, NULL);
printf(size %d\n,size);
//keybuf=(unsigned char *) malloc(size * sizeof( unsigned char));
iend = keybuf;
size = i2d_RSAPublicKey(rsa, iend);
/* size returns the size of public key in bytes */
for(i=0;isize;i++) {
printf(%x|, keybuf[i]);}
//printf(%d\n,RSA_check_key(pub_rsa));
RSA_free(rsa);
ki...@kicha-laptop:~/Desktop/FISKrishna$ ./pubkey
size 138
30|81|87|2|81|81|0|c2|58|10|4b|df|c3|c7|a5|9c|a0|1f|5|25|e7|41|9c|4b|4d|42|d5|cf|ed|11|17|d3|f2|10|e7|d6|98|9|21|c8|46|b5|15|8d|ee|86|7|62|
67|3e|65|56|a8|e4|e8|a8|87|ef|da|d9|c8|83|1b|59|6a|44|b|30|ab|cb|f6|dd|3|a1|ba|88|fa|d4|91|cf|19|6c|a8|14|da|94|46|d5|6e|10|fd|ef|5b|b7|bb|
68|e2|41|84|d9|5e|bc|95|4f|d6|7e|89|d|de|89|58|75|40|f2|f5|8|c7|d|90|3a|aa|1f|21|b4|e7|ae|d4|43|47|56|ed|78|6f|99|35|2|1|3|
Kris
On Sat, Sep 11, 2010 at 2:08 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Friday, 10 September, 2010 05:51
I really thanks for all your inputs and suggestions, I
have not pasted fully last time all the output...below is the output
rsa = RSA_generate_key(2048, 3, NULL, NULL);
snip: get size, alloc keybuf, iend=keybuf
(The code you posted before, and I quoted, was 1024 not 2048.
Either is valid, but it confuses things to mix them.)
size = i2d_RSAPublicKey(rsa, iend);
/* size returns the size of public key in bytes */
printf(\n);
printf(key :);
for(i=0;isize;++i) {
printf(\n%02X, keybuf[i]);
size 270n
snip 6*80+33 hex (lowercase) chars
That output wasn't from the code above, and isn't valid hex
for any DER or even any bytes. Probably same bug as below.
The below one is private key,
rsa = RSA_generate_key(1024, 3, NULL, NULL);
size_t size;
unsigned char *iend, keybuf[3000];
char keybuf1[3000];
int i,j,n;
size = i2d_RSAPrivateKey(rsa, NULL);
printf(size %d\n,size);
iend = keybuf;
size = i2d_RSAPrivateKey(rsa, iend);
/* size returns the size of public key in bytes */
If you use a static-size buffer like this keybuf[]
(and it's large enough) you don't need to do the
size
Re: sending RSA public and private keys to calling function
Thanks Dave,
I really thanks for all your inputs and suggestions, I have not pasted fully
last time all the output...below is the output
rsa = RSA_generate_key(2048, 3, NULL, NULL);
snip: get size, alloc keybuf, iend=keybuf
size = i2d_RSAPublicKey(rsa, iend);
/* size returns the size of public key in bytes */
printf(\n);
printf(key :);
for(i=0;isize;++i) {
printf(\n%02X, keybuf[i]);
size 270n
30821a282110bbc3dbc749b71387b38371ca73af4f335250b42103fa6492d7a438d749de0295
164496cd2a634e7b22ee04985ed6f161bcb78b041dc62fe2a16fd8e8c70e08f6f8d9e15fba596e57
71f6212861ba6b5d79193aeada98123b416f126b4614948e60739bde2ac4da874fe51ffb5cf0ff39
2b324ca85fb87bd4d4ce28ff86edc69a9951b7f0ca8a6f9c3fdf7d3cdc8755e90d371d4cdb9e7432
28fc5dd88cc396591501be6bf3efb1a7ebf9fcd31dfd840336e4ae270257df9124b381573ddbf67d
cb28e25731d96f61e2cd69fee5208a9f09f255476fea16f712b78f22c2ed6010d845bb6ec4848cc6
77c9ca020ecc8c22a01cf172c0c123101
The below one is private key,
rsa = RSA_generate_key(1024, 3, NULL, NULL);
size_t size;
unsigned char *iend, keybuf[3000];
char keybuf1[3000];
int i,j,n;
size = i2d_RSAPrivateKey(rsa, NULL);
printf(size %d\n,size);
iend = keybuf;
size = i2d_RSAPrivateKey(rsa, iend);
/* size returns the size of public key in bytes */
for(i=0;isize;i++) {
printf(%x, keybuf[i]);}
size 609
308225d210281810ef1ed52b301ac82bf74553aa4e6d3f8ad967147224cc8dce22ef158d9907b7c7
756823de46474ff745347bdeab79af9b369e1127e94efdf47c85f23865413332da259537b4ac17fb
57d43a5728a57b066b36a562126b77b7de17297c0410f9fa892c745ee2efdfc918a2bec2b6d84291
6c9db7bb77b85981f8a0b7e52132818109f69e3722011dac7fa2e37c6def37fb1e644b84c18885e8
956c9f63b3bb55a7a84f8f017e9842f8aa4d8cda7e9c7a67512246960c54634a94da8594c2598d62
0d80db95bf3a948ef48e34b1e547f10e1fb364cd2e17d3e570567bf18d685611d76614c3adaac433
25ea542975b8ea334adb7153a641f11bb5385e8cdb82b2410f9513655018f8684cc316e4f71c173f
f7f46fbac44a015f9a6ec3131ba6f844e23df4d9cf7fd51f59895cf3f38e3c7eb8efadbd9a6c80af
369746e12d12410f587a6b22dae35c247a7682e0d7b47e657972eb6ec762e3a9ae7387aa507d879a
5531ef942396bf51329a8a579df473c366b947c464b1c603cd5a1d55e10d52410a6362438aabb504
58882f434f68f7ffaa2f4b272d86ab95119f2cb5767c4a583417ea2b3bdfaa8e14e65b934d4ad97d
a9d09fc929119dab1f79ba2eb4c8b2410a3afc476c91ece81851a457408fcda998fba1f249da41ed
1bc9a25a718afe5a66e3769fb817b9d4e0cc676e4b13f84d2cef262fd843212ead339168e3eb5e32
410a4f0ffc5b4ab5bd25cec788f4ced018e4e4847dc3a3538e2a83fc2e78bb3aa437642113e4ea4e
8d477ab70c3f5b4ab5bda15384dce961929bad9c03e5a
thanks for your time,
Krishnamurthy
On Fri, Sep 10, 2010 at 3:46 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Thursday, 09 September, 2010 08:02
My application will accept strings and interger.
we are replacing RSA bsafe library to openssl. using RSA bsafe,
we have generated the private and public key in BER format. Then
convert the keys, BER format into ASCII format to send the calling
function. (these everything done by using RSA supplied bsafe library)
same way i have to right using openssl..i m now able convert
the RSA public and private key into DER format
Posted code only does public, which is probably good see below.
rsa = RSA_generate_key(1024, 3, NULL, NULL);
snip: get size, alloc keybuf, iend=keybuf
size = i2d_RSAPublicKey(rsa, iend);
/* size returns the size of public key in bytes */
printf(\n);
printf(key :);
for(i=0;isize;++i) {
printf(\n%02X, keybuf[i]);
This can't be the code that produced your data below. It would
put every hex byte (two chars) on a separate line. (Except the
last, which if left unterminated won't work on some platforms.)
1. is it possible to convert this DER format into ASCII?
ASCII isn't a format; ASCII is a character code that can be used
for many formats. Code like you show converts (binary) DER to
hex of DER in ASCII, or some people say DER as hex in ASCII.
(And the DER is of PKCS#1 RSAPublicKey, that's implicit here.)
Is that (or will it be) the format 'my application' wants?
pedantic Actually hex of DER in your C implementation's
charcode, very commonly ASCII or a superset but C doesn't
require that; there are still EBCDIC machines -- and OpenSSL
is supposed to work on them, though I can't test /
2. I am able to print the keybuf value into stdout ...
size 138
key :
30818702818100BAEF6AB1AD2503FFDC900B612BA2BCED9AF74E337A43B21D1FF69A30651AD7
A492C1E199CB40A9DF693
This is obviously incomplete (nowhere near 138*2 hex chars)
(which is right for 1024 d=3) so I assume it got truncated.
is it possible to convert the key into DER format again?
If you get (complete) hex-of-DER into another C program,
you can just convert from hex back to (binary) DER. E.g.:
char hexstr [whatever]; /* contains chars 3 0 8 1 8 7 etc
Re: sending RSA public and private keys to calling function
Hi Dave,
Thanks for your detailed explanation.
My application will accept strings and interger.
we are replacing RSA bsafe library to openssl. using RSA bsafe, we have
generated the private and public key in BER format. Then convert the keys,
BER format into ASCII format to send the calling function. (these everything
done by using RSA supplied bsafe library)
same way i have to right using openssl..i m now able convert the RSA public
and private key into DER format
rsa = RSA_generate_key(1024, 3, NULL, NULL);
{
size_t size;
unsigned char *iend, *keybuf;
int i;
size = i2d_RSAPublicKey(rsa, NULL);
printf(size %d\n,size);
keybuf = (unsigned char *) malloc(size * sizeof( unsigned
char));
iend = keybuf;
size = i2d_RSAPublicKey(rsa, iend);
/* size returns the size of public key in bytes */
printf(\n);
printf(key :);
for(i=0;isize;++i) {
printf(\n%02X, keybuf[i]);
1. is it possible to convert this DER format into ASCII?
2. I am able to print the keybuf value into stdout in the as mentioned below
size 138
key :
30818702818100BAEF6AB1AD2503FFDC900B612BA2BCED9AF74E337A43B21D1FF69A30651AD7A492C1E199CB40A9DF693
is it possible to convert the key into DER format again?
Thanks in advance,
kris
On Wed, Sep 8, 2010 at 9:36 AM, krishnamurthy santhanam
krishnamurth...@gmail.com wrote:
-- Forwarded message --
From: *Dave Thompson* dthomp...@prinpay.com
Date: Wed, Sep 8, 2010 at 3:59 AM
Subject: RE: sending RSA public and private keys to calling function
To: openssl-users@openssl.org
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Tuesday, 07 September, 2010 13:09
Thanks for your explanation. i have to create RSA Public/Praivate
key
and send back to my application. My application will read only character
and string format , it will not accept RSA format.. please guide me how to
do that?
This is confused. What character and string format(s)? If it contains
an RSA key, it has to be some kind of RSA format.
PS- 'sending' a private key is usually a bad idea. If more than
one party has the opportunity to see a given private key, in
storage or in transit, it isn't really private anymore and
any security it was supposed to provide is most likely lost.
There are some specialized cases like KDCs and mirrors
where it is appropriate, but these are pretty rare.
I had return below program for that but it is not resolving the
purpose...
rsa = RSA_generate_key(1024, RSA_3, NULL, NULL);
size = i2d_RSAPublicKey (rsa, NULL); //how i can get this
public key
pub_key = p = (unsigned char *) malloc(size * sizeof(unsigned
char));
i2d_RSAPublicKey (rsa, p);
pub_rsa = d2i_RSAPublicKey(NULL,pub_key,size);
This isn't necessary. You can just do PEM_write_RSA_PUBKEY(,rsa)
and it writes only the public-key parts of the 'rsa' structure.
PEM_write_RSA_PUBKEY(stdout,pub_rsa);
size = i2d_RSAPrivateKey(rsa, NULL);
priv_key = pp = (unsigned char *) malloc(size * sizeof(unsigned
char));
i2d_RSAPrivateKey (rsa, pp);
priv_rsa = d2i_RSAPrivateKey(NULL,priv_key,size);
if( priv_rsa==NULL ) { fprintf(stderr,priv key error!\n); return
0; }
PEM_write_RSAPrivateKey(stdout,priv_rsa,NULL, NULL, 0, NULL, NULL);
Similarly .
Okay, so that writes the PEM (base64) encoded publickey and privatekey.
These are text formats. If your application can read these formats and
you give it this data, it should work. What's the problem? Be specific.
A few minor points on the rest:
len1 = (strlen(mess)*sizeof(unsigned char)+1);
encrypted = (unsigned char *) malloc ((size_t) RSA_size(pub_rsa));
#include stdlib.h for the correct prototype of malloc() and don't cast.
It's clearer AND more robust.
len=RSA_public_encrypt(len1, mess, encrypted, pub_rsa,
RSA_PKCS1_PADDING);
Again you can use rsa and only the public-key parts are used.
printf(encrypted: %s len: %d\n,encrypted, len);
This will not print anything useful for 'encrypted'. In some cases
it will screw up your terminal (emulator) so no printing works at all.
if(!(decrypt_mess = (unsigned char *) malloc ((size_t)
RSA_size(priv_rsa
fprintf(stderr,can't allocate memory for encrypted text!\n);
printf(decrypting!\n);
len=RSA_private_decrypt(RSA_size(priv_rsa), encrypted,
decrypt_mess, priv_rsa, RSA_PKCS1_PADDING);
Ditto and ditto.
printf(decrypted: %s len:%d\n,decrypt_mess,len);
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
extract private/public key from RSA_generate_key
Hi , Someone could y tell me how can I extract public and private keys from RSA structure returned by the function RSA_generate_key? I'm using openssl in my c simulation work and I must exchange public keys between simulated server and client, the encrypt and decrypt the message.. I cannot exchange the whole RSA structure? Thanks, kris
sending RSA public and private keys to calling function
Hi,
Thanks for your explanation. i have to create RSA Public/Praivate key and
send back to my application. My application will read only character and
string format , it will not accept RSA format.. please guide me how to do
that?
I had return below program for that but it is not resolving the purpose...
#includestring.h
#includeopenssl/rsa.h
#includestdio.h
#includeopenssl/pem.h
#includeunistd.h
int main()
{
RSA *rsa,*pub_rsa,*priv_rsa;
unsigned char *priv_key;
unsigned char *pub_key;
int len, len1, size;
unsigned char *encrypted;
unsigned char *mess = test message!;
unsigned char *p;
const unsigned char **pp;
unsigned char *decrypt_mess;
FILE *Keyfd = NULL;
FILE *Pubfd = NULL;
//Generate key
rsa = RSA_generate_key(1024, RSA_3, NULL, NULL);
//keeping into char buffer public key
size = i2d_RSAPublicKey (rsa, NULL); //how i can get this public key
pub_key = p = (unsigned char *) malloc(size * sizeof(unsigned char));
i2d_RSAPublicKey (rsa, p);
pub_rsa = d2i_RSAPublicKey(NULL,pub_key,size);
PEM_write_RSA_PUBKEY(stdout,pub_rsa);
///keeping private key into buffer
size = i2d_RSAPrivateKey(rsa, NULL);
priv_key = pp = (unsigned char *) malloc(size * sizeof(unsigned char));
i2d_RSAPrivateKey (rsa, pp);
priv_rsa = d2i_RSAPrivateKey(NULL,priv_key,size);
if( priv_rsa==NULL ) { fprintf(stderr,priv key error!\n); return 0; }
PEM_write_RSAPrivateKey(stdout,priv_rsa,NULL, NULL, 0, NULL, NULL);
len1 = (strlen(mess)*sizeof(unsigned char)+1);
encrypted = (unsigned char *) malloc ((size_t) RSA_size(pub_rsa));
len=RSA_public_encrypt(len1, mess, encrypted, pub_rsa,
RSA_PKCS1_PADDING);
printf(encrypted: %s len: %d\n,encrypted, len);
if(!(decrypt_mess = (unsigned char *) malloc ((size_t)
RSA_size(priv_rsa fprintf(stderr,can't allocate memory for encrypted
text!\n);
printf(decrypting!\n);
len=RSA_private_decrypt(RSA_size(priv_rsa), encrypted, decrypt_mess,
priv_rsa, RSA_PKCS1_PADDING);
printf(decrypted: %s len:%d\n,decrypt_mess,len);
free(encrypted);
free(decrypt_mess);
RSA_free(pub_rsa);
RSA_free(priv_rsa);
RSA_free(rsa);
}
Thanks in advance,
Krishnamurthy
On Sat, Sep 4, 2010 at 5:16 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Thursday, 02 September, 2010 14:17
To: openssl-users@openssl.org
Subject: Re: reading and writing into pem file
This message is not about this subject. Please use subject
lines that match the message you post. And the indentation
of your code is erratic; it would be easier to read if it
were consistent. If you are using any kind of IDE or
programmer's editor it should be able to do this for you;
otherwise see if you can get GNU indent.
Thanks for your input..it worked for me...i am writing
encryption and decryption using RSA...
This looks like a learning exercise, which is fine as far
as it goes. I hope you realize that RSA encryption of data
directly is rarely if ever used in practice. With good
padding like OAEP it can be secure, but the data size
limits are too restrictive for most general uses. OAEP
does need some entropy, and depending on your system
environment you may need to seed the PRNG for that to
work, which your current code apparently doesn't do.
The more common symm+RSA/etc. schemes also need entropy.
RSA * readPubKey(char *filename)
snip
rsaEncrypt()
{
RSA *pubkey;
unsigned char *message= Hello !! can u hear me now !!;
unsigned char *encryptmess, *decryptmess;
int long_message;
char **key;
char buff[300];
pubkey = readPubKey(public.pem);
char test1,test2;
printf(\nsize of (in byte)s public:private ::
%d:\n,RSA_size(pubkey));
/* Encrypt the message */
encryptmess = (unsigned char *) malloc (RSA_size(pubkey));
should check for malloc failure
test1=sizeof(test2);
long_message= (strlen(message)test1+1);
This makes no sense. It sets long_message to 0 if I've counted
right, or else 2. Neither of these is the length of the data
you apparently want to encrypt. sizeof(char) is always 1 in C,
by definition; this is a FAQ or at rather FGA on comp.lang.c.
RSA_public_encrypt(long_message, message, encryptmess, pubkey,
RSA_PKCS1_OAEP_PADDING);
always check for error and at minimum report something;
usually best to use ERR_print_errors[_fp] (see the man page)
printf (\n message %s\n, message);
printf(\nlenght= %d\n,strlen(encryptmess));
int i;
i =strlen(encryptmess);
printf(length ==%d\n,i);
memmove(buff,encryptmess,i);
These are totally wrong. The result of RSA encryption (or any
modern algorithm) is binary data, not a C string. It most likely
contains zero byte values which will cause these to truncate the
value, but by chance might contain no zeros
RSA key generation and writing int to text file.
Hi , RSA *rsa; rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL); I need to write public and private key into text file ...is it possible using BN? any suggestion and examples would be great helpful for me. thanks, kris
Re: reading and writing into pem file
Hi,
Thanks for your input..it worked for me...i am writing encryption and
decryption using RSA...
#includestdio.h
#includeopenssl/pem.h
#includeopenssl/bio.h
#includestring.h
#includeunistd.h
#includestdlib.h
RSA * readPubKey(char *filename)
{
RSA *key;
BIO *bp;
ERR_load_crypto_strings();
bp=BIO_new(BIO_s_file());
if (BIO_read_filename(bp,filename) = 0)
{
perror(ERROR: public.pem);
exit(0);
}
if ((key=(RSA *)PEM_read_bio_RSA_PUBKEY(bp,NULL,NULL,NULL)) == NULL)
{
ERR_print_errors_fp(stderr);
key = NULL;
}
BIO_free(bp);
return key;
}
rsaEncrypt()
{
RSA *pubkey;
unsigned char *message= Hello !! can u hear me now !!;
unsigned char *encryptmess, *decryptmess;
int long_message;
char **key;
char buff[300];
pubkey = readPubKey(public.pem);
char test1,test2;
printf(\nsize of (in byte)s public:private :: %d:\n,RSA_size(pubkey));
/* Encrypt the message */
encryptmess = (unsigned char *) malloc (RSA_size(pubkey));
test1=sizeof(test2);
long_message= (strlen(message)test1+1);
RSA_public_encrypt(long_message, message, encryptmess, pubkey,
RSA_PKCS1_OAEP_PADDING);
printf (\n message %s\n, message);
printf(\nlenght= %d\n,strlen(encryptmess));
int i;
i =strlen(encryptmess);
printf(length ==%d\n,i);
memmove(buff,encryptmess,i);
int j;
j=(strlen(buff)*sizeof(char)+1);
//printf (\n message=== %s\n, encryptmess);
printf(j=%d\n,j);
free(encryptmess);
printf(%s,buff);
}
int main(void)
{
rsaEncrypt();
}
when i encrypt the message it works and printing the outpu..i need to write
the encrypted message to main function to decrypt the encrypted message...
i have tried the below program ..it is not giving as expected..please help
me out to write the this
#includestdio.h
#includeopenssl/pem.h
#includeopenssl/bio.h
#includestring.h
#includeunistd.h
RSA * readPubKey(char *filename)
{
RSA *key;
BIO *bp;
ERR_load_crypto_strings();
bp=BIO_new(BIO_s_file());
if (BIO_read_filename(bp,filename) = 0)
{
perror(ERROR: public.pem);
exit(0);
}
if ((key=(RSA *)PEM_read_bio_RSA_PUBKEY(bp,NULL,NULL,NULL)) == NULL)
{
ERR_print_errors_fp(stderr);
key = NULL;
}
BIO_free(bp);
return key;
}
int rsaEncrypt(unsigned char *message,unsigned char *decryptmess,int
long_message)
{
RSA *pubkey;
RSA *privkey;
unsigned char *encryptmess;
int long_message1,j;
char **key;
long_message1=long_message;
pubkey = readPubKey(public.pem);
/* Encrypt the message */
printf(hello encrypt);
encryptmess = (unsigned char *) malloc (RSA_size(pubkey));
RSA_public_encrypt(long_message1, message, encryptmess, pubkey,
RSA_PKCS1_OAEP_PADDING);
printf (\n message %s\n, message);
j=strlen(encryptmess);
printf(\nj=%d,j);
decryptmess=encryptmess;
}
//main program===
main()
{
unsigned char *message= Hello !! can u hear me now !!;
unsigned char* decryptmess;
int long_message,i;
long_message= (strlen(message)*sizeof(char)+1);
int rsaEncrypt(unsigned char *message,unsigned char *decryptmess,int
long_message);
i=strlen(decryptmess);
printf(\n%s\n,decryptmess);
printf(\nsize=%d,i);
}
Thanks
kris
On Wed, Sep 1, 2010 at 2:03 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
Sent: Tuesday, 31 August, 2010 13:33
#includestdio.h
writekey(RSA *key2)
You're obviously using a C89 (or earlier) compiler or mode.
Snipped most non-I/O steps:
{
EVP_PKEY *pkey;
FILE *fp;
//BIO *file;
OpenSSL_add_all_ciphers();
OpenSSL_add_all_algorithms();
Aside: add_all_algorithms *includes* add_all_ciphers
if(!(fp = fopen(private1.pem, w))) {
if(!PEM_write_PrivateKey(fp, pkey,NULL,NULL,0,NULL,NULL)){
close(fp);
if(!(fp = fopen(public1.pem, w))) {
if(!PEM_write_PUBKEY(fp, pkey)){
close(fp);
close() is not the correct routine to close a stdio FILE*.
It doesn't even take the correct type of argument, but
your compiler wasn't required to warn you because you
didn't include its header (e.g. unistd.h) and in C=89
undeclared functions default to int(/*unspecified*/).
Since you didn't close the files, no data actually got written
to them, so there was nothing there for the PEM_read's to read.
Use fclose. And see if you can use a C99 compiler, or at least
a C89 compiler with better warnings (like gcc -Wimplicit).
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
reading and writing into pem file
Hi,
i had tried to generating the key and writing in the pem file...but it is
giving segmentation fault...without .readprivatekey and readpublickey
functions these is generating pem file...i dont know why?
any knows guide me
#includestdio.h
#includeopenssl/pem.h
#includeopenssl/bio.h
#includeopenssl/rsa.h
RSA *generatersa()
{
RSA *rsa;
rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL);
return rsa;
}
writekey(RSA *key2)
{
EVP_PKEY *pkey;
FILE *fp;
//BIO *file;
OpenSSL_add_all_ciphers();
OpenSSL_add_all_algorithms();
//file = BIO_new_file(filename, w);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey,key2);
// WRITE PRIVATE KEY
if(!(fp = fopen(private1.pem, w))) {
fprintf(stderr, Error opening PEM file %s\n,
private1.pem);
exit(1);
}
if(!PEM_write_PrivateKey(fp, pkey,NULL,NULL,0,NULL,NULL)){
fprintf(stderr, Error writing PEM file %s\n,
private1.pem);
exit(1);
}
close(fp);
// WRITE PUBLIC KEY
if(!(fp = fopen(public1.pem, w))) {
fprintf(stderr, Error opening PEM file %s\n, public1.pem);
exit(1);
}
if(!PEM_write_PUBKEY(fp, pkey)){
fprintf(stderr, Error writing PEM file %s\n, public1.pem);
exit(1);
}
close(fp);
}
RSA * readPrivKey(char *filename)
{
RSA *key;
BIO *bp;
OpenSSL_add_all_ciphers();
OpenSSL_add_all_algorithms();
bp=BIO_new(BIO_s_file());
if (BIO_read_filename(bp,filename) = 0)
{
perror(ERROR: rsakey.pem);
exit(0);
}
if ((key=(RSA *)PEM_read_bio_RSAPrivateKey(bp,NULL,NULL,NULL)) == NULL) {
ERR_print_errors_fp(stderr);
key = NULL;
}
BIO_free(bp);
return key;
}
RSA * readPubKey(char *filename)
{
RSA *key;
BIO *bp;
ERR_load_crypto_strings();
bp=BIO_new(BIO_s_file());
if (BIO_read_filename(bp,filename) = 0)
{
perror(ERROR: public.pem);
exit(0);
}
if ((key=(RSA *)PEM_read_bio_RSA_PUBKEY(bp,NULL,NULL,NULL)) == NULL)
{
ERR_print_errors_fp(stderr);
key = NULL;
}
BIO_free(bp);
return key;
}
int main(void)
{
RSA *key1;
FILE *fp;
RSA *pubkey;
RSA *privkey;
char **key;
key1=generatersa();
writekey(key1);
pubkey = readPubKey(public1.pem);
privkey = readPrivKey(private1.pem);
printf(size of (in byte)s pu:pr :: %d:%dn,
RSA_size(pubkey),RSA_size(privkey));
RSA_free(key1);
}
ki...@kicha-laptop:~/Downloads$ ./output2
2438:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:650:Expecting: PUBLIC KEY
2438:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
Segmentation fault
ki...@kicha-laptop:~/Downloads$ ls
function1.c function2.c function3.c function4.c openssl.c output1
output2 private1.pem public1.pem read.c
ki...@kicha-laptop:~/Downloads$ cat private.pem
cat: private.pem: No such file or directory
ki...@kicha-laptop:~/Downloads$ cat public1.pem
ki...@kicha-laptop:~/Downloads$ cat public1.pem
ki...@kicha-laptop:~/Downloads$ cat private1.pem
ki...@kicha-laptop:~/Downloads$
Thanks for your time,
Krishnamurthy
key management
Hi, I am able to generate RSA key using RSA_generate_key(). i need to know how to manage these keys...is there any doucment available for key management? Thanks for your time, Krishnamurthy
Re: RSA_generate_key
Hi,
I am able to generate key. how to do seed PRNG before generating key?
is it enough to add rand_load_file(dev/random,1024) before generating key?
it would be helpful if u explain with one example?
#includestdio.h
#includeopenssl/rsa.h
#includestring.h
int main()
{
char *plain=Sample text; //Sample text (plain text) to Encrypt/Decrypt
char *ciphertext;
printf(%s\n,plain);
// Generate RSA key
RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL);
// RSA_size() will determine how much memory must be allocated for an
if(rsa1==NULL) {
printf(NO RSA!\n\n);
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
}
else
{
printf(RSA OK!\n);
}
ciphertext = (char *)malloc(RSA_size(rsa1));
printf(rsa key = %d\n,rsa1);
printf(RSA size = %d\n,RSA_size(rsa1));
RSA_free(rsa1);
}
Thanks
Kris
RSA_generate_key
Hi,
i am new to OpenSSL..i have to use RSA_generate key function to generate
key..below is the program and outcome..is this the way to generate key?
#includestdio.h
#includeopenssl/rsa.h
#includestring.h
int main()
{
char *plain=Sample text; //Sample text (plain text) to Encrypt/Decrypt
char *ciphertext;
printf(%s\n,plain);
// Generate RSA key
RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL);
// RSA_size() will determine how much memory must be allocated for an
if(rsa1==NULL) {
printf(NO RSA!\n\n);
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
}
else
{
printf(RSA OK!\n);
}
ciphertext = (char *)malloc(RSA_size(rsa1));
printf(rsa key = %d\n,rsa1);
printf(RSA size = %d\n,RSA_size(rsa1));
RSA_free(rsa1);
}
$ gcc -o rsa1 rsa1.c -lcrypto
Output
-
$ ./rsa1
Sample text
RSA OK!
rsa key = 473608208
RSA size = 128
Please correct me if i am missing anything ..
kris
Re: RSA_generate_key
yes ..i am not able to find the 128 byte RSA key.. how should get
those information?
kris
On Tue, Aug 3, 2010 at 1:15 AM, Michael S. Zick open...@morethan.orgwrote:
On Mon August 2 2010, krishnamurthy santhanam wrote:
Hi,
i am new to OpenSSL..i have to use RSA_generate key function to generate
key..below is the program and outcome..is this the way to generate key?
#includestdio.h
#includeopenssl/rsa.h
#includestring.h
int main()
{
char *plain=Sample text; //Sample text (plain text) to Encrypt/Decrypt
char *ciphertext;
printf(%s\n,plain);
// Generate RSA key
RSA *rsa1= RSA_generate_key(1024,65537,NULL,NULL);
// RSA_size() will determine how much memory must be allocated for an
if(rsa1==NULL) {
printf(NO RSA!\n\n);
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
}
else
{
printf(RSA OK!\n);
}
ciphertext = (char *)malloc(RSA_size(rsa1));
printf(rsa key = %d\n,rsa1);
printf(RSA size = %d\n,RSA_size(rsa1));
RSA_free(rsa1);
}
$ gcc -o rsa1 rsa1.c -lcrypto
Output
-
$ ./rsa1
Sample text
RSA OK!
rsa key = 473608208
RSA size = 128
Times 8 bits per octet == 1024 bits as requested.
Please correct me if i am missing anything ..
Does your %d recognize a number that is 128 bytes long?
Mike
kris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
