Re: Basics concepts about openssl+rsa
Hello again. I'm reading these documents and I've seen that the IO struct for these is the BIO struct. My idea is do something like following (I've generated rsa_public.key with genrsa): $ openssl rsautl -encrypt -in legible_file -pubin -inkey rsa_public.key -out encrypted_file But in my program legible_file and encrypted_file are char[] strings. I'm looking at the EVP_PKEY_encrypt, but the EVP_PKEY_CTX type seems don't exist (I'm using openssl 0.9.8). I'm seeing some tutorials about openssl, but they are quite old (ten years is much time :-)). Are there more updated tutorials in the Internet? I've really liked openssl, but I don't know where to start. Is there a irc channel where users can talk? Regards 2010/8/17 Leandro Santiago leandrosansi...@gmail.com: Thx. I'll read these documents. In my system the keys aren't generated in instalation-time, but I have both the keys, private and public pre-generated. Actually in my system the password based encrypt system works fine, and it's part of a larger subsystem. So the rsa idea has sounded good for me :-) Regards 2010/8/17 Wim Lewis w...@omnigroup.com: On Aug 17, 2010, at 3:19 PM, Wim Lewis wrote: But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. Ah, I forgot about http://www.openssl.org/docs/crypto/EVP_SealInit.html and friends, maybe that would be an easier approach. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Basics concepts about openssl+rsa
Hello to all. I'm really new in openssl. In my application I will use openssl to encrpypt some password strings using rsa. I've generated the pair of keys with openssl command line and now I want to use this pair to crypt and encrypt these strings. It's really a basic doubt: How can I parse a file with the public key to a struct which I can use to encrypt the string. Maybe just a simple_example.c... :-) And also an example about decrypt using the private key, of course :-) I'm reading this page: http://www.openssl.org/docs/crypto/rsa.html but manuals aren't good to a beginner :-) Thx and sorry for my bad English :-) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Basics concepts about openssl+rsa
On Aug 17, 2010, at 12:37 PM, Leandro Santiago wrote: It's really a basic doubt: How can I parse a file with the public key to a struct which I can use to encrypt the string. Maybe just a simple_example.c... :-) And also an example about decrypt using the private key, of course :-) I'm reading this page: http://www.openssl.org/docs/crypto/rsa.html but manuals aren't good to a beginner :-) Yes, it's pretty hard to get oriented when starting to use openssl. It's usually easier to avoid the lowest-level RSA_foo() functions in favor of the slightly more abstract EVP_(PKEY_)foo() functions. (This also lets you switch algorithms etc. later without rewriting everything.) IIRC, what you need to do is load the public or private key using either a PEM_read_* function or a d2i_*() function, depending on whether the key is in a PEM or DER format: http://www.openssl.org/docs/crypto/pem.html http://www.openssl.org/docs/crypto/d2i_PKCS8PrivateKey.html For the basic public-key operation, you use functions that operate on an EVP_PKEY_CTX: http://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Basics concepts about openssl+rsa
On Aug 17, 2010, at 3:19 PM, Wim Lewis wrote: But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. Ah, I forgot about http://www.openssl.org/docs/crypto/EVP_SealInit.html and friends, maybe that would be an easier approach. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Basics concepts about openssl+rsa
Thx. I'll read these documents. In my system the keys aren't generated in instalation-time, but I have both the keys, private and public pre-generated. Actually in my system the password based encrypt system works fine, and it's part of a larger subsystem. So the rsa idea has sounded good for me :-) Regards 2010/8/17 Wim Lewis w...@omnigroup.com: On Aug 17, 2010, at 3:19 PM, Wim Lewis wrote: But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. Ah, I forgot about http://www.openssl.org/docs/crypto/EVP_SealInit.html and friends, maybe that would be an easier approach. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
