Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string.
I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey().
But now I've seen that it works well with PEM keys, and now I'm trying
to use a DER key, again from a string. Is there something like
DER_read_bio_PrivateKey()?
2010/10/27 Dr. Stephen Henson st...@openssl.org:
On Wed, Oct 27, 2010, Leandro Santiago wrote:
Ok. I've found the implementation of that function:
EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb
*cb, void *u)
{
BIO *b;
EVP_PKEY *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_read_bio_PrivateKey(b,x,cb,u);
BIO_free(b);
return(ret);
}
So if I need to implement a function which opens a char string as a
key I need to write something as the code above, but changing the
functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something
which load from that string instead from a FILE*?
ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very
hard to beginners. thx
As others have indicated you can use PEM_read_bio_PrivateKey() instead as
this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a
BIO from a character string using BIO_new_mem_buf().
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: How can I load a PEM key stored in a string instead from a file?
How about using the d2i_ functions?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Leandro Santiago
Sent: Friday, October 29, 2010 7:26 AM
To: openssl-users@openssl.org
Subject: Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string.
I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey().
But now I've seen that it works well with PEM keys, and now I'm trying
to use a DER key, again from a string. Is there something like
DER_read_bio_PrivateKey()?
2010/10/27 Dr. Stephen Henson st...@openssl.org:
On Wed, Oct 27, 2010, Leandro Santiago wrote:
Ok. I've found the implementation of that function:
EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb
*cb, void *u)
{
BIO *b;
EVP_PKEY *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_read_bio_PrivateKey(b,x,cb,u);
BIO_free(b);
return(ret);
}
So if I need to implement a function which opens a char string as a
key I need to write something as the code above, but changing the
functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something
which load from that string instead from a FILE*?
ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very
hard to beginners. thx
As others have indicated you can use PEM_read_bio_PrivateKey() instead as
this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a
BIO from a character string using BIO_new_mem_buf().
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Thank you very much!
I've used d2i_PrivateKey_bio() with the BIO I get from the key buffer.
2010/10/29 Erik Tkal et...@juniper.net:
How about using the d2i_ functions?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Leandro Santiago
Sent: Friday, October 29, 2010 7:26 AM
To: openssl-users@openssl.org
Subject: Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string.
I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey().
But now I've seen that it works well with PEM keys, and now I'm trying
to use a DER key, again from a string. Is there something like
DER_read_bio_PrivateKey()?
2010/10/27 Dr. Stephen Henson st...@openssl.org:
On Wed, Oct 27, 2010, Leandro Santiago wrote:
Ok. I've found the implementation of that function:
EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb
*cb, void *u)
{
BIO *b;
EVP_PKEY *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_read_bio_PrivateKey(b,x,cb,u);
BIO_free(b);
return(ret);
}
So if I need to implement a function which opens a char string as a
key I need to write something as the code above, but changing the
functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something
which load from that string instead from a FILE*?
ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very
hard to beginners. thx
As others have indicated you can use PEM_read_bio_PrivateKey() instead as
this can be passed a BIO which is an OpenSSL I/O abstraction. You can create
a
BIO from a character string using BIO_new_mem_buf().
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
On Tue October 26 2010, Leandro Santiago wrote: Sorry. I don't understand everything. Do you have any code example? I've tried to read the source code of these functions, but PEM_read_PrivateKey is a macro (and I hate read big macros) :-( gcc -E ... output.txt Is your answer to that complaint. Mike 2010/10/26 Wim Lewis w...@omnigroup.com: PEM_read_PrivateKey() is a wrapper around PEM_ASN1_read() (which reads an arbitrary ASN.1 object from a PEM-encoded blob) and d2i_PrivateKey() (which knows how to read a private key blob specifically). PEM_ASN1_read() simply creates a BIO from the FILE* that you give it, and calls PEM_ASN1_read_bio(). If you want, you can instead create a BIO from your string using something like BIO_new_mem_buf() and call PEM_ASN1_read_bio() yourself. (A BIO is an openssl object that's like a more general-purpose FILE*.) BTW, if your keys are stored in a database, there's probably no need for them to be PEM-encoded; you can save a bit of space and time by storing them in DER format and calling d2i_PrivateKey() directly. (PEM format is more or less just base64-encoded DER.) There's a FAQ entry on this: http://www.openssl.org/support/faq.html#PROG3 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How can I load a PEM key stored in a string instead from a file?
Hello to all. I'm using the openssl api in a C application. Currently to load a private key (generated by openssl command), I do: _privKeyFile = fopen(filename, rt); _privKey = PEM_read_PrivateKey(_privKeyFile, NULL, NULL, NULL); _rsa = EVP_PKEY_get1_RSA(_privKey); The _rsa is the object I need to decrypt my data. But now I need do keep the private key in a database, and not in files anymore. In database I store these keys in a common plain text format and I can't use the filesystem. So imagine I have key as char[]. How can I get a EVP_PKEY object from a key that is a string? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
PEM_read_PrivateKey() is a wrapper around PEM_ASN1_read() (which reads an arbitrary ASN.1 object from a PEM-encoded blob) and d2i_PrivateKey() (which knows how to read a private key blob specifically). PEM_ASN1_read() simply creates a BIO from the FILE* that you give it, and calls PEM_ASN1_read_bio(). If you want, you can instead create a BIO from your string using something like BIO_new_mem_buf() and call PEM_ASN1_read_bio() yourself. (A BIO is an openssl object that's like a more general-purpose FILE*.) BTW, if your keys are stored in a database, there's probably no need for them to be PEM-encoded; you can save a bit of space and time by storing them in DER format and calling d2i_PrivateKey() directly. (PEM format is more or less just base64-encoded DER.) There's a FAQ entry on this: http://www.openssl.org/support/faq.html#PROG3 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Sorry. I don't understand everything. Do you have any code example? I've tried to read the source code of these functions, but PEM_read_PrivateKey is a macro (and I hate read big macros) :-( 2010/10/26 Wim Lewis w...@omnigroup.com: PEM_read_PrivateKey() is a wrapper around PEM_ASN1_read() (which reads an arbitrary ASN.1 object from a PEM-encoded blob) and d2i_PrivateKey() (which knows how to read a private key blob specifically). PEM_ASN1_read() simply creates a BIO from the FILE* that you give it, and calls PEM_ASN1_read_bio(). If you want, you can instead create a BIO from your string using something like BIO_new_mem_buf() and call PEM_ASN1_read_bio() yourself. (A BIO is an openssl object that's like a more general-purpose FILE*.) BTW, if your keys are stored in a database, there's probably no need for them to be PEM-encoded; you can save a bit of space and time by storing them in DER format and calling d2i_PrivateKey() directly. (PEM format is more or less just base64-encoded DER.) There's a FAQ entry on this: http://www.openssl.org/support/faq.html#PROG3 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
