RE: Problems reading PKCS8 private key
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Friday, 25 January, 2013 12:21 > On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote: > > > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > > > > > Hi All, I'm having a bit of a problem. I need to load a private > > > key (EC, but I'm having the same problem with RSA) from an unecrypted, > > > der encoded, ... file for now and it's simply not working. > > If it is not encrypted, it is not really PKCS8, at least in the sense > > that it is a different ASN.1 data structure, the code that works is: > > It is one of two structures defined by PKCS8, but not the one OpenSSL names PKCS8PrivateKey . > > - EVP_PKEY *key = d2i_PKCS8PrivateKey_fp(f, NULL, NULL, NULL); > > + EVP_PKEY *key = d2i_PrivateKey_fp(f, NULL); > > I should perhaps mention that this is with OpenSSL 1.0 or later, which > the OP is probably using given that he's using EC keys. > Not necessarily. 0.9.8 libcrypto supports EC keys and operations fine. The difference is only in libssl where 0.9.8 has EC-using ciphersuites normally disabled, while >=1.0.0 has them enabled. OP didn't say this is for SSL. > In OpenSSL 0.9.8 d2i_PrivateKey_fp expects an RSA key. > 0.9.8 d2i_PrivateKey_{fp,bio} guesses between bare RSA key or DSA key (which can be converted for DH) or EC key, but not PKCS8_PRIV_KEY_INFO which is what pkcs8 -topk8 -nocrypt writes. >=1.0.0 d2i_PrivateKey_{fp,bio} additionally guesses that. In all versions d2i_PKCS8_PRIV_KEY_INFO_{fp,bio} works for this data, but you need EVP_PKCS82PKEY to convert the result. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Problems reading PKCS8 private key
Thanks for your help, guys! Ken Allen Senior Software Engineer ESS Division Ultra Electronics, Prologic 15 E. Main St. Westminster, MD 21157 ken.al...@ultra-prologic.com Tel: +1 410 203 1103 Fax: +1 410 203 1151 www.ultra-prologic.com From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: Friday, January 25, 2013 1:00 PM To: openssl-users@openssl.org Subject: Re: Problems reading PKCS8 private key On Fri, Jan 25, 2013, Ken Allen wrote: > Awesome, that worked. Is there a "official" name for the asn.1 structure > that's being produced here? > It's a PKCS#8 PrivateKeyInfo structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail from Ultra Electronics, ProLogic and any attachments to it are confidential to the intended recipient and may also be privileged or controlled by U.S. export control laws and regulations. No technical data, information or other items provided by Ultra Electronics, ProLogic in connection with this email shall be shared or provided to any foreign persons, entities, or subsidiaries without the expressed written authorization of Ultra Electronic, ProLogic. If you have received it in error please notify the sender and delete it from your system. If you are not the intended recipient you must not copy it or use it for any purpose nor disclose or distribute its contents to any other person. All communications may be subject to interception or monitoring for operational and/or security purposes. Please rely on your own virus checking as the sender cannot accept any liability for any damage arising from any bug or virus infection. Please consider the environment before printing this email. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems reading PKCS8 private key
On Fri, Jan 25, 2013, Ken Allen wrote: > Awesome, that worked. Is there a "official" name for the asn.1 structure > that's being produced here? > It's a PKCS#8 PrivateKeyInfo structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Problems reading PKCS8 private key
Awesome, that worked. Is there a "official" name for the asn.1 structure that's being produced here? Ken Allen Software Engineer ESS Division Ultra Electronics, Prologic 15 E. Main St. Westminster, MD 21157 ken.al...@ultra-prologic.com Tel: +1 410 203 1103 Fax: +1 410 203 1151 www.ultra-prologic.com From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Viktor Dukhovni [openssl-us...@dukhovni.org] Sent: Friday, January 25, 2013 12:21 PM To: openssl-users@openssl.org Subject: Re: Problems reading PKCS8 private key On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote: > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > > > Hi All, I'm having a bit of a problem. I need to load a private > > key (EC, but I'm having the same problem with RSA) from an unecrypted, > > der encoded, PKCS8 memory buffer. I'm just trying to get it to work > > loading from a file for now and it's simply not working. Can someone > > tell me what I'm doing wrong? > > If it is not encrypted, it is not really PKCS8, at least in the sense > that it is a different ASN.1 data structure, the code that works is: > > - EVP_PKEY *key = d2i_PKCS8PrivateKey_fp(f, NULL, NULL, NULL); > + EVP_PKEY *key = d2i_PrivateKey_fp(f, NULL); I should perhaps mention that this is with OpenSSL 1.0 or later, which the OP is probably using given that he's using EC keys. In OpenSSL 0.9.8 d2i_PrivateKey_fp expects an RSA key. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail from Ultra Electronics, ProLogic and any attachments to it are confidential to the intended recipient and may also be privileged or controlled by U.S. export control laws and regulations. No technical data, information or other items provided by Ultra Electronics, ProLogic in connection with this email shall be shared or provided to any foreign persons, entities, or subsidiaries without the expressed written authorization of Ultra Electronic, ProLogic. If you have received it in error please notify the sender and delete it from your system. If you are not the intended recipient you must not copy it or use it for any purpose nor disclose or distribute its contents to any other person. All communications may be subject to interception or monitoring for operational and/or security purposes. Please rely on your own virus checking as the sender cannot accept any liability for any damage arising from any bug or virus infection. Please consider the environment before printing this email. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems reading PKCS8 private key
On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote: > On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > > > Hi All, I'm having a bit of a problem. I need to load a private > > key (EC, but I'm having the same problem with RSA) from an unecrypted, > > der encoded, PKCS8 memory buffer. I'm just trying to get it to work > > loading from a file for now and it's simply not working. Can someone > > tell me what I'm doing wrong? > > If it is not encrypted, it is not really PKCS8, at least in the sense > that it is a different ASN.1 data structure, the code that works is: > > - EVP_PKEY *key = d2i_PKCS8PrivateKey_fp(f, NULL, NULL, NULL); > + EVP_PKEY *key = d2i_PrivateKey_fp(f, NULL); I should perhaps mention that this is with OpenSSL 1.0 or later, which the OP is probably using given that he's using EC keys. In OpenSSL 0.9.8 d2i_PrivateKey_fp expects an RSA key. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems reading PKCS8 private key
On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote: > Hi All, I'm having a bit of a problem. I need to load a private > key (EC, but I'm having the same problem with RSA) from an unecrypted, > der encoded, PKCS8 memory buffer. I'm just trying to get it to work > loading from a file for now and it's simply not working. Can someone > tell me what I'm doing wrong? If it is not encrypted, it is not really PKCS8, at least in the sense that it is a different ASN.1 data structure, the code that works is: - EVP_PKEY *key = d2i_PKCS8PrivateKey_fp(f, NULL, NULL, NULL); + EVP_PKEY *key = d2i_PrivateKey_fp(f, NULL); -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org