Re: Using libcrypto's RSA code
On 18 April 2013 00:17, Jakob Bohm jb-open...@wisemo.com wrote: This sounds like a gross violation of the Postel principle. A principle that should be pretty much universally violated. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
On 4/16/2013 10:28 PM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Zach Sent: Tuesday, 16 April, 2013 15:55 I'm still getting an error when trying to read this key using the BIO interface: Error: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode ... The body part of your string (between BEGIN line and END line) must have newlines -- actual newlines in the data \n not discarded source linebreaks \(EOL) -- at intervals of no more than 76 characters. This sounds like a gross violation of the Postel principle. The /only/ reason for the mention of any maximum line length in the Base64 specs is to accomodate ancient 7-bit ASCII only mail servers with artificial Holerith punched card like line length limitations. Adding those line feeds may also be useful in some human-viewed files, such as the output of openssl x509 -text. No sane Base64 decoder should care. But the code in crypto/evp/bio_b64.c seems to be stupidly line oriented with small line buffers in an overcomplicated state, when a streaming Base64 encoder/decoder should be able to get away with a few unsigned ints and a state machine. (The normal output from PEM_write and thus most commandline utilities is intervals of 64 characters, which is usually convenient. I observe you've broken your lines above at 63 for some reason.) ... Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using libcrypto's RSA code
No sane Base64 decoder should care. But the code in crypto/evp/bio_b64.c seems to be stupidly line oriented with small line buffers in an overcomplicated state, when a streaming Base64 encoder/decoder should be able to get away with a few unsigned ints and a state machine. The current behavior and implementation is not great and nobody has gotten around to fixing it yet. Love to see a patch. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
I'm sorry it took me so long to test this...but here's the result: I'm still getting an error when trying to read this key using the BIO interface: Error: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode More info below: My pubkey looks like this (this is just a test key): (pubkey.h): static const char* pubkey = (char*)\ -BEGIN PUBLIC KEY-\n\ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo+0cqJqlbJ7IoauOQzS\ wm43nMeM1wgapDxhgeNxBFz8Y8WdC56iHu7ICQhrIybzK1Zv1a9dmExyeGhGPRM\ vXYssNoOhphLFiN5mUwA3BNkxY2QwECESqPnlThXGiJ4bhBwvdXJ8ixtjGIh84P\ BV70Hf1F+FfVQPbi7GctLWSx6JD5xLb9h5D0sdfierup0TfNDMgrVDwvIlG4iKe\ GfB8npCUcicQ1E8pqx1axX3OxHIRr0dLIPrsPWKVj24jdeDZn0H+jhKxqus2/Yv\ fdoPAnlKgltmlnon23C06hziIOwbvECDho9zrw+nQSWQIQvs1TXaSZjYgVM45Uk\ zFNYn2Smv0efCUPEJa6gNawR/HFw8hIpBmtl6Jhm+du9AgLGU0j4pgAcw0xfj5F\ vsjeZfQDHm9FIbhY9dOoqcCwoIV5gzsb224T2uIHc+glAPjCOS+3rEP1+YwcGIK\ ObtIbzq2/rxS1HEx5z4NacLToOFZSKStgshXFQIjWCJ+2dCS8I4z5rkn1cP4bNR\ RIB7J5gdOsq+NJuLjC42QfTW7+rq/9ivjAUPwbnytqfWITbJZB5RurumCnaURqb\ 18v6kzvjO0A3Hxk2a1zjbpsO1+w9G3dW/F0fWqfn2JQoCTXKf1FJnzN+NaRMa5a\ vt8ohOwbObEDRoEjaC/OqiERaX4pHrHhU8CAwEAAQ==\n\ -END PUBLIC KEY-\n\ ; My code to read the pubkey looks like this: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); The results of this action are: Error: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode What is wrong with this key? -Zach On 04/02/2013 03:03 AM, Jakob Bohm wrote: On 02-04-2013 00:30, Zach wrote: I've been reading through the OpenSSL documentation, but I must be missing something... I have a public key (base64 encoded) which looks something like this: MIICIjANBgkqhkiG9w0BAQEFA..U8CAwEAAQ== This is in a char buffer. I've tried this with/without the wrapping text of -BEGIN PUBLIC KEY- and -END PUBLIC KEY-. Did you remember to put \n after the two marker strings and before the end string? -BEGIN PUBLIC KEY-\n and \n-END PUBLIC KEY-\n I then do the following 2 lines of code: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); As I understand it, this should: 1) create a BIO wrapper around the char* pubkey source, and 2) read from this BIO pointer an RSA key. However, the RSA pointer is null, and when I check the errors coming out of the library it says: error:0906D06C:PEM routines:PEM_read_bio:no start line I assume that I've formed the BIO instance incorrectly...what should I do differently? -Zach On 03/31/2013 02:49 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Felipe Blauth Sent: Friday, 29 March, 2013 16:36 To read the key from your header file you might want to use a memory BIO in conjunction with the PEM_read_bio_PUBKEY function or PEM_read_bio_RSAPublicKey ( I don't remember which one you should use, but this was answered in this list before). I don't have a test The default from commandline is PUBKEY (*private* keys changed from per-algorithm to PKCS8 in 1.0.0). enviroment right now, but you should do something like this: char key[] = Your pem key goes here; Including newlines represented as \n, which is easy to miss. BIO *mem = BIO_new(BIO_s_mem()); BIO_puts(mem, key); Or just BIO_new_mem_buf(key,len_or_neg1); EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL); Or PEM_read_bio_RSA_PUBKEY to downcast to RSA*, which you can also do separately, but EVP is generally preferable. snip Enjoy Jakob __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using libcrypto's RSA code
From: owner-openssl-us...@openssl.org On Behalf Of Zach Sent: Tuesday, 16 April, 2013 15:55 I'm still getting an error when trying to read this key using the BIO interface: Error: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode More info below: My pubkey looks like this (this is just a test key): (pubkey.h): static const char* pubkey = (char*)\ -BEGIN PUBLIC KEY-\n\ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo+0cqJqlbJ7IoauOQzS\ wm43nMeM1wgapDxhgeNxBFz8Y8WdC56iHu7ICQhrIybzK1Zv1a9dmExyeGhGPRM\ vXYssNoOhphLFiN5mUwA3BNkxY2QwECESqPnlThXGiJ4bhBwvdXJ8ixtjGIh84P\ BV70Hf1F+FfVQPbi7GctLWSx6JD5xLb9h5D0sdfierup0TfNDMgrVDwvIlG4iKe\ GfB8npCUcicQ1E8pqx1axX3OxHIRr0dLIPrsPWKVj24jdeDZn0H+jhKxqus2/Yv\ fdoPAnlKgltmlnon23C06hziIOwbvECDho9zrw+nQSWQIQvs1TXaSZjYgVM45Uk\ zFNYn2Smv0efCUPEJa6gNawR/HFw8hIpBmtl6Jhm+du9AgLGU0j4pgAcw0xfj5F\ vsjeZfQDHm9FIbhY9dOoqcCwoIV5gzsb224T2uIHc+glAPjCOS+3rEP1+YwcGIK\ ObtIbzq2/rxS1HEx5z4NacLToOFZSKStgshXFQIjWCJ+2dCS8I4z5rkn1cP4bNR\ RIB7J5gdOsq+NJuLjC42QfTW7+rq/9ivjAUPwbnytqfWITbJZB5RurumCnaURqb\ 18v6kzvjO0A3Hxk2a1zjbpsO1+w9G3dW/F0fWqfn2JQoCTXKf1FJnzN+NaRMa5a\ vt8ohOwbObEDRoEjaC/OqiERaX4pHrHhU8CAwEAAQ==\n\ -END PUBLIC KEY-\n\ ; The body part of your string (between BEGIN line and END line) must have newlines -- actual newlines in the data \n not discarded source linebreaks \(EOL) -- at intervals of no more than 76 characters. (The normal output from PEM_write and thus most commandline utilities is intervals of 64 characters, which is usually convenient. I observe you've broken your lines above at 63 for some reason.) My code to read the pubkey looks like this: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); Asides: you don't need the cast to void* there; if you've #include'd the declaration from pem.h as required it's protototyped and any C compiler since 1989 will convert. You also don't need the cast to char* on your declaration above; any C compiler since about 1975 will decay a string literal which is char[] to char*. (But since 1980 or so, not explicitly 'signed char*' or 'unsigned char*'.) Finally, it's more portable and arguably clearer to write long string literals as a series of adjacent pieces, which any compiler since 1989 must concatenate, rather than one long logical line (after preprocessor eliminates \(EOL)) which compilers aren't required to support and some don't. Although this only needs to be portable to compilers on systems that support OpenSSL, somewhat more restrictive. char* foo = abc\1 def\2 /*white space or comment ignored*/ ghi\3 jkl\4; produces always exactly the same result as char *foo = abc\1def\2ghi\3jkl\4; but with shorter source lines. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
Dave, Thank you very much for your help! This seemed to fix my issues. -Zach On 04/16/2013 04:28 PM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Zach Sent: Tuesday, 16 April, 2013 15:55 I'm still getting an error when trying to read this key using the BIO interface: Error: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode More info below: My pubkey looks like this (this is just a test key): (pubkey.h): static const char* pubkey = (char*)\ -BEGIN PUBLIC KEY-\n\ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo+0cqJqlbJ7IoauOQzS\ wm43nMeM1wgapDxhgeNxBFz8Y8WdC56iHu7ICQhrIybzK1Zv1a9dmExyeGhGPRM\ vXYssNoOhphLFiN5mUwA3BNkxY2QwECESqPnlThXGiJ4bhBwvdXJ8ixtjGIh84P\ BV70Hf1F+FfVQPbi7GctLWSx6JD5xLb9h5D0sdfierup0TfNDMgrVDwvIlG4iKe\ GfB8npCUcicQ1E8pqx1axX3OxHIRr0dLIPrsPWKVj24jdeDZn0H+jhKxqus2/Yv\ fdoPAnlKgltmlnon23C06hziIOwbvECDho9zrw+nQSWQIQvs1TXaSZjYgVM45Uk\ zFNYn2Smv0efCUPEJa6gNawR/HFw8hIpBmtl6Jhm+du9AgLGU0j4pgAcw0xfj5F\ vsjeZfQDHm9FIbhY9dOoqcCwoIV5gzsb224T2uIHc+glAPjCOS+3rEP1+YwcGIK\ ObtIbzq2/rxS1HEx5z4NacLToOFZSKStgshXFQIjWCJ+2dCS8I4z5rkn1cP4bNR\ RIB7J5gdOsq+NJuLjC42QfTW7+rq/9ivjAUPwbnytqfWITbJZB5RurumCnaURqb\ 18v6kzvjO0A3Hxk2a1zjbpsO1+w9G3dW/F0fWqfn2JQoCTXKf1FJnzN+NaRMa5a\ vt8ohOwbObEDRoEjaC/OqiERaX4pHrHhU8CAwEAAQ==\n\ -END PUBLIC KEY-\n\ ; The body part of your string (between BEGIN line and END line) must have newlines -- actual newlines in the data \n not discarded source linebreaks \(EOL) -- at intervals of no more than 76 characters. (The normal output from PEM_write and thus most commandline utilities is intervals of 64 characters, which is usually convenient. I observe you've broken your lines above at 63 for some reason.) My code to read the pubkey looks like this: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); Asides: you don't need the cast to void* there; if you've #include'd the declaration from pem.h as required it's protototyped and any C compiler since 1989 will convert. You also don't need the cast to char* on your declaration above; any C compiler since about 1975 will decay a string literal which is char[] to char*. (But since 1980 or so, not explicitly 'signed char*' or 'unsigned char*'.) Finally, it's more portable and arguably clearer to write long string literals as a series of adjacent pieces, which any compiler since 1989 must concatenate, rather than one long logical line (after preprocessor eliminates \(EOL)) which compilers aren't required to support and some don't. Although this only needs to be portable to compilers on systems that support OpenSSL, somewhat more restrictive. char* foo = abc\1 def\2 /*white space or comment ignored*/ ghi\3 jkl\4; produces always exactly the same result as char *foo = abc\1def\2ghi\3jkl\4; but with shorter source lines. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
On 02-04-2013 00:30, Zach wrote: I've been reading through the OpenSSL documentation, but I must be missing something... I have a public key (base64 encoded) which looks something like this: MIICIjANBgkqhkiG9w0BAQEFA..U8CAwEAAQ== This is in a char buffer. I've tried this with/without the wrapping text of -BEGIN PUBLIC KEY- and -END PUBLIC KEY-. Did you remember to put \n after the two marker strings and before the end string? -BEGIN PUBLIC KEY-\n and \n-END PUBLIC KEY-\n I then do the following 2 lines of code: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); As I understand it, this should: 1) create a BIO wrapper around the char* pubkey source, and 2) read from this BIO pointer an RSA key. However, the RSA pointer is null, and when I check the errors coming out of the library it says: error:0906D06C:PEM routines:PEM_read_bio:no start line I assume that I've formed the BIO instance incorrectly...what should I do differently? -Zach On 03/31/2013 02:49 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Felipe Blauth Sent: Friday, 29 March, 2013 16:36 To read the key from your header file you might want to use a memory BIO in conjunction with the PEM_read_bio_PUBKEY function or PEM_read_bio_RSAPublicKey ( I don't remember which one you should use, but this was answered in this list before). I don't have a test The default from commandline is PUBKEY (*private* keys changed from per-algorithm to PKCS8 in 1.0.0). enviroment right now, but you should do something like this: char key[] = Your pem key goes here; Including newlines represented as \n, which is easy to miss. BIO *mem = BIO_new(BIO_s_mem()); BIO_puts(mem, key); Or just BIO_new_mem_buf(key,len_or_neg1); EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL); Or PEM_read_bio_RSA_PUBKEY to downcast to RSA*, which you can also do separately, but EVP is generally preferable. snip Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
On 1 April 2013 23:30, Zach lace...@roboticresearch.com wrote: RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); Try using this instead: PEM_read_bio_PUBKEY Matt
Re: Using libcrypto's RSA code
I've been reading through the OpenSSL documentation, but I must be missing something... I have a public key (base64 encoded) which looks something like this: MIICIjANBgkqhkiG9w0BAQEFA..U8CAwEAAQ== This is in a char buffer. I've tried this with/without the wrapping text of -BEGIN PUBLIC KEY- and -END PUBLIC KEY-. I then do the following 2 lines of code: BIO* bio = BIO_new_mem_buf((void*)pubkey, -1); RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); As I understand it, this should: 1) create a BIO wrapper around the char* pubkey source, and 2) read from this BIO pointer an RSA key. However, the RSA pointer is null, and when I check the errors coming out of the library it says: error:0906D06C:PEM routines:PEM_read_bio:no start line I assume that I've formed the BIO instance incorrectly...what should I do differently? -Zach On 03/31/2013 02:49 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Felipe Blauth Sent: Friday, 29 March, 2013 16:36 To read the key from your header file you might want to use a memory BIO in conjunction with the PEM_read_bio_PUBKEY function or PEM_read_bio_RSAPublicKey ( I don't remember which one you should use, but this was answered in this list before). I don't have a test The default from commandline is PUBKEY (*private* keys changed from per-algorithm to PKCS8 in 1.0.0). enviroment right now, but you should do something like this: char key[] = Your pem key goes here; Including newlines represented as \n, which is easy to miss. BIO *mem = BIO_new(BIO_s_mem()); BIO_puts(mem, key); Or just BIO_new_mem_buf(key,len_or_neg1); EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL); Or PEM_read_bio_RSA_PUBKEY to downcast to RSA*, which you can also do separately, but EVP is generally preferable. snip __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using libcrypto's RSA code
From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich Sent: Friday, 29 March, 2013 11:47 1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file Avoid a step. Base64 decode and using something like od put a binary bytestream into your source. Like unsigned char der_key[] = { 3, 12, 253, } If you do use od octal, remember to force a leading 0 on each byte that doesn't already have one, and maybe them too for simplicity. Or if you use hex, 0x on every byte over 9, ditto. 2) Compile code with this key which will public-key encrypt a message. Convert it into an RSA structure using d2i_XXX routines. The commandline default is PUBKEY, and d2i_PUBKEY returns an EVP_PKEY wrapping an RSA suitable for EVP_Seal* per elsethread. Or d2i_RSA_PUBKEY downcasts to RSA suitable for lowlevel RSA_public_encrypt etc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using libcrypto's RSA code
From: owner-openssl-us...@openssl.org On Behalf Of Felipe Blauth Sent: Friday, 29 March, 2013 16:36 To read the key from your header file you might want to use a memory BIO in conjunction with the PEM_read_bio_PUBKEY function or PEM_read_bio_RSAPublicKey ( I don't remember which one you should use, but this was answered in this list before). I don't have a test The default from commandline is PUBKEY (*private* keys changed from per-algorithm to PKCS8 in 1.0.0). enviroment right now, but you should do something like this: char key[] = Your pem key goes here; Including newlines represented as \n, which is easy to miss. BIO *mem = BIO_new(BIO_s_mem()); BIO_puts(mem, key); Or just BIO_new_mem_buf(key,len_or_neg1); EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL); Or PEM_read_bio_RSA_PUBKEY to downcast to RSA*, which you can also do separately, but EVP is generally preferable. snip __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Using libcrypto's RSA code
I'm trying to do the following: 1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file 2) Compile code with this key which will public-key encrypt a message. My problem: I'm not sure what interface to use to 1) read in the char array in my header file into memory, and 2) read this memory into an RSA structure. What do I use to do this? It seems like I must be missing something...this should be pretty easy. -Zach __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
On 29 March 2013 15:09, Zach lace...@roboticresearch.com wrote: I'm trying to do the following: 1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file Do you mean to put the actual key itself hardcoded into the header file?? This seems like a strange thing to do. PEM files can be read using the various functions described here: http://www.openssl.org/docs/crypto/pem.html 2) Compile code with this key which will public-key encrypt a message. To encrypt a message you need to use the EVP_Seal* functions described here: http://wiki.opensslfoundation.com/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope http://www.openssl.org/docs/crypto/EVP_SealInit.html Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using libcrypto's RSA code
1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file Avoid a step. Base64 decode and using something like od put a binary bytestream into your source. Like unsigned char der_key[] = { 3, 12, 253, } 2) Compile code with this key which will public-key encrypt a message. Convert it into an RSA structure using d2i_XXX routines. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
The reason I want to put the public key into the header file is to simply make it easier to use the software (you can do the public key encryption of some data with only the binary file, not the binary and another file). Thus, I don't want to read a PEM file from the disk, but rather from memory. Thank you very much for your link for EVP_Seal*. I'll have a look. On 03/29/2013 11:41 AM, Matt Caswell wrote: On 29 March 2013 15:09, Zach lace...@roboticresearch.com wrote: I'm trying to do the following: 1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file Do you mean to put the actual key itself hardcoded into the header file?? This seems like a strange thing to do. PEM files can be read using the various functions described here: http://www.openssl.org/docs/crypto/pem.html 2) Compile code with this key which will public-key encrypt a message. To encrypt a message you need to use the EVP_Seal* functions described here: http://wiki.opensslfoundation.com/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope http://www.openssl.org/docs/crypto/EVP_SealInit.html Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using libcrypto's RSA code
To read the key from your header file you might want to use a memory BIO in conjunction with the PEM_read_bio_PUBKEY function or PEM_read_bio_RSAPublicKey ( I don't remember which one you should use, but this was answered in this list before). I don't have a test enviroment right now, but you should do something like this: char key[] = Your pem key goes here; BIO *mem = BIO_new(BIO_s_mem()); BIO_puts(mem, key); EVP_PKEY* pkey=PEM_read_bio_PUBKEY(mem,NULL,NULL,NULL); ... 2013/3/29 Zach lace...@roboticresearch.com The reason I want to put the public key into the header file is to simply make it easier to use the software (you can do the public key encryption of some data with only the binary file, not the binary and another file). Thus, I don't want to read a PEM file from the disk, but rather from memory. Thank you very much for your link for EVP_Seal*. I'll have a look. On 03/29/2013 11:41 AM, Matt Caswell wrote: On 29 March 2013 15:09, Zach lace...@roboticresearch.com wrote: I'm trying to do the following: 1) Put a base64-encoded key (the normal one generated by openssl command line tools) into a header file Do you mean to put the actual key itself hardcoded into the header file?? This seems like a strange thing to do. PEM files can be read using the various functions described here: http://www.openssl.org/docs/crypto/pem.html 2) Compile code with this key which will public-key encrypt a message. To encrypt a message you need to use the EVP_Seal* functions described here: http://wiki.opensslfoundation.com/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope http://www.openssl.org/docs/crypto/EVP_SealInit.html Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Felipe Menegola Blauth