Re: use openssl function in own application
Hello Matt, my question was wrong, because I have to admin, that I did, at the moment of the post, not know what the line I posted does. thank you very much for the explanation and the links Andreas Am 14.12.2013 14:10, schrieb Matt Caswell: On 13 December 2013 17:33, andreas andreas.moroder-hi6y0cq0...@public.gmane.org wrote: Hello, in our public hospital we have a application that has to encrypt data with a certificate. At the moment we call a batch files that does openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer -certin -pkcs I don't know what it is that you are encrypting, however normally you would not directly encrypt messages in this way. RSA is usually used to encrypt some symmetric session key, and then your message is encrypted using this session key. Here you are directly encrypting files using RSA...if those files are actually raw keys then thats probably ok. IS it possible to implement this in our application using openssl libraries ? Yes: To load the certificate you can use PEM_read_X509 (or one of the other similar variants). See https://www.openssl.org/docs/crypto/pem.html This will give you an X509 structure. To obtain the public key from the certificate use X509_get_pubkey. This function is defined in x509.h and is apparently undocumented as far as I can see. Its quite straight forward though - just pass the X509 structure in and you get an EVP_PKEY structure back. To encrypt use EVP_PKEY_encrypt. See https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html The manual page above gives some example code for encrypting. It shows how to set the padding type. For your particular situation you need to use RSA_PKCS1_PADDING. Don't forget to free up your EVP_PKEY and X509 structures using EVP_PKEY_free and X509_free. Can anyone please tell me if there are sample file that implement that encryption ? You can take a look at how the rsautl app does it in apps/rsautl.c. This essentially works the same way as I have outlined above except that it uses RSA_public_encrypt to do the encryption, rather than EVP_PKEY_encrypt that I have suggested. Hope that helps, Matt Thanks Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org Automated List Manager majordomo-mcmkbn63+blafugrpc6...@public.gmane.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org Automated List Manager majordomo-mcmkbn63+blafugrpc6...@public.gmane.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: use openssl function in own application
On 13 December 2013 17:33, andreas andreas.moro...@gmx.net wrote: Hello, in our public hospital we have a application that has to encrypt data with a certificate. At the moment we call a batch files that does openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer -certin -pkcs I don't know what it is that you are encrypting, however normally you would not directly encrypt messages in this way. RSA is usually used to encrypt some symmetric session key, and then your message is encrypted using this session key. Here you are directly encrypting files using RSA...if those files are actually raw keys then thats probably ok. IS it possible to implement this in our application using openssl libraries ? Yes: To load the certificate you can use PEM_read_X509 (or one of the other similar variants). See https://www.openssl.org/docs/crypto/pem.html This will give you an X509 structure. To obtain the public key from the certificate use X509_get_pubkey. This function is defined in x509.h and is apparently undocumented as far as I can see. Its quite straight forward though - just pass the X509 structure in and you get an EVP_PKEY structure back. To encrypt use EVP_PKEY_encrypt. See https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html The manual page above gives some example code for encrypting. It shows how to set the padding type. For your particular situation you need to use RSA_PKCS1_PADDING. Don't forget to free up your EVP_PKEY and X509 structures using EVP_PKEY_free and X509_free. Can anyone please tell me if there are sample file that implement that encryption ? You can take a look at how the rsautl app does it in apps/rsautl.c. This essentially works the same way as I have outlined above except that it uses RSA_public_encrypt to do the encryption, rather than EVP_PKEY_encrypt that I have suggested. Hope that helps, Matt Thanks Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
use openssl function in own application
Hello, in our public hospital we have a application that has to encrypt data with a certificate. At the moment we call a batch files that does openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer -certin -pkcs IS it possible to implement this in our application using openssl libraries ? Can anyone please tell me if there are sample file that implement that encryption ? Thanks Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org