On Thu, Feb 21, 2013, cellecial wrote: > Hi, > > When I generate a ECC certificate, I wonder what the difference of these > two functions: > > //crypto/asn1/x_pubkey.c > int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); > > //crypto/asn1/i2d_pu.c > int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); > > They have same parameters, and almost same function names. > But in practice, they are different. > > If I want to extract public key from EC private key, it should be: > /***************************************************************/ > EC_KEY *ecdsakey; > EVP_PKEY *pkey, *pubkey; > > EC_KEY_generate_key(ecdsakey); > EVP_PKEY_assign_EC_KEY(pkey, ecdsakey); > > len = i2d_PUBKEY(ecdsakey, NULL); //(1) > data = (char *)malloc(len); > len = i2d_PUBKEY(ecdsakey,data); //(2) >
That wont work for two reasons. One is that you're passing the wrong type to the second parameter of i2d_PUBKEY and the other is that you're not using a temporary variable. See the FAQ: http://www.openssl.org/support/faq.html#PROG3 > What's the difference? > The difference is that they use different key formats. The i2d_PublicKey function has been arounds since OpenSSL started and uses a mixture of standard and (where a standard didn't exist) non-standard formats for public keys. The companion decoder d2i_PublicKey can't determine the key type from the structure so needs to be explicitly told. The old version is retained for compatibility. If possible the PUBKEY variant should be used: it uses the standardised format from certificates: SubjectPublicKeyInfo and can determine the algorithm from the structure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org