Hi all
I am still battling with getting a key exported as a public key blob
from a MS platform into openssl on Linux to add to a certificate.
I have learned that MS exports the key as a PKCS#1 structure. the key is
a 512 bit (64 Byte) key. When I write this blob to file it is 84 Bytes
in length.
When I create a similar key with open SSL and write it to file it is
only 74 bytes in length.
I am trying to understand where the extra bytes come from. On openSSL I
am able to see that the last 3 bytes are the exponent. The last 5 bytes
and the first 5 bytes of the key remain constant.
Can someone enlighten me as to what they represent.
On my machine they are
First 5
30 48 02 41 00
last 5
02 03 01 00 01
where 01 00 01 appears to be the exponent.
If the PKCS1 format of the MS key is correct, why is it ten bytes
longer. Is there a procedure/function using openssl to read this key.
I am creating and writing the openssl keys like so
bool MakeKeyPair()
{
unsigned char ucPubKey[5000];
unsigned char ucPrivKey[5000];
FILE * fp;
int ret = -1;
unsigned char * ucPubKeyCpy;
unsigned char * ucPrivKeyCpy;
int iPrivKeyLen;
int iPubKeyLen;
RSA * NewKeyPair = 0;
int Len = 0;
DEBUG_MESSAGE("SECURE", "Make Random");
RAND_egd_bytes("/dev/random", 1024);
NewKeyPair = RSA_generate_key( 512, RSA_F4, NULL, NULL);
Len = RSA_size(NewKeyPair);
ucPubKeyCpy = ucPubKey;
ucPrivKeyCpy = ucPrivKey;
iPrivKeyLen = i2d_RSAPrivateKey(NewKeyPair, &ucPrivKeyCpy);
iPubKeyLen = i2d_RSAPublicKey(NewKeyPair, &ucPubKeyCpy);
ucPubKeyCpy = ucPubKey;
ucPrivKeyCpy = ucPrivKey;
DEBUG_MESSAGE("SECURE", "Write to file");
ERR_print_errors_fp(stdout); fflush(stdout);
ret= i2d_RSAPublicKey( NewKeyPair, &ucPubKeyCpy);
fp = fopen (PUBKEYOUT2, "wb");
fwrite ( ucPubKey , ret, 1, fp);
fclose(fp);
ucPubKeyCpy = ucPubKey;
ucPrivKeyCpy = ucPrivKey;
RSA_free(NewKeyPair);
return true;
}
and reading the keys in as such
FILE * file;
unsigned char Buffer[300];
memset(&Buffer, 0, sizeof(Buffer));
file = fopen(DOLF2, "rb");
fread(Buffer, 84 ,1,file);
fclose(file);
unsigned char ucPubKey[2000];
unsigned char * BufferTmp;
BufferTmp = Buffer;
pEVP_PKEY = d2i_PublicKey(EVP_PKEY_RSA ,NULL, &BufferTmp, 84);
ERR_print_errors_fp(stdout); fflush(stdout);
BufferTmp = 0;
With the MS Key the value of pEVP_PKEY is null.
and it complains about
23339:error:0D09E082:asn1 encoding
routines:d2i_RSAPublicKey:parsing:d2i_r_pu.c:92:
23339:error:0D09C00D:asn1 encoding routines:d2i_PublicKey:ASN1
lib:d2i_pu.c:89:
What am I doing wrong? Is what I am trying to do possible with openssl
routines or do I need to try to do my own thing.
ie.If I write the 64 bit key out (leave off the other stuff) and add to
the front and back of the key the 10 bytes mentioned above, the
mentioned routine reads the key and creates the pEVP_PKEY structure.
I do not know if I put this in a certificate and send it back the the MS
machine if it is going to produce the same results.
I think the answer is in undderstanding both the openssl and MS key
structure.
Hylton
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
