provider implementation of verify: cannot find private key of public key from example-pub.pem
790 views
Skip to first unread message
Bernd Ritter
Aug 19, 2024, 5:51:11 AM8/19/24
to openss...@openssl.org
Hello everyone,
I want to verify a signature from a message with my custom provider.
Generating the private and public key works, I get to create the custom
oid'd keys example.pem and example-pub.pem as files.
Creating the signature from a text file also works.
Then I naturally want to verify the message against the signature. Here
I get this:
openssl pkeyutl -provider-path build -provider default -provider
ed25519ph -propquery ?provider=myprovider -verify -inkey example-pub.pem
-pubin -in message.txt -rawin -sigfile message.txt.sigp
ed25519ph provider init...
ed25519ph provider init complete
operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02d90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02de0
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04680
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04680
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220dfc6f0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e07310
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e09320
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e09320
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
Could not find private key of public key from example-pub.pem
800BFD680F7A0000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
800BFD680F7A0000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
pkeyutl: Error initializing context
Why does OpenSSL look for the private key in the public key file? The
same command using ed25519 and ed25519ph (as pkeyopt) work just fine.
All the best,
Bernd
--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: rit...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
I want to verify a signature from a message with my custom provider.
Generating the private and public key works, I get to create the custom
oid'd keys example.pem and example-pub.pem as files.
Creating the signature from a text file also works.
Then I naturally want to verify the message against the signature. Here
I get this:
openssl pkeyutl -provider-path build -provider default -provider
ed25519ph -propquery ?provider=myprovider -verify -inkey example-pub.pem
-pubin -in message.txt -rawin -sigfile message.txt.sigp
ed25519ph provider init...
ed25519ph provider init complete
operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02d90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02de0
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04680
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04680
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220dfc6f0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e07310
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e09320
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e09320
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
Could not find private key of public key from example-pub.pem
800BFD680F7A0000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
800BFD680F7A0000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
pkeyutl: Error initializing context
Why does OpenSSL look for the private key in the public key file? The
same command using ed25519 and ed25519ph (as pkeyopt) work just fine.
All the best,
Bernd
--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: rit...@b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
Bernd Ritter
Aug 27, 2024, 3:31:09 AM8/27/24
to openss...@openssl.org
Hey everyone,
I am still struggling on this. My lead was to check if the public key
was somehow incorrect. But both the ed25519 and my own X509_PUBKEY look
quite similar:
# openssl asn1parse -in example-pub.ed25519.pem
0:d=0 hl=2 l= 42 cons: SEQUENCE
2:d=1 hl=2 l= 5 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :ED25519
9:d=1 hl=2 l= 33 prim: BIT STRING
# openssl asn1parse -in example-pub.pem
0:d=0 hl=2 l= 42 cons: SEQUENCE
2:d=1 hl=2 l= 5 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :1.2.3.4
9:d=1 hl=2 l= 33 prim: BIT STRING
Besides that, given the logs below the provider does not seem to load my
own decoder to read the public key file. But I have no idea which that
might be.
Hoping for some ideas.
All the best,
Bernd
Am 19.08.24 um 11:51 schrieb 'Bernd Ritter' via openssl-users:
I am still struggling on this. My lead was to check if the public key
was somehow incorrect. But both the ed25519 and my own X509_PUBKEY look
quite similar:
# openssl asn1parse -in example-pub.ed25519.pem
0:d=0 hl=2 l= 42 cons: SEQUENCE
2:d=1 hl=2 l= 5 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :ED25519
9:d=1 hl=2 l= 33 prim: BIT STRING
# openssl asn1parse -in example-pub.pem
0:d=0 hl=2 l= 42 cons: SEQUENCE
2:d=1 hl=2 l= 5 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :1.2.3.4
9:d=1 hl=2 l= 33 prim: BIT STRING
Besides that, given the logs below the provider does not seem to load my
own decoder to read the public key file. But I have no idea which that
might be.
Hoping for some ideas.
All the best,
Bernd
Am 19.08.24 um 11:51 schrieb 'Bernd Ritter' via openssl-users:
Bernd Ritter
Sep 3, 2024, 5:54:37 AM9/3/24
to openss...@openssl.org
Hey everyone,
still wondering, why OpenSSL wants to access the private key for
verification. Does this have to do with the (missing) store
implementation? But the private key is there and can be used for signing
the payload.
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder pem does selection
for private key: 0x87, sel=0x87: PRIV (0x01) PUB (0x02) DOM (0x04) OTH
(0x80)
Bernd
Am 27.08.24 um 09:30 schrieb 'Bernd Ritter' via openssl-users:
still wondering, why OpenSSL wants to access the private key for
verification. Does this have to do with the (missing) store
implementation? But the private key is there and can be used for signing
the payload.
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder pem does selection
for private key: 0x87, sel=0x87: PRIV (0x01) PUB (0x02) DOM (0x04) OTH
(0x80)
Could not find private key of public key from example-pub.pem
806BCE259D770000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
806BCE259D770000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
Hoping for some insights,
Bernd
Am 27.08.24 um 09:30 schrieb 'Bernd Ritter' via openssl-users:
Richard Levitte
Sep 3, 2024, 9:36:22 AM9/3/24
to Bernd Ritter, openss...@openssl.org
When calling the decoder, the selection bits don't have an absolute meaning, i.e. all bits set doesn't mean "you MUST give a private key". They're more like a wish list of parts, and it's up to the decoder to make good enough sense of it. So, if a decoder that handles the structure SubjectPublicKeyInfo sees all selector bits set, and the input is, in fact, a SubjectPublicKeyInfo structure, then it should produce keydata with the public parts, and pass that on.
libcrypto will figure out if the loaded key corresponds to what was actually asked for...
So if your decoder signals an error if the private bits couldn't be found, just because the selector bits had PRIV set, then your decoder is a bit too strict to be useful.
Cheers,
Richard
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d177e0a5-2a95-48cf-8cd2-9a9ea17edf36%40b1-systems.de.
--
Bernd Ritter
Sep 6, 2024, 10:51:44 AM9/6/24
to openss...@openssl.org
Hey Richard,
okay, so now I am ignoring the selection bits and just trying to load
the data. If I cannot load a X509_PUB I just continue, same with
PKCS8_PRIV_KEY_INFO. It seems to work (sadly like before) until the
verification part.
The decoder does not seem to be called, the dispatcher seems to toggle
between "decode" and "keymgmt".
That's the call, all previous commands (key creation, pubkey creation,
signing) work fine, tho:
openssl pkeyutl -provider-path build -provider default -provider
libed25519ph -propquery ?provider=myprov -verify -inkey example-pub.pem
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da963c00
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da965500
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da965500
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da9654c0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da969fc0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da969fc0
0x5921da9654c0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da963c00
Am 03.09.24 um 15:36 schrieb Richard Levitte:
> Mail: rit...@b1-systems.de <mailto:rit...@b1-systems.de>
>
>
>
> --
> /Richard Levitte <lev...@openssl.org <mailto:lev...@openssl.org>>/
> /OpenSSL Project
> /
okay, so now I am ignoring the selection bits and just trying to load
the data. If I cannot load a X509_PUB I just continue, same with
PKCS8_PRIV_KEY_INFO. It seems to work (sadly like before) until the
verification part.
The decoder does not seem to be called, the dispatcher seems to toggle
between "decode" and "keymgmt".
That's the call, all previous commands (key creation, pubkey creation,
signing) work fine, tho:
openssl pkeyutl -provider-path build -provider default -provider
-pubin -in message.txt -rawin -sigfile message.txt.sigp
operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da963c00
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da965500
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da965500
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da9654c0
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x5921da969fc0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da969fc0
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x5921da94ec90
Could not find private key of public key from example-pub.pem
80DB76991E710000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
80DB76991E710000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
pkeyutl: Error initializing context
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
pkeyutl: Error initializing context
0x5921da9654c0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x5921da963c00
Am 03.09.24 um 15:36 schrieb Richard Levitte:
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> <http://www.b1-systems.de>
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
>
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org
> <mailto:openssl-users%2Bunsu...@openssl.org>.
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> <http://www.b1-systems.de>
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
>
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org
> To view this discussion on the web visit
> https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d177e0a5-2a95-48cf-8cd2-9a9ea17edf36%40b1-systems.de <https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d177e0a5-2a95-48cf-8cd2-9a9ea17edf36%40b1-systems.de>.
>
>
>
> --
> /Richard Levitte <lev...@openssl.org <mailto:lev...@openssl.org>>/
> /OpenSSL Project
> /
Bernd Ritter
Sep 6, 2024, 10:51:44 AM9/6/24
to openss...@openssl.org
Hey Richard,
thanks so much. I try to distinct between private and public key by
using different methods for decoding:
{PROV_NAMES_ED25519PH,
"provider=myprov,input=der,structure=SubjectPublicKeyInfo",
dispatch_decoder_ed25519_der_pub, PROV_DESCS_ED25519}, //
,input=der,structure=pkcs8
{PROV_NAMES_ED25519PH,
"provider=myprov,input=der,structure=PrivateKeyInfo",
dispatch_decoder_ed25519_der, PROV_DESCS_ED25519}, //
,input=der,structure=pkcs8
May I have a problem with the callbacks? How would I distinct between
returning a reference to a public and/or private key in the callback params:
OSSL_PARAM params[4];
int object_type = OSSL_OBJECT_PKEY;
params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE,
&object_type);
params[1] =
OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, (char
*)KEYNAME_MYKEY, 12);
params[2] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
(void*)data, data_len);
params[3] = OSSL_PARAM_construct_end();
But anyhow when calling openssl verify, my decoder is not matching. The
dispatcher seems to toggle between KeyManagement and Decoding:
openssl pkeyutl -provider-path build -provider default -provider
lib_ed25519ph -propquery ?provider=myprov -verify -inkey example-pub.pem
All the best,
Bernd
Am 03.09.24 um 15:36 schrieb Richard Levitte:
> Mail: rit...@b1-systems.de <mailto:rit...@b1-systems.de>
thanks so much. I try to distinct between private and public key by
using different methods for decoding:
{PROV_NAMES_ED25519PH,
"provider=myprov,input=der,structure=SubjectPublicKeyInfo",
dispatch_decoder_ed25519_der_pub, PROV_DESCS_ED25519}, //
,input=der,structure=pkcs8
{PROV_NAMES_ED25519PH,
"provider=myprov,input=der,structure=PrivateKeyInfo",
dispatch_decoder_ed25519_der, PROV_DESCS_ED25519}, //
,input=der,structure=pkcs8
May I have a problem with the callbacks? How would I distinct between
returning a reference to a public and/or private key in the callback params:
OSSL_PARAM params[4];
int object_type = OSSL_OBJECT_PKEY;
params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE,
&object_type);
params[1] =
OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, (char
*)KEYNAME_MYKEY, 12);
params[2] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
(void*)data, data_len);
params[3] = OSSL_PARAM_construct_end();
But anyhow when calling openssl verify, my decoder is not matching. The
dispatcher seems to toggle between KeyManagement and Decoding:
openssl pkeyutl -provider-path build -provider default -provider
-pubin -in message.txt -rawin -sigfile message.txt.sigp
operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a92ce20
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a92ce70
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a92e6c0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a92e710
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a92e6c0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a92e710
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a931280
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a9313f0
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
0x61019a933400
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context new
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a9333b0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a933400
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR), 0x61019a917c90
Could not find private key of public key from example-pub.pem
80FBC83E5A780000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
80FBC83E5A780000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
pkeyutl: Error initializing context
pkeyutl: Error initializing context
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a931280
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a9313f0
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a92ce20
ed25519ph-provider/src/ed25519ph_decoder.c - Decoder context free
0x61019a92ce70
All the best,
Bernd
Am 03.09.24 um 15:36 schrieb Richard Levitte:
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> <http://www.b1-systems.de>
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
>
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org
> <mailto:openssl-users%2Bunsu...@openssl.org>.
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> <http://www.b1-systems.de>
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
>
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org
> To view this discussion on the web visit
> https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d177e0a5-2a95-48cf-8cd2-9a9ea17edf36%40b1-systems.de <https://groups.google.com/a/openssl.org/d/msgid/openssl-users/d177e0a5-2a95-48cf-8cd2-9a9ea17edf36%40b1-systems.de>.
>
>
>
> --
> /Richard Levitte <lev...@openssl.org <mailto:lev...@openssl.org>>/
> /OpenSSL Project
> /
>
>
>
>
> --
> /Richard Levitte <lev...@openssl.org <mailto:lev...@openssl.org>>/
> /OpenSSL Project
> /
>
Reply all
Reply to author
Forward
0 new messages