Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

EVP and public key from pem file

2,109 views

Skip to first unread message

Marco Sommella

unread,

Dec 3, 2008, 3:27:34 PM12/3/08

------=_Part_12058_26001910.1228336035290
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,
i tried to modify demos/sign, which reads private key from pem file and
public key from x509 certificate in pem file, to a version which instead
read public from pem file (not a certificate).

my 2 pem files are generate using RSA_generate_key, PEM_write_RSAPrivateKey,
PEM_write_RSAPublicKey fuctions.

here the code of sign.c changed by me:

#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>

int main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
static char certfile[] = "pubkey.pem";
static char keyfile[] = "privkey.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY * pkey;
FILE * fp;

/* Just load the crypto library error strings,
* SSL_load_error_strings() loads the crypto AND the SSL ones */
/* SSL_load_error_strings();*/
ERR_load_crypto_strings();

/* Read private key */

fp = fopen (keyfile, "r");
if (fp == NULL) exit (1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose (fp);

if (pkey == NULL) {
ERR_print_errors_fp (stderr);
exit (1);
}

/* Do the signature */

EVP_SignInit (&md_ctx, EVP_sha1());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);

if (err != 1) {
ERR_print_errors_fp(stderr);
exit (1);
}

EVP_PKEY_free (pkey);

/* Read public key */

fp = fopen (certfile, "r");
if (fp == NULL) exit (1);
pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
fclose (fp);

if (pkey == NULL) {
ERR_print_errors_fp (stderr);
exit (1);
}

/* Verify the signature */

EVP_VerifyInit (&md_ctx, EVP_sha1());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free (pkey);

if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
printf ("Signature Verified Ok.\n");
return(0);
}

it's return the following error:
1883:error:0906D06C:PEM routines:PEM_read_bio:no start
line:/export/builds/onnv_101a/usr/src/common/openssl/crypto/pem/pem_lib.c:644:Expecting:
PUBLIC KEY

Can somebody plz help me ?
TNX

--
------------------------------------------------------------------
Marco Sommella
marco.s...@gmail.com (E-Mail & MSN)
------------------------------------------------------------------

------=_Part_12058_26001910.1228336035290
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi, i tried to modify demos/sign, which reads private key from pem file and public key from x509 certificate in pem file, to a version which instead read public from pem file (not a certificate). my 2 pem files are generate using RSA_generate_key, PEM_write_RSAPrivateKey, PEM_write_RSAPublicKey fuctions. 
 here the code of sign.c changed by me: #include <stdio.h> #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/err.h> 
#include <openssl/pem.h> #include <openssl/ssl.h> int main () {   int err;   int sig_len;   unsigned char sig_buf [4096];   static char certfile[] = "pubkey.pem";   static char keyfile[]  = "privkey.pem"; 
  static char data[]     = "I owe you...";   EVP_MD_CTX     md_ctx;   EVP_PKEY *      pkey;   FILE *          fp;   /* Just load the crypto library error strings,    * SSL_load_error_strings() loads the crypto AND the SSL ones */ 
  /* SSL_load_error_strings();*/   ERR_load_crypto_strings();     /* Read private key */     fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);   pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); 
  fclose (fp);   if (pkey == NULL) {     ERR_print_errors_fp (stderr);     exit (1);   }     /* Do the signature */     EVP_SignInit   (&md_ctx, EVP_sha1());   EVP_SignUpdate (&md_ctx, data, strlen(data)); 
  sig_len = sizeof(sig_buf);   err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);   if (err != 1) {     ERR_print_errors_fp(stderr);     exit (1);   }   EVP_PKEY_free (pkey);   
  /* Read public key */     fp = fopen (certfile, "r");   if (fp == NULL) exit (1);   pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);   fclose (fp);     if (pkey == NULL) {     ERR_print_errors_fp (stderr); 
    exit (1);   }   /* Verify the signature */     EVP_VerifyInit   (&md_ctx, EVP_sha1());   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));   err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); 
  EVP_PKEY_free (pkey);   if (err != 1) {     ERR_print_errors_fp (stderr);     exit (1);   }   printf ("Signature Verified Ok.\n");   return(0); } it's return the following error: 
1883:error:0906D06C:PEM routines:PEM_read_bio:no start line:/export/builds/onnv_101a/usr/src/common/openssl/crypto/pem/pem_lib.c:644:Expecting: PUBLIC KEY Can somebody plz help me ? TNX -- 
------------------------------------------------------------------ Marco Sommella <a href="mailto:marco.s...@gmail.com">marco.s...@gmail.com</a> (E-Mail & MSN) ------------------------------------------------------------------

------=_Part_12058_26001910.1228336035290--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Klarth

unread,

Dec 4, 2008, 4:35:10 AM12/4/08

At this code fragment:

> fp = fopen (certfile, "r");
> if (fp == NULL) exit (1);
> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
> fclose (fp);

Is certfile actually a X.509 certificate file or a public key file?
What are the contents of your certfile?
--- Kah

> marco.somme...@gmail.com (E-Mail & MSN)

> ------------------------------------------------------------------
>
> ------=_Part_12058_26001910.1228336035290
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> Hi, i tried to modify demos/sign, which reads private key from pem file and public key from x509 certificate in pem file, to a version which instead read public from pem file (not a certificate). my 2 pem files are generate using RSA_generate_key, PEM_write_RSAPrivateKey, PEM_write_RSAPublicKey fuctions. 
> here the code of sign.c changed by me: #include <stdio.h> #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/err.h> 
> #include <openssl/pem.h> #include <openssl/ssl.h> int main () {   int err;   int sig_len;   unsigned char sig_buf [4096];   static char certfile[] = "pubkey.pem";   static char keyfile[]  = "privkey.pem"; 
>   static char data[]     = "I owe you...";   EVP_MD_CTX     md_ctx;   EVP_PKEY *      pkey;   FILE *          fp;   /* Just load the crypto library error strings,    * SSL_load_error_strings() loads the crypto AND the SSL ones */ 
>   /* SSL_load_error_strings();*/   ERR_load_crypto_strings();     /* Read private key */     fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);   pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); 
>   fclose (fp);   if (pkey == NULL) {     ERR_print_errors_fp (stderr);     exit (1);   }     /* Do the signature */     EVP_SignInit   (&md_ctx, EVP_sha1());   EVP_SignUpdate (&md_ctx, data, strlen(data)); 
>   sig_len = sizeof(sig_buf);   err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);   if (err != 1) {     ERR_print_errors_fp(stderr);     exit (1);   }   EVP_PKEY_free (pkey);   
>   /* Read public key */     fp = fopen (certfile, "r");   if (fp == NULL) exit (1);   pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);   fclose (fp);     if (pkey == NULL) {     ERR_print_errors_fp (stderr); 
>     exit (1);   }   /* Verify the signature */     EVP_VerifyInit   (&md_ctx, EVP_sha1());   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));   err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); 
>   EVP_PKEY_free (pkey);   if (err != 1) {     ERR_print_errors_fp (stderr);     exit (1);   }   printf ("Signature Verified Ok.\n");   return(0); } it's return the following error: 
> 1883:error:0906D06C:PEM routines:PEM_read_bio:no start line:/export/builds/onnv_101a/usr/src/common/openssl/crypto/pem/pem_lib.c:644:Expecting: PUBLIC KEY Can somebody plz help me ? TNX --

> ------------------------------------------------------------------ Marco Sommella <a href="mailto:marco.somme...@gmail.com">marco.somme...@gmail.com</a> (E-Mail & MSN) ------------------------------------------------------------------

>
> ------=_Part_12058_26001910.1228336035290--
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org

> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org

0 new messages