I have the following code trying to generate a DSA key pair.
OpenSSL_add_all_algorithms();
ctx=EVP_PKEY_CTX_new_id(EVP_PKEY_DSA,NULL); EVP_PKEY_keygen_init(ctx);
if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx,1024)<=0) ERR_print_errors_fp(stderr);
and I get the following error
3073906944:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:398:
Any clue on what I am doing wrong? thanks
You need two contexts; one for the params, and one for the actual keygen. You should do the following two sets of operations :
Parameter Generation
Create a param generator using EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL)
Set the bits in the param generator context using EVP_PKEY_CTX_set_dsa_paramgen_bits; not the keygen context (which, if you'r'e doing this right, doesn't even exist yet).
Initialize the param generator using EVP_PKEY_paramgen_init
Finally, generate the parameters using EVP_PKEY_paramgen. The result is a EVP_PKEY object (I'll call it pkey_params) that contains the input parameters for the upcoming key generation
Once the above is done, then you move on to the actual key generation, which is considerably simpler:
Key Generation
Create a new context using EVP_PKEY_CTX_new(pkey_params, NULL) Note the pkey_params is from the prior series of steps.
Initialize the generator context using EVP_PKEY_keygen_init
Generate the actual key using EVP_PKEY_keygen
Once done, all resources except the final pkey from above should be properly destroyed. Free the final key once done using it. That's it.
Example
This has no error checking whatsoever, but the order of operations is what is important here. So pay attention to that.
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include <openssl/pem.h>
// required for any BIO standard stream IO.
#include <openssl/applink.c>
int main()
{
OPENSSL_init();
OpenSSL_add_all_algorithms();
// build parameters first
EVP_PKEY_CTX *ctx_params = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
EVP_PKEY_paramgen_init(ctx_params);
EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx_params, 1024);
EVP_PKEY* pkey_params = NULL;
EVP_PKEY_paramgen(ctx_params, &pkey_params);
// using parameters, build DSA keypair
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey_params, NULL);
EVP_PKEY_keygen_init(ctx);
EVP_PKEY* pkey = NULL;
EVP_PKEY_keygen(ctx, &pkey);
// cleanup everything but the final key
EVP_PKEY_free(pkey_params);
EVP_PKEY_CTX_free(ctx_params);
EVP_PKEY_CTX_free(ctx);
// TODO: whatever you want with the generator pkey. in this
// example we're just dumping the full unencrypted key to
// stdout.
DSA* dsa = EVP_PKEY_get1_DSA(pkey);
BIO* bio = BIO_new_fp(stdout, BIO_NOCLOSE);
PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL);
BIO_flush(bio);
DSA_free(dsa);
EVP_PKEY_free(pkey);
return 0;
}
Output (varies, obviously)
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDJ+NoL8SZeTcqVA83WI7CCO6INYLw18DiALLMewPqXEPm99mof
RX2693WJfpbWIjuHi/KXzH6vQ/0sQU+2z1CqgWhudVhQTofGNcsPrUbPpShTDMcP
OoTx9dRb8rXWbxg7dfhGZ9z2pEhzRtPWpI2y81VxYhGXzVSC3zqW6+ec2QIVALaE
fynSMqc56gPqDPZfRz1rlq3dAoGAL+vbbYu+gSy8zGqoLykqhG+Vl4/Eh/zQIWoB
t64bfh7GU6o0wvgTQgcdGZK3/laa9Msa6J3iEGZcP3dd9x4fTQ5vzxDGIYikcC8I
L8s2JbNi1Jxbr5dw3/sOKsdHIt95rFZ03+gMzaV+9pc8LpATnaXMtp5mmH+lRgsJ
SIEdLqcCgYAVGpwZHaFUnttqQAf3/ohMtqIQG+RBp/yUf2EA7rcoHpA7bCBADApx
mG5hH/F4dKjCSciKdHq4Ibf60ctAJNL2sobPKNArTMo/GNuzE+J79Wj6s/b7zwt7
AF+27H9PAiXB08ftMmCSesXkX7v926EHRxDgSlVAgCPSfkXKNQn1XwIVALF2MF2N
GRdMtFUxZFnIk2GnqC1R
-----END DSA PRIVATE KEY-----
Related
Here's my code:
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <string.h>
int main (void)
{
char publicKey[] = "-----BEGIN RSA PUBLIC KEY-----\n"\
"MIIBCgKCAQEAqBa0jeqfHO8CFZuHyN5WgdTd3uThkU/I9lR+bb2R9khVU1tYhiyL\n"\
"Gfnm051K0039gCBAz9S7HHO2lqR/B1kiEGwBzg83N3tL2UzQXXbpxJz0b7vV8rXZ\n"\
"fB9j+FCAtD5znittXRjWrNqlEyJyxK+PuxNF3uPGWSjkYtRKv2f5HCXsfRJah40w\n"\
"5zU+OKZsZMrSSxweYN9Jwc++oMaSPCsGKog6NPbkbcTK8Akveof8v5rpG50I/zcQ\n"\
"9dCD69qJcmhm4ai4fAZFJlsFH2HmxV6DERFs3TNyzGlSQ1gd/XLER7U9nlrOUT87\n"\
"mXreUIXSkAFdCrlHXHOzj0eodfN8IfHjnQIDAQAB\n"\
"-----END RSA PUBLIC KEY-----\n";
char plaintext[] = "enp6";
// base64 decode plaintext
EVP_DecodeBlock(plaintext, plaintext, strlen(plaintext));
BIO* bo = BIO_new(BIO_s_mem());
BIO_write(bo, publicKey, strlen(publicKey));
EVP_PKEY* pkey = 0;
PEM_read_bio_PUBKEY(bo, NULL, NULL, NULL);
BIO_free(bo);
RSA* rsa = EVP_PKEY_get1_RSA(pkey);
char ciphertext[RSA_size(rsa)];
RSA_public_encrypt(strlen(plaintext), plaintext, ciphertext, rsa, RSA_NO_PADDING);
printf("%d\n", (int) strlen(ciphertext));
}
I'm trying to run it by doing gcc -x c test2.c -lcrypto && ./a.out. Any ideas as to what I'm doing wrong?
Your code contains several mistakes. The direct cause of the segfault is the fact that the variable pkey is never assigned any value after initializing it with 0. EVP_PKEY_get1_RSA(pkey) segfaults as a consequence. You probably intended to do
EVP_PKEY *pkey = PEM_read_bio_PUBKEY(bo, NULL, NULL, NULL);
However, with the PEM that you posted, that will not work. The header of the PEM indicates that this is an RSA key stored in "traditional" format. PEM_read_bio_RSAPublicKey is capable of reading such keys:
RSA *rsa = PEM_read_bio_RSAPublicKey(bo, NULL, NULL, NULL);
Then your choice of RSA_NO_PADDING when invoking RSA_public_encrypt is not right. In order to use that, the plaintext must be the exact same length as the key size. You could try using RSA_PKCS1_PADDING instead.
Finally, like mentioned in the comment section as well, using strlen on cipher text is incorrect, because it is not a 0-terminated string.
In general, you should check all return values for all OpenSSL functions invoked, to see when/if something went wrong.
I would like to programmatically generate a certificate that contain only the public key using openssl.
So I basically need to do the following but using code.
openssl x509 -in certificate.crt -pubkey
Digging a bit it seem that I need to create a new certificate and copy all the information except the private key in it.
X509 * pNewKey = X509_new();
... Copy all the needed information ...
PEM_write_bio_X509(bioKey, &pNewKey, NULL, NULL);
Does someone have a better method?
I would like to programmatically generate a certificate that contain only the public key
To set the public key, take your public key in EVP_PKEY format and call X509_set_pubkey. Building upon your example code:
X509* x509 = X509_new();
EVP_PKEY* pkey = /***/;
int rc = X509_set_pubkey(x509, pkey);
ASSERT(rc == 1);
BIO* bio = BIO_new_file("filename.txt", "w");
ASSERT(bio != NULL);
rc = PEM_write_bio_X509(bio, x509, NULL, NULL);
ASSERT(rc == 1);
...
BIO_free(bio);
EVP_PKEY_free(pkey);
X509_free(x509);
For completeness, OpenSSL will save a certificate with no attributes, no version, no public key, and no signature.
So I basically need to do the following but using code.
openssl x509 -in certificate.crt -pubkey
OK, this is a different question. The above command will print the public key.
Use x509_get_pubkey:
EVP_PKEY* pkey = X509_get_pubkey(X509* x509);
Once you have the EVP_PKEY, you can get the type. You need to supply this function because OpenSSL does not provide it:
int EVP_PKEY_get_type(EVP_PKEY *pkey)
{
AC_ASSERT(pkey);
if (!pkey)
return NID_undef;
return EVP_PKEY_type(pkey->type);
}
Then, depending on the type, you can print the key:
if(type == EVP_PKEY_RSA || type == EVP_PKEY_RSA2)
{
RSA* rsa = EVP_PKEY_get1_RSA(pkey);
RSA_print_fp(stdout, rsa, 0);
RSA_free(rsa);
}
...
You have to break out the keys by type and then call the respective XXX_print_fp because OpenSSL does not provide an EVP_PKEY_print_fp.
The get1 in EVP_PKEY_get1_RSA means the reference count on the key is bumped. So you have to call a *_free on it. A get0 does not bump the reference count, and does not need a call to *_free.
I am using Public/Private Keys in my project to encrypt/decrypt some data.
I am hosting a public key ("public.pem") on a server.
"public.pem" looks like this:
-----BEGIN PUBLIC KEY-----
.....
.....
-----END PUBLIC KEY-----
I wrote a client side that downloads this public key and save it to disk and then calls OpenSSL's PEM_read_RSA_PUBKEY() with a File descriptor to that file.
This operation works great and the result is an RSA object that is ready for encryption.
I would like to avoid writing the public key to disk each time (since i have the buffer in memory already).
How can i do the same operation without saving the buffer to disk?
I noticed a function called: PEM_read_bio_RSAPublicKey() but i am not sure of it's usage of BIO structure. Am I on the right path?
So the real question would be: How do I read a public/private key to an RSA object straight from memory and not from a file descriptor.
You are on the right track. You must wrap the PEM key already in memory by means of a BIO buffer via BIO_new_mem_buf(). In other words, something like:
BIO *bufio;
RSA *rsa
bufio = BIO_new_mem_buf((void*)pem_key_buffer, pem_key_buffer_len);
PEM_read_bio_RSAPublicKey(bufio, &rsa, 0, NULL);
The same approach is valid for an RSA private key (via PEM_read_bio_RSAPrivateKey), but in that case you most certainly need to cater for the pass phrase. Check the man page for details.
SquareRootOfTwentyThree's method not work for me. Here is my solution.
BIO* bio = BIO_new(BIO_s_mem());
int len = BIO_write(bio, pem_key_buffer, pem_key_buffer_len);
EVP_PKEY* evp_key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
RSA* rsa = EVP_PKEY_get1_RSA(evp_key);
Here's complete example, showing embedded key, and how to use C++11 unique pointers
to manage OpenSSL resources.
Updated: following on from comments by spectras. No longer using specialisation
of default_delete<T>.
/* compile with:
c++ -Wall -pedantic -std=c++17 main.cc -lssl -lcrypto -o main
*/
#include <memory>
#include <iostream>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <assert.h>
#include <string.h>
/* Custom deletors for use with unique_ptr */
struct EVP_PKEY_deleter {
void operator()(EVP_PKEY* p) const {
if (p)
EVP_PKEY_free(p);
}
};
struct BIO_deleter {
void operator()(BIO* p) const {
if (p)
BIO_free(p);
}
};
/* Smart pointers wrapping OpenSSL resources */
using evp_key_ptr = std::unique_ptr<EVP_PKEY, EVP_PKEY_deleter>;
using bio_ptr = std::unique_ptr<BIO, BIO_deleter>;
/* Create key based on memory contents */
evp_key_ptr load_public_key(const char* buf, size_t len)
{
bio_ptr bp (BIO_new_mem_buf((void*) buf, len));
if (!bp)
throw std::runtime_error("BIO_new_mem_buf failed");
EVP_PKEY * kp = nullptr;
kp = PEM_read_bio_PUBKEY(bp.get(), &kp, nullptr, nullptr);
ERR_print_errors_fp(stderr);
return evp_key_ptr{kp};
}
int main()
{
const char * RSA_PUBLIC_KEY=R"(
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80ZqDPPW5eOH6TWdLsEJ
8qf6hoMJfFZ3BL9Fz+YNGeBpF3zxKmm8UuRrBHHVZZB2Gs1MTo06IU3fqDfFsOyh
J6pHeJF3wyUlYZuYbGAyMlZZ/+M5TOvo92f7lt/A40QThCVf1vS5o+V8sFkgnz3N
C7+VvC4dYrv+fwnmnWGxPy1qfp3orB+81S4OPRiaoy+cQBZs10KCQaNBI/Upzl2R
3dMkWKM+6yQViKTHavT4DRRZ1MKp9995qOR3XfhhJdWuDl4moXcU3RcX4kluvS5q
b8oTnVyd2QB1GkUw6OKLWB/5jN1V1WzeYK447x2h4aPmJfsn5gCFJs6deq2RFQBR
SQIDAQAB
-----END PUBLIC KEY-----
)";
ERR_load_crypto_strings();
ERR_free_strings();
auto pubkey = load_public_key(RSA_PUBLIC_KEY, strlen(RSA_PUBLIC_KEY));
if (pubkey)
std::cout << "load_public_key success" << std::endl;
}
I'm tryng to sign using DSA from OpenSSL. I have the files containing public and private keys.
First of all I make an unicast connection and every thing is fine. After that I need a multicast UDP connection and I want to sign the packets. I'm trying to use function PEM_read_DSA_PUBKEY() in order to load my public key from my cert but it doesn't work. It returns always NULL instead of a DSA struct.
Here you have a simplistic version of the code. I compile like this:
gcc -Wall -g -lm prueba.c -o prueba -lcrypto
Any idea? Thank you!
#include <stdio.h>
#include <openssl/dsa.h>
#include <openssl/pem.h>
int main()
{
FILE *DSA_cert_file = fopen("./certs/cert.pem", "r");
if (DSA_cert_file == NULL)
return 1;
printf("Certificate read\n");
DSA *dsa = DSA_new();
if((dsa = PEM_read_DSA_PUBKEY(DSA_cert_file, 0, 0, 0)) == NULL)
return 1;
printf("DSA public key read\n");
return 0;
}
Are you using a password-protected public key?
If yes, you are required to pass a callback function as the third argument to PEM_read_DSA_PUBKEY, so if the provided password matches, it will be able to properly load your key.
Update:
Alternatively, as pointed by Hasturkun, you can pass a null-terminated string as the fourth argument. Quoting the official documentation:
If the cb parameters is set to NULL
and the u parameter is not NULL then
the u parameter is interpreted as a
null terminated string to use as the
passphrase. If both cb and u are NULL
then the default callback routine is
used which will typically prompt for
the passphrase on the current terminal
with echoing turned off.
Does your cert.pem contains a X.509 certificate ? It looks like PEM_read_DSA_PUBKEY expects a PEM-encoded DSA public key without the X.509 container.
Try something like that instead:
X509 *cert;
EVP_PKEY *pk;
DSA *dsa;
cert = PEM_read_X509(DSA_cert_file,NULL,NULL,NULL);
if (!cert) { /* error */ }
pk = X509_get_pubkey(cert);
if (!pk) { /* error */ }
if (pk->type != 116) { /* not a dsa key */ }
dsa = pk->pkey.dsa
I have 2 separate programs (spliced together below). The first generates the key pair and saves to files (works fine). The second opens the private key, decrypting with a pass phrase and then I need it to sign a string of text. The code below fails on the PEM_read_PrivateKey() (last) call (can't see why). Can anyone point me at what I am doing wrong and then what openssl calls I should make to use the private key to sign some text?
int main (int argc, char *argv[])
{
char *priv_pem = "priv.pem";
char *pub_pem = "pub.pem";
char *pass = "Password";
FILE *fp;
int bits = 4096;
unsigned long exp = RSA_F4;
RSA *rsa;
EVP_PKEY *pkey;
// GENERATE KEY
rsa=RSA_generate_key(bits,exp,NULL,NULL);
if (RSA_check_key(rsa)!=1)
Exit(1,"Error whilst checking key","");
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
// WRITE ENCRYPTED PRIVATE KEY
if (!(fp = fopen(priv_pem, "w")))
Exit(2,"Error opening PEM file",priv_pem);
if (!PEM_write_PrivateKey(fp,pkey,EVP_aes_256_cbc(),NULL,0,NULL,pass))
Exit(3,"Error writing PEM file",priv_pem);
fclose(fp);
// WRITE PUBLIC KEY
if (!(fp = fopen(pub_pem, "w")))
Exit(4,"Error opening PEM file",pub_pem);
if (!PEM_write_PUBKEY(fp, pkey))
Exit(5,"Error writing PEM file",pub_pem);
fclose(fp);
// ------- End of key generation program -------
// ------- Start of text signing program -------
// READ IN ENCRYPTED PRIVATE KEY
if (!(fp = fopen(priv_pem, "r")))
Exit(6,"Error reading encrypted private key file",priv_pem);
if (!PEM_read_PrivateKey(fp,&pkey,NULL,pass))
Exit(7,"Error decrypting private key file",priv_pem);
fclose(fp);
// Sign some text using the private key....
// FREE
RSA_free(rsa);
return 0;
}
Have you initialised pkey to NULL before you pass &pkey to PEM_read_PrivateKey()? If not, it will attempt to re-use the EVP_PKEY structure that pkey points to - and if pkey is uninitialised, it will be looking at a random spot in memory.
You can use ERR_print_errors_fp(stderr); to dump the OpenSSL error stack to stderr when an error occurs - this is often helpful in finding the problem.
Thanks #caf for your help.
By trial and error I fixed PEM_read_PrivateKey() error by adding the following to the start:
if (EVP_get_cipherbyname("aes-256-cbc") == NULL)
OpenSSL_add_all_algorithms();
However, I'm still looking for the best (practice) way of generating the keys and then using the private key for signing. From my limited understanding, I am looking for openssl methods that adhere to RSA's "PKCS #1 v2.0: RSA Cryptography Standard"