LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices



Reply
 
Search this Thread
Old 07-07-2010, 02:15 PM   #1
delite
Member
 
Registered: Nov 2008
Posts: 44

Rep: Reputation: 15
Smile OpenSSL Public Key Issue


Hi, i'm just starting out with OpenSSL. I've worked up a little example to generate a RSA key pair and save it into both private and public PEM files.

All seems ok, but then i'm try to use it with actual openssl and get the following error:
Code:
unable to load Public Key
I'm testing with:
Code:
openssl rsautl -encrypt -pubin -inkey pub.pem -in plain.txt -out cipher.txt
And here's my code...

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>

static void callback(int p, int n, void *arg)
{
	char c='B';

	if (p == 0) c='.';
	if (p == 1) c='+';
	if (p == 2) c='*';
	if (p == 3) c='\n';
	fputc(c,stderr);
}

int main (int argc, char *argv[])
{
	char *file_pem = "priv.pem";
	char *file_pem_pub = "pub.pem";
	FILE *fp;
	
	int bits = 512;	//	512, 1024, 2048, 4096
	unsigned long exp = RSA_F4;	//	RSA_3
	
	RSA *rsa;
	
	//	GENERATE KEY
	rsa=RSA_generate_key(bits,exp,callback,NULL);
	
	//	WRITE PRIVATE KEY
	if(!(fp = fopen(file_pem, "w"))){
		fprintf(stderr, "Error opening PEM file %s\n", file_pem);
		exit(1);
	}
	
	unsigned char *kstr = "password";
	if(!PEM_write_RSAPrivateKey(fp,rsa,EVP_des_ede3_cbc(),kstr,strlen(kstr),NULL,NULL)){
		fprintf(stderr, "Error writing PEM file %s\n", file_pem);
		exit(1);
	}
	close(fp);
	
	//	WRITE PUBLIC KEY
	if(!(fp = fopen(file_pem_pub, "w"))) {
		fprintf(stderr, "Error opening PEM file %s\n", file_pem_pub);
		exit(1);
	}
	
	if(!PEM_write_RSAPublicKey(fp, rsa)){
		fprintf(stderr, "Error writing PEM file %s\n", file_pem_pub);
		exit(1);
	}
	close(fp);
	
	RSA_free(rsa);
	
	return 0;
}
Do you know if it's the openssl command that mismatches what the code does, or if it's an error / issue with the code itself?

EDIT:
Here's a makefile...
Code:
CC=cc
CFLAGS= -g -I../../include
LIBS= -lcrypto -lssl

EXAMPLES=main

all: $(EXAMPLES) 

main: main.o
	$(CC) -o run main.o $(LIBS)

clean:	
	rm -f $(EXAMPLES) *.o

Last edited by delite; 07-07-2010 at 03:36 PM. Reason: Added Makefile
 
Old 07-07-2010, 09:46 PM   #2
delite
Member
 
Registered: Nov 2008
Posts: 44

Original Poster
Rep: Reputation: 15
Right, I have some sort of solution...

Code:
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>

static void callback(int p, int n, void *arg)
{
	char c='B';
	if (p == 0) c='.';
	if (p == 1) c='+';
	if (p == 2) c='*';
	if (p == 3) c='\n';
	fputc(c,stderr);
}

int main (int argc, char *argv[])
{
	char *file_pem = "priv.pem";
	char *file_pem_pub = "pub.pem";
	FILE *fp;
	
	int bits = 512;	//	512, 1024, 2048, 4096
	unsigned long exp = RSA_F4;	//	RSA_3
	
	RSA *rsa;
	EVP_PKEY *pkey;
	
	//	GENERATE KEY
	rsa=RSA_generate_key(bits,exp,callback,NULL);
	if(RSA_check_key(rsa)!=1){
		fprintf(stderr, "Error whilst checking key.\n");
		exit(1);
	}
	
	//	ADD KEY TO EVP
	pkey = EVP_PKEY_new();
	EVP_PKEY_assign_RSA(pkey, rsa);
	
	//	WRITE PRIVATE KEY
	if(!(fp = fopen(file_pem, "w"))) {
		fprintf(stderr, "Error opening PEM file %s\n", file_pem);
		exit(1);
	}
	if(!PEM_write_PrivateKey(fp, pkey, NULL,NULL,0,NULL,NULL)){
		fprintf(stderr, "Error writing PEM file %s\n", file_pem);
		exit(1);
	}
	close(fp);
	
	//	WRITE PUBLIC KEY
	if(!(fp = fopen(file_pem_pub, "w"))) {
		fprintf(stderr, "Error opening PEM file %s\n", file_pem_pub);
		exit(1);
	}
	if(!PEM_write_PUBKEY(fp, pkey)){
		fprintf(stderr, "Error writing PEM file %s\n", file_pem_pub);
		exit(1);
	}
	close(fp);
	
	//	FREE
	RSA_free(rsa);
	
	return 0;
}
After executing the compiled app I can run the following two commands:
Code:
openssl rsautl -encrypt -pubin -inkey pub.pem -in plain.txt -out cipher.txt
openssl rsautl -decrypt -inkey priv.pem -in cipher.txt -out plain2.txt
This works fine as long as the message is kept short, otherwise an error is thrown:
Code:
$ openssl rsautl -encrypt -pubin -inkey pub.pem -in plain.txt -out cipher.txt
RSA operation error
3503:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:rsa_pk1.c:151:
I feel i've read somewhere that the message should be shorter than the key length. If so, how do I get the key length or is it just the number of bits... If so a 512 bit key divided by 8 yields 64, but through testing 51 / 52 characters is the max I seem to be able to put through it. e.g.
Code:
0123456789
0123456789
0123456789
0123456789
01234567
Can anyone please explain why this maximum is so (and how it translates to larger key sizes (e.g. is it num bits minus fixed_size_x, or ???).


p.s. Maxing out with plain text shouldn't be an issue because this'll just be used for key exchange, but i'd still like to know more...


Thanks for any knowledge and experience imparted...


oooh it's late...
 
  


Reply

Tags
openssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH login with public key issue ZAMO Linux - Security 3 07-02-2010 04:36 PM
ssh: is there any issue with adding my personal public key to authorized_keys? Meson Linux - Security 6 10-07-2008 01:27 AM
Yum install public key issue, not working for ffmpeg sparckis Linux - Newbie 2 10-22-2006 11:49 PM
issue importing RH GPG public key linux-singapore Linux - Software 7 12-18-2003 01:51 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM


All times are GMT -5. The time now is 01:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration