PEM files generated by OpenSSL

Thread: PEM files generated by OpenSSL

Search this list only Search all lists
PEM files generated by OpenSSL
	2008-09-30 16:02:03
Hello, I hope this is a good place for asking this question (it's really hard to find any forum or mailing list of the QCA project...) I have a problem. I have RSA keys written by OpenSSL library into PEM files (using functions PEM_write_RSAPublicKey() and PEM_write_RSAPrivateKey()). I have to read those files using QCA2 and am using QCA::PublicKey::fromPEMFile() and QCA::PrivateKey::fromPEMFile() functions, but with no success... While reading the public key, I get an error - ErrorDecode (whatever that means...). The private key is being read, but there is an error during decryption - although the QCA::PrivateKey::canDecrypt() returns true, the QCA::PrivateKey::decrypt() fails... I've even looked into the libqca-ossl-plugin code, and found out that this plugin uses the OpenSSL library... So what's wrong? Is it possible to exchange keys stored in PEM files between the two implementations (plain OpenSSL and QCA2) at all? Tomek ---------------------------------------------------- Wy¶lij buziaka na DZIEÑ CH£OPAKA! http://klik.wp.pl/?adr= http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fdzienchlopaka.html&s id=501 _______________________________________________ Delta mailing list Deltalists.affinix.com http://lists.affinix.com/listinfo.cgi/delta-affinix.com

Re: PEM files generated by OpenSSL
	2008-09-30 16:18:19
On September 30, 2008 05:02:03 pm Tomasz Ka%u017Amierczak wrote: > Hello, > > I hope this is a good place for asking this question (it's really hard > to find any forum or mailing list of the QCA project...) > > I have a problem. I have RSA keys written by OpenSSL library into PEM > files (using functions PEM_write_RSAPublicKey() and > PEM_write_RSAPrivateKey()). I have to read those files using QCA2 and am > using QCA::PublicKey::fromPEMFile() and QCA::PrivateKey::fromPEMFile() > functions, but with no success... > While reading the public key, I get an error - ErrorDecode (whatever > that means...). > The private key is being read, but there is an error during decryption - > although the QCA::PrivateKey::canDecrypt() returns true, the > QCA::PrivateKey::decrypt() fails... > [...] It's because the parser checks for a cert between these tags in the PEM file: ----BEGIN CERTIFICATE----- -----END CERTIFICATE----- You probably generated your key/cert with some flags that did modify these tags. _______________________________________________ Delta mailing list Deltalists.affinix.com http://lists.affinix.com/listinfo.cgi/delta-affinix.com

Re: PEM files generated by OpenSSL
	2008-09-30 16:34:28
On Tuesday 30 September 2008 14:02:03 Tomasz Ka%u017Amierczak wrote: > I hope this is a good place for asking this question (it's really hard > to find any forum or mailing list of the QCA project...) Yep, this is the right place. > I have a problem. I have RSA keys written by OpenSSL library into PEM > files (using functions PEM_write_RSAPublicKey() and > PEM_write_RSAPrivateKey()). I have to read those files using QCA2 and am > using QCA::PublicKey::fromPEMFile() and QCA::PrivateKey::fromPEMFile() > functions, but with no success... > While reading the public key, I get an error - ErrorDecode (whatever > that means...). > The private key is being read, but there is an error during decryption - > although the QCA::PrivateKey::canDecrypt() returns true, the > QCA::PrivateKey::decrypt() fails... > > I've even looked into the libqca-ossl-plugin code, and found out that > this plugin uses the OpenSSL library... So what's wrong? > Is it possible to exchange keys stored in PEM files between the two > implementations (plain OpenSSL and QCA2) at all? There are two main ways to store RSA keys in PEM format. One is in an RSA-specific format and the other is in a more generic format. You can spot the difference by looking at the header and seeing if it says "BEGIN RSA PUBLIC/PRIVATE KEY" or simply "BEGIN PUBLIC/PRIVATE KEY". I'm not a guru in this area, but I believe that the generic format is preferred and the key-specific formats are historical. You can use the openssl command line utility to convert to/from the generic formats. For public keys I believe this is done with "openssl x509 -pubkey", and for private keys this is done with "openssl pkcs8". QCA prefers the generic formats. However, it leaves open the possibility of reading both formats if the plugin decides to implement it. The qca-ossl plugin supports reading both kinds of private keys, which is why reading the private key worked for you. I guess it does not support reading both kinds of public keys. This could probably be fixed easily if anyone cared to do it. Your decrypt may have failed due to selecting the wrong encryption algorithm. -Justin _______________________________________________ Delta mailing list Deltalists.affinix.com http://lists.affinix.com/listinfo.cgi/delta-affinix.com

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )