Creating PKCS#8 from pvk format

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Creating PKCS#8 from pvk format

OpenSSL - User mailing list
Hello,
I am working on a small homework which requires convert pvk private key to PKCS#8 format. The code is based on OpenSSL 1.0.2.
 
I can get pvk private key components (Public exponent, modulus, prime1, prime2, exponent1, exponent2, coefficient, private exponent) properly, and convert to a valid RSA format (RSA_check_key()returns success).
 
Now I need to convert the key in RSA format to EVP_PKEY, then to PKCS#8. I have tried the following functions, all of these functions return 0 (failure) without any further debugging information/clues:
EVP_PKEY_assign_RSA(pEvpkey, rsa);
EVP_PKEY_set1_RSA(pEvpkey, rsa);
PEM_write_bio_RSAPrivateKey (out, rsa, cipher, NULL, 0, NULL, NULL);
PEM_write_bio_PKCS8PrivateKey(out, pEvpkey, 0, 0, 0, 0, 0);
 
I did google searching, but have not figured out why the about functions failed (one posting mentions “export version” vs. domestic version??).
 
So, I’d like to get some help, 1. hopefully, with more debug information. 2. suggestion: based on OpenSSL 1.0.2, what are the correct function-chain to change pvk private key to PKCS#5?

Any suggestions, input are appreciated.
Xuan
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating PKCS#8 from pvk format

Wim Lewis-3

On 4. des. 2018, at 4:00 e.h., zhongju li via openssl-users <[hidden email]> wrote:
> Now I need to convert the key in RSA format to EVP_PKEY, then to PKCS#8. I have tried the following functions, all of these functions return 0 (failure) without any further debugging information/clues:
> EVP_PKEY_assign_RSA(pEvpkey, rsa);

Is it possible that pEvpkey or rsa is NULL? (You need to create a EVP_PKEY with EVP_PKEY_new() before putting a specific key into it.)

Otherwise, have you checked whether there is anything in the openssl error stack (using ERR_get_error(), ERR_print_errors_fp(), or similar)?

> I did google searching, but have not figured out why the about functions failed (one posting mentions “export version” vs. domestic version??).

There used to be different versions because of US export laws but I don't think that has been the case for many years.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating PKCS#8 from pvk format

OpenSSL - User mailing list
Hi Wim,
Thank you for your quick response.
1. Yes. I called EVP_PKEY_new() before calling EVP_PKEY_assign_RSA(pEvpkey, rsa);

2. For your second quetion: no. I have not checked there is anything in the openssl error stack.
I will check the openssl error stack.

3. (1). If it works, is EVP_PKEY_assign_RSA(pEvpkey, rsa) the correct function to call to get pEvpkey (EVP_PKEY) from a rsa private key?
Is there any other alternative function to get pEvpkey (EVP_PKEY) from a rsa private key?
(2), Once getting pEvpkey, can I call the following functions to get PKC#8 der format:
(a). PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(pEvpkey);
(b). int der_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &der);

Do you expect the above function call work? If not, what are the correct way to get pkcs#8 der  from pvk format?

Thank you

On Tuesday, December 4, 2018, 7:40:19 PM EST, Wim Lewis <[hidden email]> wrote:



On 4. des. 2018, at 4:00 e.h., zhongju li via openssl-users <[hidden email]> wrote:
> Now I need to convert the key in RSA format to EVP_PKEY, then to PKCS#8. I have tried the following functions, all of these functions return 0 (failure) without any further debugging information/clues:
> EVP_PKEY_assign_RSA(pEvpkey, rsa);

Is it possible that pEvpkey or rsa is NULL? (You need to create a EVP_PKEY with EVP_PKEY_new() before putting a specific key into it.)

Otherwise, have you checked whether there is anything in the openssl error stack (using ERR_get_error(), ERR_print_errors_fp(), or similar)?


> I did google searching, but have not figured out why the about functions failed (one posting mentions “export version” vs. domestic version??).


There used to be different versions because of US export laws but I don't think that has been the case for many years.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users