Testing private key - public key consistency

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Testing private key - public key consistency

Julien ALLANOS
Hello,

is there a quick way/function to verify that a private (EVP_PKEY) key
matches a X509 certificate's public key?

thanks,
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Testing private key - public key consistency

Gayathri Sundar-2
Probably you can try the openssl verify command?


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Julien ALLANOS
Sent: Monday, February 06, 2006 6:38 PM
To: [hidden email]
Subject: Testing private key - public key consistency


Hello,

is there a quick way/function to verify that a private (EVP_PKEY) key
matches a X509 certificate's public key?

thanks,
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Testing private key - public key consistency

Alain Damiral
Verify normally verifies a certificate chain, I think this isn't quite
what the original poster is trying to achieve.

I think he is interested in what the SSL_CTX_check_private_key function
can achieve. However I don't know if there is an OpenSSL utility that
can do this. Maybe verify can indeed but after reading the documentation
I can't see how.


Gayathri Sundar wrote:

>Probably you can try the openssl verify command?
>
>
>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]]On Behalf Of Julien ALLANOS
>Sent: Monday, February 06, 2006 6:38 PM
>To: [hidden email]
>Subject: Testing private key - public key consistency
>
>
>Hello,
>
>is there a quick way/function to verify that a private (EVP_PKEY) key
>matches a X509 certificate's public key?
>
>thanks,
>  
>


--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Testing private key - public key consistency

Julien ALLANOS
Alain Damiral a écrit :

> Verify normally verifies a certificate chain, I think this isn't quite
> what the original poster is trying to achieve.
>
> I think he is interested in what the SSL_CTX_check_private_key function
> can achieve. However I don't know if there is an OpenSSL utility that
> can do this. Maybe verify can indeed but after reading the documentation
> I can't see how.
>
>
> Gayathri Sundar wrote:
>
>> Probably you can try the openssl verify command?
>>
>>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]]On Behalf Of Julien ALLANOS
>> Sent: Monday, February 06, 2006 6:38 PM
>> To: [hidden email]
>> Subject: Testing private key - public key consistency
>>
>>
>> Hello,
>>
>> is there a quick way/function to verify that a private (EVP_PKEY) key
>> matches a X509 certificate's public key?
>>
>> thanks,
>>  
>>
>
>
looks like:

int X509_verify(X509 *a, EVP_PKEY *r);

does the trick.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Testing private key - public key consistency

Dr. Stephen Henson
On Wed, Mar 15, 2006, Julien ALLANOS wrote:

>
> int X509_verify(X509 *a, EVP_PKEY *r);
>

No that will check to see if the certfiicate "a" was signed by public key "r".

The function:

int X509_check_private_key(X509 *x, EVP_PKEY *k)

is the right one.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Testing private key - public key consistency

Kyle Hamilton
Okay.  Out of curiosity, what're the functions for:

1) Verifying that a given public key (not part of an X509 structure)
matches a given EVP_PKEY?
2) Extracting the public key from the EVP_PKEY (since, as I understand
it, the public key is stored as part of the private key structure)?

-Kyle H

On 3/15/06, Dr. Stephen Henson <[hidden email]> wrote:

> On Wed, Mar 15, 2006, Julien ALLANOS wrote:
>
> >
> > int X509_verify(X509 *a, EVP_PKEY *r);
> >
>
> No that will check to see if the certfiicate "a" was signed by public key "r".
>
> The function:
>
> int X509_check_private_key(X509 *x, EVP_PKEY *k)
>
> is the right one.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Testing private key - public key consistency

Julien ALLANOS
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson a écrit :

> On Wed, Mar 15, 2006, Julien ALLANOS wrote:
>
>
>>int X509_verify(X509 *a, EVP_PKEY *r);
>>
>
>
> No that will check to see if the certfiicate "a" was signed by public key "r".
>
> The function:
>
> int X509_check_private_key(X509 *x, EVP_PKEY *k)
>
> is the right one.
>
> Steve.

Thank you.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]