Hello,
is there a quick way/function to verify that a private (EVP_PKEY) key matches a X509 certificate's public key? thanks, -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Probably you can try the openssl verify command?
-----Original Message----- From: [hidden email] [mailto:[hidden email]]On Behalf Of Julien ALLANOS Sent: Monday, February 06, 2006 6:38 PM To: [hidden email] Subject: Testing private key - public key consistency Hello, is there a quick way/function to verify that a private (EVP_PKEY) key matches a X509 certificate's public key? thanks, -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Verify normally verifies a certificate chain, I think this isn't quite
what the original poster is trying to achieve. I think he is interested in what the SSL_CTX_check_private_key function can achieve. However I don't know if there is an OpenSSL utility that can do this. Maybe verify can indeed but after reading the documentation I can't see how. Gayathri Sundar wrote: >Probably you can try the openssl verify command? > > >-----Original Message----- >From: [hidden email] >[mailto:[hidden email]]On Behalf Of Julien ALLANOS >Sent: Monday, February 06, 2006 6:38 PM >To: [hidden email] >Subject: Testing private key - public key consistency > > >Hello, > >is there a quick way/function to verify that a private (EVP_PKEY) key >matches a X509 certificate's public key? > >thanks, > > -- Alain Damiral, I hope this message makes me look like a very intelligent person Université Catholique de Louvain - student alain.damiral'at'student.info.ucl.ac.be ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Alain Damiral a écrit :
> Verify normally verifies a certificate chain, I think this isn't quite > what the original poster is trying to achieve. > > I think he is interested in what the SSL_CTX_check_private_key function > can achieve. However I don't know if there is an OpenSSL utility that > can do this. Maybe verify can indeed but after reading the documentation > I can't see how. > > > Gayathri Sundar wrote: > >> Probably you can try the openssl verify command? >> >> >> -----Original Message----- >> From: [hidden email] >> [mailto:[hidden email]]On Behalf Of Julien ALLANOS >> Sent: Monday, February 06, 2006 6:38 PM >> To: [hidden email] >> Subject: Testing private key - public key consistency >> >> >> Hello, >> >> is there a quick way/function to verify that a private (EVP_PKEY) key >> matches a X509 certificate's public key? >> >> thanks, >> >> > > int X509_verify(X509 *a, EVP_PKEY *r); does the trick. -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Wed, Mar 15, 2006, Julien ALLANOS wrote:
> > int X509_verify(X509 *a, EVP_PKEY *r); > No that will check to see if the certfiicate "a" was signed by public key "r". The function: int X509_check_private_key(X509 *x, EVP_PKEY *k) is the right one. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Okay. Out of curiosity, what're the functions for:
1) Verifying that a given public key (not part of an X509 structure) matches a given EVP_PKEY? 2) Extracting the public key from the EVP_PKEY (since, as I understand it, the public key is stored as part of the private key structure)? -Kyle H On 3/15/06, Dr. Stephen Henson <[hidden email]> wrote: > On Wed, Mar 15, 2006, Julien ALLANOS wrote: > > > > > int X509_verify(X509 *a, EVP_PKEY *r); > > > > No that will check to see if the certfiicate "a" was signed by public key "r". > > The function: > > int X509_check_private_key(X509 *x, EVP_PKEY *k) > > is the right one. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson a écrit :
> On Wed, Mar 15, 2006, Julien ALLANOS wrote: > > >>int X509_verify(X509 *a, EVP_PKEY *r); >> > > > No that will check to see if the certfiicate "a" was signed by public key "r". > > The function: > > int X509_check_private_key(X509 *x, EVP_PKEY *k) > > is the right one. > > Steve. Thank you. -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |