how to import external rsa public key in openssl.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

how to import external rsa public key in openssl.

Sangsub

I would like to perform operations such as RSA signature verification
through an RSA public key file received from an external server.
Key values are given in der format or pem format as follows.

der:"30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001"

pem_base64:"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2nsO4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhfnAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmDLWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB"

I want to import the above data into "struct rsa_st * rsa", but it is not
working.

For example, to import the rsa public key in der format, I did the
following:
==========================================================
char data[] =
"30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001";

unsigned char * pArr = (unsigned char *)malloc(buf_len);
RSA *pub_rsa = NULL;

fnStr2Hex(pArr, data); // Converts a data array composed of strings to a hex
array (pArr).
pub_rsa=d2i_RSAPublicKey(NULL,&pArr,(long)buf_len);
==========================================================

In this case, In d2i_RSAPublicKey function is returning NULL Pointer.
I do not know what went wrong.

And I do not know how to change the string data received by pem_base64 to
"struct rsa_st * rsa" as well.
The sample code uses a function called "ReadPublicKey", which seems to load
an X.509 certificate file.
I do not read the file, but I need to get the data from the server like
above.

Please answer the person who knows about this.



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: how to import external rsa public key in openssl.

Matt Caswell-2


On 08/06/18 08:02, Sangsub wrote:

>
> I would like to perform operations such as RSA signature verification
> through an RSA public key file received from an external server.
> Key values are given in der format or pem format as follows.
>
> der:"30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001"
>
> pem_base64:"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2nsO4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhfnAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmDLWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB"
>
> I want to import the above data into "struct rsa_st * rsa", but it is not
> working.
>
> For example, to import the rsa public key in der format, I did the
> following:
> ==========================================================
> char data[] =
> "30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001";
>
> unsigned char * pArr = (unsigned char *)malloc(buf_len);
> RSA *pub_rsa = NULL;
>
> fnStr2Hex(pArr, data); // Converts a data array composed of strings to a hex

Is that really what this function does? i.e. convert *to* hex? The
buffer you are working with is already in hex - but you want it in a
binary form (i.e. convert *from* hex) for the subsequent call to
d2i_RSAPublicKey.

But actually, probably you need to call d2i_RSA_PUBKEY instead. This is
the function you need for reading a SubjectPublicKeyInfo (SPKI) format,
der encoded RSA key. I took your der encoded key above and ran it
through asn1parse, and it appears to be in SPKI format.



> array (pArr).
> pub_rsa=d2i_RSAPublicKey(NULL,&pArr,(long)buf_len);
> ==========================================================
>
> In this case, In d2i_RSAPublicKey function is returning NULL Pointer.
> I do not know what went wrong.
>
> And I do not know how to change the string data received by pem_base64 to
> "struct rsa_st * rsa" as well.

The equivalent function for reading a pem encoded RSA key in SPKI format
is PEM_read_bio_RSA_PUBKEY() (or one of the other similarly named
functions) described here:

https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_RSA_PUBKEY.html

However, you don't actually have a PEM file at all. You are missing the
header and footer lines. It needs to look something like this:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2ns
O4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhf
nAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmD
LWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmr
rF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuD
d8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6
xQIDAQAB
-----END PUBLIC KEY-----

Hope that helps,

Matt


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: how to import external rsa public key in openssl.

Sangsub
Thanks Matt for your reply.

The purpose I am doing this is to find the modulus and exponent in the RSA
public key.
My sample code and the current results are shown below.

=========================================================
void fnStr2Hex(char* out, char* in) {
        int data_len = strlen(in);
        char * pStr = in;
        int i;
       
        for(i=0; i<data_len/2; i++) {
                char buf[2] = {0,};
                memcpy(buf, pStr, sizeof(buf));
                       
                out[i] = (unsigned char)strtol(buf, NULL, 16);

                // need to check strol 2nd arguments... for error checking..
                printf(&quot;i:%d, pArr[i]:%02X \n&quot;, i, out[i]);

                pStr+=2;
        }
}

int main() {
        char raw_data[] =
&quot;30819F300D06092A864886F70D010101050003818D0030818902818100AA18ABA43B50DEEF38598FAF87D2AB634E4571C130A9BCA7B878267414FAAB8B471BD8965F5C9FC3818485EAF529C26246F3055064A8DE19C8C338BE5496CBAEB059DC0B358143B44A35449EB264113121A455BD7FDE3FAC919E94B56FB9BB4F651CDB23EAD439D6CD523EB08191E75B35FD13A7419B3090F24787BD4F4E19670203010001&quot;;

        int data_len = strlen(raw_data);  // Q) I think this is the problem. How
many lengths should I allocate?
       
        unsigned char * pArr = (unsigned char *)malloc(data_len);
        memset(pArr, 0x00, data_len);
       
// raw_data is a string. Not in hex state. So I changed the contents of
raw_data [] to hex in pArr.
// The implementation of this function is above main function.
        fnStr2Hex(pArr, raw_data);
       
        STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
       
        pub_rsa=d2i_RSAPublicKey(NULL,&amp;pArr,(long)data_len);
       
        if(pub_rsa == NULL) {
                printf(&quot;error : failed d2i_RSAPublicKey \n&quot;);
                return -1;
        }
       
        BN_print(STDout,pub_rsa->n);   // print modulus bignum
        BN_print(STDout,pub_rsa->e);  //  print exponent bignum
               
        return 0;
}

result : error : failed d2i_RSAPublicKey

I wrote the above, but I think data_len is the problem. I do not know how
much size I should enter.
And do I have to enter the string source without the string to hex in the
d2i_RSAPublicKey function?


And you said you need prefix and postfix to do PEM format.
Is raw_data [] as shown below?

raw_data[] = {
"-----BEGIN PUBLIC KEY-----"\
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2ns"\
"O4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhf"\
"nAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmD"\
"LWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmr"\
"rF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuD"\
"d8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6"\
"xQIDAQAB"\
"-----END PUBLIC KEY----- "

After that, I coded as follows.

        int data_len = strlen(raw_data);
        BIO *bufio = NULL;
        RSA *pub_rsa = NULL;

        unsigned char * pArr = (unsigned char *)malloc(data_len);
        memset(pArr, 0x00, data_len);
       
        fnStr2Hex(pArr, raw_data);  // for converting hex
       
        bufio = BIO_new_mem_buf((void*)pArr, data_len);
       
        if(bufio == NULL) {
                printf("Error (1) \n");
                return -1;
        }
       
        PEM_read_bio_RSAPublicKey(bufio, &pub_rsa, 0, NULL);
       
        if(pub_rsa == NULL) {
                printf("Error (2) \n");
                return -1;
        }
} // end of main

When I execute the above code, Error (2) is output.
I want to be helped with the above two (DER, PEM) situations.
Again, I want to find the modulus and public exponent in the RSA public key.

BR,






--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: how to import external rsa public key in openssl.

Matt Caswell-2


On 08/06/18 11:29, Sangsub wrote:
> char buf[2] = {0,};
> memcpy(buf, pStr, sizeof(buf));
>
> out[i] = (unsigned char)strtol(buf, NULL, 16);

This looks wrong. "buf" is not NUL terminated so strtol could give an
incorrect result.

> // raw_data is a string. Not in hex state. So I changed the contents of
> raw_data [] to hex in pArr.
> // The implementation of this function is above main function.
> fnStr2Hex(pArr, raw_data);

The function is converting from a hex string to binary data so I find it
confusingly named. But it seems to be doing the right thing AFAICT aside
from the issue I noted above, although I haven't tested it.



> fnStr2Hex(pArr, raw_data);  // for converting hex
>
> bufio = BIO_new_mem_buf((void*)pArr, data_len);
>
> if(bufio == NULL) {
> printf("Error (1) \n");
> return -1;
> }
>
> PEM_read_bio_RSAPublicKey(bufio, &pub_rsa, 0, NULL);

PEM_read_bio_RSAPublicKey() expects a PEM encoded string which is what
is contained in your raw_data buffer. It is incorrect to call
fnStr2Hex() on it first - this will cause it to fail.

As I mentioned in my previous email you should be using
PEM_read_RSA_PUBKEY() instead (or PEM_read_bio_RSA_PUBKEY() etc). If you
use the "non bio" version there is no need to create the mem BIO first.
It will just read directly from your memory buffer.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: how to import external rsa public key in openssl.

Viktor Dukhovni
In reply to this post by Sangsub


> On Jun 8, 2018, at 3:02 AM, Sangsub <[hidden email]> wrote:
>
> pem_base64:"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2nsO4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhfnAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmDLWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB

It is not PEM until it has a PEM header and trailer indicating the data
type.  That's just the base64 form of the DER encoding.  To get actual
PEM data:

$ b64="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2nsO4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhfnAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmDLWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB"
$ echo; echo "$b64" |
    openssl base64 -A -d |
    openssl pkey -inform DER -pubin -text

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2ns
O4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhf
nAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmD
LWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmr
rF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuD
d8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6
xQIDAQAB
-----END PUBLIC KEY-----
Public-Key: (2048 bit)
Modulus:
    00:8a:b8:c5:49:13:8c:c5:9f:60:5b:50:26:5f:69:
    ec:3b:8c:e3:b3:e9:af:5e:17:4d:26:cf:e2:42:65:
    01:04:be:a0:51:01:18:96:76:c7:a2:92:cc:6b:5a:
    e7:19:e1:19:e3:ac:29:e9:d3:ad:9d:ad:cd:a4:96:
    f2:f7:18:5f:9c:0c:48:72:a2:db:12:4f:01:99:2b:
    23:8e:83:fd:58:2d:8a:29:0f:29:73:f9:cf:74:4f:
    1e:53:f8:aa:53:a2:25:c1:22:99:b1:cc:36:58:fb:
    60:7c:b5:ab:a5:79:83:2d:6c:26:87:f7:13:00:a4:
    df:3d:f1:c1:40:7e:17:d2:2a:5c:19:c8:30:ed:0c:
    58:24:07:23:09:a6:12:bb:3e:4f:b3:39:f2:5b:bb:
    cf:e2:99:9f:43:42:11:06:49:ab:ac:5f:4b:fe:a2:
    a5:9c:d3:8c:17:39:79:a6:79:af:dc:8b:aa:cb:4e:
    87:eb:50:ac:f8:06:cf:b7:40:75:04:bd:ac:11:0c:
    fb:cb:99:c0:42:27:03:1e:14:6b:9f:3b:83:77:c8:
    70:35:69:03:09:fa:e9:87:2e:2c:7b:93:e8:37:5f:
    cc:de:bc:4f:98:be:1d:57:42:69:c5:13:a4:35:94:
    f6:b8:86:1f:74:64:83:2a:e9:9e:ba:ce:ae:0f:cc:
    3a:c5
Exponent: 65537 (0x10001)

With the above in a file or memory BIO, you can
use a suitable PEM_*_PUBKEY() routine, to get
an abstract EVP_PKEY or an RSA key.  If you
want to do signature verification, you should
not write any RSA-specific code.  An EVP_PKEY
can be used with X509_verify() with any supported
key type: RSA, DSA, ECDSA, Ed25519, ...

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users