cryptography - Reading PEM-formatted RSA keyfile with the OpenSSL C API -
i trying read in aes-128-cbc encrypted pem key file generated using ruby openssl api. code generated pem key following:
openssl::pkey::rsa.new(2048).to_pem(openssl::cipher::aes.new('128-cbc'), "password") here's code reads pem file:
rsa *rsa; bio *pem = bio_new(bio_s_mem()); bio_puts(pem, "-----begin rsa private key-----\n" "proc-type: 4,encrypted\n" "dek-info: aes-128-cbc,bb13d39833dd6ed1ff9843644e7981ee\n\n "eugt8jznkqkersabwkwfm3wqhu/tmp9t0qap5hm8viwpzwkldmrlsudptadu6rpd\n" "5vtg3dpiexcf+6deyarimid9sbbmq9mk2omknrctmemqtohauakbu78tmt9g4ysf\n" "rjoxwsqu3jmwrlcgkpn7bium8wimitrz3p28oszk9adunbriu/2si8dm4ryiz/fk\n" "uvvgdok9dgcd0sjvucivx2hageg/iuz23q1jg9indpimzvfjd1fjfgeuwdgyfjfa\n" "m8jixtkbwopeopondkt7u4dc5vcsjk29mvbfd7ickfpmh5un+c96rpxtng/owyw5\n" "0tvzhyyyvag9p0hx5lr4pdbv21ghyu43sa6wbs9jwyqo3ab7caoeeqhumwflsdjj\n" "ygrx6bwthpyv/xnbdmmvlthlkffe01ncybivob4kwbnvi45x21pbqazckdtfdekl\n" "iwdmtig2itxsuvpfly30vfoze+pgymcgduyzdvqjsaqi/mrj8khnn5nyubxc27g3\n" "8kbsnlix2sw2m0vdxqiy9dyjcxxrkfrsnofyvs1pflgjfvtg4mwh6czxkw8mfvbi\n" "emlvuywzodz1ve4vxspp/vrkeh33juhhm0vjopqi6wqw0qr0i2o6etm1zrjclpcw\n" "vicgcvweneglokohdqor0izqatywvauqq822wkt258hc6z8+alqf5imroqk7add4\n" "flrlz4xtwqlg7ppttde/emi1dt8dqwzq++qi0lr0cs/n1gxjkqtqdvauxliii3qy\n" "kffyfpv9jyyfrftjntisi/edptp98auk0mb9o/ws/hrufi9behgv63iw1iwaoxcw\n" "zlkwgobuh13gs864rl+acraxreo2j4ddqouterajueg0hoytp65zun/vsci2asoh\n" "jwsnnmhz9oxvcgy80wjdn3kqocbrijodkbv6jcoxgvcsvk+wsdgz7cfb8lwp7aa8\n" "8nd1bwl9fykwkeisoakj91iinqv4o3+3pupgcu5oe68wyvafjuu+criyf+ehmxjv\n" "jq1vffzprgzgntjz19uxxh1h2iwqpggroujm2rozywvv1nz4eq40y3et1f9uoyju\n" "ckehoti2nplevoayqo8g9wo2oc+cqvhzhdybe5o7pm7akfnylvrg9s1uswdcvt0g\n" "ipfmejlsrj/f954aqmhtuc6vbojzh/vnc5qt+ulfxl634sr9wqqk2qlqsjya04tr\n" "1ixbcnox71esvpfimsrlso5ota22t3h2gyjpum10xhqgtdxtstnal6smlna9u9b3\n" "gtvxfwwukqof5lm8zfqipo2lohwjkoztbc4repyp44soxjxstv7k4pt1ck7x6/2h\n" "elspxzjveqmhcrvewv1kaa2ogd+hgfuinscoidapjjlz1bd/+oiq/zwqeo0nrowe\n" "r/hlbbed3v+fridjpgydfeaw6gk5e9syjcgf7uf/n2nabfxxezl3g6mjq64dtusg\n" "deh/mpviydsx4navh1gtwctoeg1czw3diyaqbzk+uzcblfu7j27yvvpsd6f2+wud\n" "wnaqu3s5bcpqk5od3wqzv+secqjggpgy1gv0tl8arjomdkaru03ksrn2eiwqr5/c\n" "-----end rsa private key-----\n"); // retrieve rsa key pem file. rsa = pem_read_bio_rsaprivatekey(pem, null, pem_password_callback, "password"); and here's dummy password callback (not sure function's purpose, think may return length of password):
int pem_password_callback(char *buf, int max_len, int flag, void *pwd) { return 8; } currently, rsa = ... part not throw error, doesn't return well-formed result either.
and here's dummy password callback (not sure function's purpose, think may return length of password):
int pem_password_callback(char *buf, int max_len, int flag, void *pwd) { return 8; }
no, not dummy. in example, returned buffer 8 junk characters (whatever happened in buf).
the password callback programmatically plug in password. supplied buff of max_len, , need copy password buffer , return number of bytes copied.
int pem_password_callback(char *buf, int max_len, int flag, void *ctx) { const char* passwd = "password"; int len = strlen(passwd); if(len > max_len) return 0; memcpy(buf, passwd, len); return len; } the flag read/write flag denote if reading key or writing key. in practice, have never used it.
you use similar to:
file* file = ...; evp_pkey* pkey = pem_read_privatekey(file, null, pem_password_callback, null); unlike write routine (which needs evp_* cipher), read routine knows used encrypt key because encoded in private key.
in systems, use context label ensure same passwords arrive @ different derived keys:
evp_pkey* pkey = pem_read_privatekey(file, null, pem_password_callback, "some context"); then, in password callback:
int pem_password_callback(char *buf, int max_len, int flag, void *ctx) { // "some context" in example above char* label = (char*)ctx; // hash password , label // ... // copy hash buffer, return length ... }
Comments
Post a Comment