<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:black;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-ZA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">Thanks for the help.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">I’ve come to learn that my problem is the HSM. It removes the RSA values p,q and d from the EVP key before returning it. This is normal since it is protecting the
key by keeping it in the HSM – duh. Anyway so, I cannot use it as a normal key. “Live and learn”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">So this bring me to the next question: Is there any changes I need to make in the OpenSSL Engine for my upgrade (0.9.8 -> 1.0.2) to be complete?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="650" style="width:487.5pt">
<tbody>
<tr style="height:22.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt"></td>
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:11.0pt">
<b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">Leon Brits</span></b><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><br>
</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">System Engineer</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><br>
</span><b><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">Mobile: +27 84 250 2855</span></b><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><o:p></o:p></span></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt"></td>
</tr>
<tr style="height:22.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt"></td>
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt"></td>
<td style="padding:0cm 0cm 0cm 0cm;height:22.5pt"></td>
</tr>
<tr>
<td width="261" rowspan="3" style="width:195.75pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><img width="281" height="54" id="_x0000_i1026" src="cid:image001.png@01D31FD4.CD5D06B0"></span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><o:p></o:p></span></p>
</td>
<td width="389" style="width:291.75pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">76 Regency Drive Route 21 Corporate Park Irene 0157</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><o:p></o:p></span></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm"></td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#314657;mso-fareast-language:EN-ZA">Tel</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA">
</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">+27 12 678 9740 (<i>ext. 9767</i>)</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA">
</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#314657;mso-fareast-language:EN-ZA">|</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA">
</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#314657;mso-fareast-language:EN-ZA">Fax</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA">
</span><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#58585A;mso-fareast-language:EN-ZA">+27 12 345 2561</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><o:p></o:p></span></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm"></td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><a href="http://www.parsec.co.za"><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#314657;text-decoration:none">www.parsec.co.za</span></a><o:p></o:p></span></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm"></td>
</tr>
<tr>
<td colspan="2" style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><img border="0" width="650" height="59" id="_x0000_i1025" src="cid:image002.png@01D31FD4.CD5D06B0"></span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;mso-fareast-language:EN-ZA"><o:p></o:p></span></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm"></td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-ZA">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-ZA"> openssl-dev
[mailto:openssl-dev-bounces@openssl.org] <b>On Behalf Of </b>Leon Brits<br>
<b>Sent:</b> 23 August 2017 11:52 AM<br>
<b>To:</b> openssl-dev@openssl.org<br>
<b>Subject:</b> [openssl-dev] Upgrading OpenSSL<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">I am task to update two machines from v0.9.8z to v1.0.2 (since it is LTS).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">With the minimal changes, I’ve been able to get the application on the machines to compile with the newer version and generate RSA 4096 key pairs. The applications
are able to successfully use their respective private keys and certificates to establish TLS connection between them. However, when I used the CLI to check a dumped privatekey i got the following output:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><br>
% openssl rsa -check -in privkey.pem <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">unable to load Private Key<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">1995859152:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field missing:tasn_dec.c:489:Field=d, Type=RSA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">1995859152:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:121:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">1995859152:error:0606F091:digital envelope routines:EVP_PKCS82PKEY:private key decode error:evp_pkey.c:92:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">1995859152:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">Any suggestions at what is wrong with the key?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">Note that an ID is stored in the RSA extended data since the private key may be stored in HSM.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">Thanks for your time<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">LJB<o:p></o:p></span></p>
</div>
</div>
</body>
</html>