<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Hi Frank,<br>
<br>
Thanks for these thoughts.<br>
</tt><br>
<div class="moz-cite-prefix">On 10/13/2015 09:57 PM, Frank Migge
wrote:<br>
</div>
<blockquote cite="mid:561DC490.3010808@frank4dd.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Hi David,<br>
<br>
I didn't spot the error in your code. But since <span>d2i_RSAPrivateKey()
fails on the DER data, how about a workaround? If your remaining
code works fine, you could extract the RSA key from the EVP_PKEY
object (which you are getting with </span><span>d2i_PrivateKey)</span><span>,
e.g.<br>
<br>
RSA *rsakey;<br>
rsakey = EVP_PKEY_get1_RSA(privkey); // this reads EVP_PKEY,
best to test before to ensure it is RSA<br>
<br>
if (RSA_check_key(rsakey)) { printf("RSA key is valid.\n"); }<br>
else { printf("Error validating RSA key.\n"); }<br>
<br>
RSA_print_fp(stdout, rsakey, 3);<br>
...<br>
<br>
Alternatively, building a test case around </span><span><span>d2i_RSAPrivateKey()
to see if the DER format is valid, e.g. converting the PEM key
into DER using the OpenSSL commandline, and binary-compare
with the programs DER data. </span></span><br>
</blockquote>
<br>
I worked with David some offline, and it seems that the problematic
file was the DER encoding of a PKCS8_PRIV_KEY_INFO, with the pkey
ASN1_ANY element being an octet string containing the DER encoding
of the actual RSAPrivateKey object (checked using openssl
asn1parse). So it seems that calling d2i_RSAPrivateKey() on it
directly would necessarily fail, since that ASN.1 decoder has no
provision to skip the bits in the PKCS#8 container.<br>
<br>
I think we're in agreement that the EVP interfaces are friendlier to
use, at this point, though.<br>
<br>
-Ben<br>
</body>
</html>