[openssl-users] d2i_RSAPrivateKey not working on a private key

Frank Migge public at frank4dd.com
Fri Oct 9 23:28:56 UTC 2015


Hi David,

Your attached sample certificate and private key (1024 bit RSA) works fine.
I am reading it with PEM_read_PrivateKey( fp, &key, NULL, NULL), and also
PEM_read_bio_PrivateKey(pkeybio, NULL, 0, NULL) works.

If you could post the code or code fragment that creates the problem?
d2i_RSAPrivateKey() is not reading PEM, just making sure...

Best wishes,
Frank Migge


> David Lobron <mailto:dlobron at akamai.com>
> Saturday, October 10, 2015 12:33 AM
> Hello openssl people,
>
> I am trying to read a private key of a certificate into memory using 
> d2i_RSAPrivateKey. I'm able to read the certificate without a problem, 
> but when I pass the private key to d2i_RSAPrivateKey, it fails to 
> parse. I do not see an error message or errno being set - 
> d2i_RSAPrivateKey simply returns NULL. I've generated a self-signed 
> cert which reproduces the problem, and I've attached it to this 
> message (this is a throwaway cert, not in use for anything, so I'm 
> knowingly sending the private key). The command I used to generate 
> this cert and its key was:
>
> openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 
> 36500 -nodes -outform PEM
>
> I have another cert where the private key *is* parseable by 
> d2i_RSAPrivateKey. I printed out both certs from the command line, and 
> compared them. They appear almost identical. The only difference I see 
> is that when I print the attached unparseable cert, the Signature 
> Algorithm section has 8 lines of hex. In the parseable cert, I see 15 
> lines of hex. Both certs use sha1WithRSAEncryption as the algorithm, 
> with 1024 bits.
>
> Can anyone help me understand why the private key in the attached cert 
> is not readable by d2i_RSAPrivateKey? I'm running these tests on a 
> Mac, but the same thing happens on Ubuntu Linux.
>
> Thank you,
>
> David
>
> Printout of the attached cert, which fails to parse with 
> d2i_RSAPrivateKey:
>
> MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined 
> -text -noout
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
> OU=KMI, 
> CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron at akamai.com
> Validity
> Not Before: Oct 8 15:47:30 2015 GMT
> Not After : Jan 16 15:47:30 2016 GMT
> Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
> OU=KMI, 
> CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron at akamai.com
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (1024 bit)
> Modulus:
> 00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:
> 77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:
> 63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:
> 27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:
> 53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:
> ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:
> bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:
> 02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:
> e7:82:39:f9:09:1b:ee:56:f9
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Subject Key Identifier:
> 2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
> X509v3 Authority Key Identifier:
> keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
>
> X509v3 Basic Constraints:
> CA:TRUE
> Signature Algorithm: sha1WithRSAEncryption
> 5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:
> 66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:
> 46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:
> a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:
> 58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:
> 1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:
> d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:
> 37:c8
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
Sent with Postbox <http://www.getpostbox.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151010/12dc9e0f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151010/12dc9e0f/attachment.jpg>


More information about the openssl-users mailing list