[openssl-users] unsigned char * public key to evp_pkey o ec_key

Matt Caswell matt at openssl.org
Thu Mar 23 09:40:58 UTC 2017



On 22/03/17 17:59, Christian Adja via openssl-users wrote:
> Good evening everybody,I need help about to transform public key
> (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The
> public key is an ecdsaNistP256 in compressed form (compressedy1).
> The public key form in hex =
> |00|80|83|x point (32 bytes)|

You could use BN_bin2bn() to load the x value into a BIGNUM:

https://www.openssl.org/docs/man1.1.0/crypto/BN_bin2bn.html

Then you could use EC_POINT_set_compressed_coordinates_GFp() to create
the EC_POINT for that public key:

https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_set_compressed_coordinates_GFp.html

Finally you can create an EC_KEY from the EC_POINT using
EC_KEY_set_public_key():

https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_set_public_key.html

Matt



> Thanks,
> Best Regards
> 
> 
> Il Mercoledì 22 Marzo 2017 18:48, "openssl-users-request at openssl.org"
> <openssl-users-request at openssl.org> ha scritto:
> 
> 
> Send openssl-users mailing list submissions to
>     openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>     https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
>     openssl-users-request at openssl.org
> <mailto:openssl-users-request at openssl.org>
> 
> You can reach the person managing the list at
>     openssl-users-owner at openssl.org <mailto:openssl-users-owner at openssl.org>
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: openssl-users Digest, Vol 28, Issue 21 (Christian Adja)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 22 Mar 2017 17:48:08 +0000 (UTC)
> From: Christian Adja <christian_adja at yahoo.it
> <mailto:christian_adja at yahoo.it>>
> To: "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: Re: [openssl-users] openssl-users Digest, Vol 28, Issue 21
> Message-ID: <776809560.1321367.1490204889018 at mail.yahoo.com
> <mailto:776809560.1321367.1490204889018 at mail.yahoo.com>>
> Content-Type: text/plain; charset="utf-8"
> 
> Good evening everybody,I need help about to transform public key
> (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The
> public key is an ecdsaNistP256 in compressed form (compressedy1).
> The public key form in hex =
> |00|80|83|x point (32 bytes)|
> Thanks,
> Best Regards
> 
> 
>     Il Mercoled? 15 Marzo 2017 22:23, "openssl-users-request at openssl.org
> <mailto:openssl-users-request at openssl.org>"
> <openssl-users-request at openssl.org
> <mailto:openssl-users-request at openssl.org>> ha scritto:
> 
> 
> Send openssl-users mailing list submissions to
> ??? openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> ??? https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
> ??? openssl-users-request at openssl.org
> <mailto:openssl-users-request at openssl.org>
> 
> You can reach the person managing the list at
> ??? openssl-users-owner at openssl.org <mailto:openssl-users-owner at openssl.org>
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
> 
> 
> Today's Topics:
> 
> ? 1. Request for adding new ciphers (Christian Adja)
> ? 2. Re: Request for adding new ciphers (Matt Caswell)
> ? 3. Generating dh parameters multithreaded? (Joseph Southwell)
> ? 4. Re: Generating dh parameters multithreaded? (Salz, Rich)
> ? 5. OpenSSL Certificate Cross Signing (Moritz Wirth)
> ? 6. Re: PKCS#7 (val?ry)
> ? 7. Re: Generating dh parameters multithreaded? (Joseph Southwell)
> ? 8. Re: Generating dh parameters multithreaded? (Salz, Rich)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC)
> From: Christian Adja <christian_adja at yahoo.it
> <mailto:christian_adja at yahoo.it>>
> To: "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: [openssl-users] Request for adding new ciphers
> Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com
> <mailto:1576557894.1332584.1489601024241 at mail.yahoo.com>>
> Content-Type: text/plain; charset="utf-8"
> 
> Hi everyone,
> Someone can help for adding the ciphersuite "
> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in
> openssl?
> I tried adding in the file tls1.h??? # define
> TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC
> ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD
> And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers()
> ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c.
> There are no way to make it works. It continue to give me? error:
> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
> thanks.
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/5ea926a1/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 15 Mar 2017 18:18:52 +0000
> From: Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>>
> To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: Re: [openssl-users] Request for adding new ciphers
> Message-ID: <e507eba7-b0c6-d85a-78aa-2af36c2e487e at openssl.org
> <mailto:e507eba7-b0c6-d85a-78aa-2af36c2e487e at openssl.org>>
> Content-Type: text/plain; charset=windows-1252
> 
> 
> 
> On 15/03/17 18:03, Christian Adja via openssl-users wrote:
>> Hi everyone,
>>
>> Someone can help for adding the ciphersuite "
>> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in
>> openssl?
>> I tried adding in the file tls1.h
>>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM? ? ? ? ? ? 0x0300C0AC
>>? ? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM? ? ? ? ? ? 0x0300C0AD
>>
>> And modifing the file? ssl_ciph.c the functions
>>? ? ssl_load_ciphers() ...
>> And modifing the file evp_cipher.c and sssl_locl.c
>> and finaly ssl_algs.c.
>>
>> There are no way to make it works. It continue to give me? error:
>> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
> 
> 
> These ciphersuites already exist in OpenSSL (from version 1.1.0).
> 
> Matt
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Wed, 15 Mar 2017 14:18:38 -0400
> From: Joseph Southwell <jsouthwell at serengeti.com
> <mailto:jsouthwell at serengeti.com>>
> To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: [openssl-users] Generating dh parameters multithreaded?
> Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com
> <mailto:56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com>>
> Content-Type: text/plain; charset="utf-8"
> 
> On any new install of our software we generate new dh parameters as follows?
> 
> DH *dh = DH_new();
> !DH_generate_parameters_ex(dh, 2048, 2, NULL);
> int codes = 0;
> DH_check(dh, &codes);
> DH_generate_key(dh);
> 
> It takes a long time. Is there some way to have it use all available
> cores instead of just the one?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/abdcfd11/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 4
> Date: Wed, 15 Mar 2017 18:21:05 +0000
> From: "Salz, Rich" <rsalz at akamai.com <mailto:rsalz at akamai.com>>
> To: "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID:
> ???
> <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com
> <mailto:9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com>>
> Content-Type: text/plain; charset="utf-8"
> 
>> It takes a long time. Is there some way to have it use all available
> cores instead of just the one?
> 
> You'll have to write the code to do that parallelism yourself.
> 
> ------------------------------
> 
> Message: 5
> Date: Wed, 15 Mar 2017 19:46:07 +0100
> From: Moritz Wirth <mw at flanga.io <mailto:mw at flanga.io>>
> To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: [openssl-users] OpenSSL Certificate Cross Signing
> Message-ID: <c879dec1-9fab-5ecc-de01-4e033c690690 at flanga.io
> <mailto:c879dec1-9fab-5ecc-de01-4e033c690690 at flanga.io>>
> Content-Type: text/plain; charset=utf-8
> 
> Good Evening all,
> 
> 
> I have 2 Root Certificate Authorities which I want to use to cross sign
> an intermediate certificate. I created a certificate request and signed
> it with both CAs.
> 
> I issued an end user certificate with the intermediate CA and added both
> intermediate CA Certificates (the one from Root1 and the one signed by
> Root2). If only one CA is trusted, the certificate is still recognized
> as trusted in Firefox regardless which certificate is on top of the
> chain (Which is exactly what I want.)
> 
> I wondered if I can connect both intermediate Certificates to a single
> certificate or do I always need both certificates?
> 
> 
> Best Regards,
> 
> Moritz
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Wed, 15 Mar 2017 21:42:50 +0100
> From: val?ry <vsbrin at gmail.com <mailto:vsbrin at gmail.com>>
> To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: Re: [openssl-users] PKCS#7
> Message-ID:
> ??? <CAMkdoSFR_kT=wxt5jAFMENwN3dXEhzVr=VkJmh-7=ocaHj14OA at mail.gmail.com
> <mailto:ocaHj14OA at mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
> 
> Alright, big thanks to both of you for your input!
> 
> On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhelst at fedict.be
> <mailto:wouter.verhelst at fedict.be>> wrote:
> 
> On 15-03-17 05:13, val?ry wrote:
> 
>> Hi,
>>
>> thank you very much for your response.
>> Say someone would be able to gather several clear text AES keys and
>> their respective asymmetrically encrypted RSA blocks. Would it weakens
>> the security of the RSA key pair ? I mean could it be easier for someone
>> using that information to brute force an RSA key pair ?
>>
> 
> Think of it this way:
> 
> As far as the RSA algorithm is concerned, the AES keys are just data. They
> happen to be AES keys, but they might have been a hash value, an image, or
> somebody's date of birth.
> 
> If getting the cleartext as well as the encrypted text for an RSA message
> would allow you to more easily guess the RSA key, then the RSA algorithm
> would be seriously flawed.
> 
> There is no known attack against RSA for which this is true, however, as
> Rich pointed out.
> 
> -- 
> Wouter Verhelst
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/c5426a43/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 7
> Date: Wed, 15 Mar 2017 17:08:50 -0400
> From: Joseph Southwell <jsouthwell at serengeti.com
> <mailto:jsouthwell at serengeti.com>>
> To: "Salz, Rich" <rsalz at akamai.com <mailto:rsalz at akamai.com>>,
> openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID: <F3ADE150-0FAA-46B8-B481-816C1DD1B984 at serengeti.com
> <mailto:F3ADE150-0FAA-46B8-B481-816C1DD1B984 at serengeti.com>>
> Content-Type: text/plain; charset=us-ascii
> 
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the
> already exposed functionality? If it is the latter could you point me in
> the right direction?
> 
>> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
>>
>>> It takes a long time. Is there some way to have it use all available
> cores instead of just the one?
>>
>> You'll have to write the code to do that parallelism yourself.
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Wed, 15 Mar 2017 21:15:11 +0000
> From: "Salz, Rich" <rsalz at akamai.com <mailto:rsalz at akamai.com>>
> To: Joseph Southwell <jsouthwell at serengeti.com
> <mailto:jsouthwell at serengeti.com>>,
> ??? "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID:
> ???
> <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com
> <mailto:2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com>>
> Content-Type: text/plain; charset="Windows-1252"
> 
>> Are you suggesting that I should modify openssl myself to expose that
>> functionality or are suggesting that there is a way to do that given
> the already
>> exposed functionality? If it is the latter could you point me in the right
>> direction?
> 
> OpenSSL code does not do what you want.? You'll have to write it
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> ------------------------------
> 
> End of openssl-users Digest, Vol 28, Issue 21
> *********************************************
> 
> 
>  
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://mta.openssl.org/pipermail/openssl-users/attachments/20170322/4a392c45/attachment.html>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> ------------------------------
> 
> End of openssl-users Digest, Vol 28, Issue 25
> *********************************************
> 
> 
> 
> 


More information about the openssl-users mailing list