[openssl-users] Generating unsigned RSA Public Key with openssl

Jan Bilek ian.bilek at gmail.com
Sun Mar 25 00:32:22 UTC 2018


Hi,

Following code is simplified to demonstrate plain RSA public key with the
OpenSSL library:

    RSA_ptr rsa(RSA_new(), ::RSA_free);
    BN_ptr bn(BN_new(), ::BN_free);
    BN_set_word(bn.get(), RSA_F4);  //65535
    RSA_generate_key_ex(rsa.get(), 320, bn.get(), NULL);
    BIO * keybio = BIO_new(BIO_s_mem());
    i2d_RSAPublicKey_bio(keybio, rsa.get());
    char buffer2 [2048];
    size_t pubKeyBufferSize = BIO_read (keybio, buffer2, 320);
    std::cout << Convert::BinToHexString(buffer2, pubKeyBufferSize);
//using here our internal routine to print binary data

Output from this will come up with binary data in DER ANS.1 format like
this:

    30 ;SEQUENCE
      30 02 29 ;SEQUENCE + size
        00 ;leading zero of INTEGER
        CCEE6526AE9D4380B670A23F55B840F8C5D8CC784E06E123C126753525FD
FE1949...
      02 03 ;SEQUENCE + size
        010001

Now, the "leading zero of INTEGER" part is present to indicate that
following value is positive value integer. However I need to get rid of it
due to some legacy reasons.

I was going through openssl source and found that through the DER
construction its presence is decided based on ASN1_VALUE->type &
V_ASN1_NEG, but I am unable to track down where to set generated PublicKey
as V_ASN1_NEG (or influence it to be generated as negative).

Other way to handle this is to write my own TLV-DER parser and re-pack
these few bytes to comply with what I need, but I would rather enforce API
to do that for me, if it makes sense.

Would you have any advice on this?

Thank you,
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180325/de53da4b/attachment.html>


More information about the openssl-users mailing list