Accessing bignums of a RSA key with OpenSSL 3.0?
Matt Caswell
matt at openssl.org
Fri Jul 30 13:47:41 UTC 2021
Note that the names are also documented here:
https://www.openssl.org/docs/manmaster/man7/EVP_KEYMGMT-RSA.html
On 30/07/2021 14:29, Olivier Mascia via openssl-users wrote:
> Thanks!
>
> BIGNUM* n;
> BIGNUM* e;
> BIGNUM* d;
> EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_N, &n);
> EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_E, &e);
> EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_D, &d);
>
> Now, the reverse exercise for me: to create another RSA key, solely through EVP_PKEY interfaces (knowing these n, e, d parameters), I think I should go this route:
>
> mKey = EVP_PKEY_new();
> EVP_PKEY_set_type(mKey, some int type ?);
>
> EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_N, n2);
> EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_E, e2);
> EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_D, d2);
>
> But how to get the proper int type to pass to EVP_PKEY_set_type()?
Don't do it like this. Instead you need to use EVP_PKEY_fromdata():
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html
Here's an example of doing it with DSA. The same principle applies to RSA:
https://github.com/openssl/openssl/blob/5540855bda5e58f4b33f2306feb6ff4e93c0af81/apps/testdsa.h#L239-L268
Matt
>
> Thanks all for support switching to OpenSSL 3.0.
> __
> Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
> Olivier Mascia
>
>> Le 30 juil. 2021 à 15:07, Dr Paul Dale <pauli at openssl.org> a écrit :
>>
>> Try: include/openssl/core_names.h
>> The names are "n", "e" and "d" in this case.
>>
>>
>> Pauli
>>
>>
>> On 30/7/21 10:57 pm, Olivier Mascia via openssl-users wrote:
>>> Dear all,
>>>
>>> Testing migration to OpenSSL 3.0.
>>> Got to update some code building a JWK (in relation to ACME LetsEncrypt protocols).
>>>
>>> Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1) to extract the bignums needed for inclusion into the JWK:
>>>
>>> // Access the numerical components of the certificate RSA keys.
>>> BIGNUM* n;
>>> BIGNUM* e;
>>> BIGNUM* d;
>>> RSA_get0_key(cert.RSAkey(), &n, &e, &d);
>>>
>>> ( my cert.RSAkey() returned RSA* from my embedded EVP_PKEY* through EVP_PKEY_get0_RSA() )
>>>
>>> I understand I should now start straight from the EVP_PKEY and use :
>>>
>>> EVP_PKEY_get_bn_param(cert.key(), "name-n?", &n);
>>> EVP_PKEY_get_bn_param(cert.key(), "name-e?", &e);
>>> EVP_PKEY_get_bn_param(cert.key(), "name-d?", &d);
>>>
>>> ( cert.key() returns EVP_KEY* )
>>>
>>> The question is: where can I find the proper names for these bignums out of a RSA key?
>>>
>>> __
>>> Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
>>> Olivier Mascia
>>>
>>>
>>
>
>
More information about the openssl-users
mailing list