Thanks, David.

I am stuck exact at how to convert BER to DER.
If I can convert BER to DER, then my problem is
solved.

Dr. Steve said there is no such conversion routine in
OpenSSL...

--- David Schwartz wrote:

>
> > Thanks for your point. However, I think you
> > misinterpreted my problem.

>
> Actually, you have misinterpret your own problem.
>
>
> > I know BER is a superset of DER, so we can use DER

> in
> > places where BER is expected.

>
> Exactly.
>
> > However, my case is reversed. I am trying to use

> BER
> > to a place where DER is expected.

>
> This is fine, so long as you simply convert the BER
> to DER before using it.
> You can do this as easily as reading the thing in to
> any function that
> expects DER or BER and writing it back out as DER.
>
> > Specifically,
> >
> > The following section of code within
> > X509_PUBKEY_set() extracts public key in DER

> format by
> > calling i2d_PublicKey(pkey,&p), then pass the

> buffer s
> > to
> > M_ASN1_BIT_STRING_set(pk->public_key,s,i)
> >
> > --------------------------------------------------
> > if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
> > if ((s=(unsigned char *)OPENSSL_malloc(i+1)) ==

> NULL)
> > {
> >

>

X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILUR E);
> > goto err;
> > }
> > p=s;
> > i2d_PublicKey(pkey,&p);
> > if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))

> goto
> > err;
> >

>

-------------------------------------------------------
> >
> > Now, I replaced the above code segment with
> >
> > if (custom_exportRSAPublicKey(publickeyhandle, &s,

> &i)
> > == -1) goto err;
> >
> > if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))

> goto
> > err;
> >
> > Where custom_exportRSAPublicKey exports the

> public
> > key designated by publickeyhandle to HSM
> > into BER blob, then I pass the BER blob to
> > M_ASN1_BIT_STRING_set(pk->public_key,s,i).
> >
> > It appears that BER is not interpreted correctly
> > where DER is expected.
> > Because the Modulus and Exponent are switched:

>
> This is not a DER/BER issue. Where you put the
> modules and exponent has
> nothing to do with whether you're using DER or BER.
> DER and BER are binary
> standards. They say, for example, how to encode a
> large integer, but not
> which large integer to put where.
>
> > Does using the latest openssl solve this problem?
> > Or do you know how to work around this problem?

>
> The problem has nothing to do with DER or BER but
> with what format you use
> to encode the private key itself. This is a format
> that layers on top of DER
> or BER. If you are using your own format, you will
> need to write your own
> code to parse it.
>
> DS
>
>
>

__________________________________________________ ____________________
> OpenSSL Project
> http://www.openssl.org
> Development Mailing List
> openssl-dev@openssl.org
> Automated List Manager
> majordomo@openssl.org
>



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org