OpenSSL public keys for verifying in BouncyCastle - Openssl

This is a discussion on OpenSSL public keys for verifying in BouncyCastle - Openssl ; I'm trying to sign messages with openssl in PHP and then verify in C# with the bouncy castle crypto library. I'm having a real hard time, as the openssl documentation on php.net seems pretty slim. Right now I'm trying to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: OpenSSL public keys for verifying in BouncyCastle

  1. OpenSSL public keys for verifying in BouncyCastle

    I'm trying to sign messages with openssl in PHP and then verify in C#
    with the bouncy castle crypto library.

    I'm having a real hard time, as the openssl documentation on php.net
    seems pretty slim. Right now I'm trying to get a public key so that I
    can use the public key in testing verification in my C# app.

    I honestly could care less about generating certificates, as I really
    just want a RSA public/private key pair for doing signing and
    verifying. It seems like the openssl php functions are extremely
    coupled with certificates though. So I used the below to generate a
    certificate for testing.

    Now I'm trying to figure out how to export a public key(or whatever it
    is that I would deploy to my clients so that clients can verify signed
    messages). I want to take that public key, the signature, the
    message, and copy those into my C# application so I can then figure
    out how to properly verify the signed msg with the public key using
    the BouncyCastle lib.

    This is my code so far. The missing piece is how to get the public
    key. I'm not sure what $res_pubkey is, but all it echos is a resource
    id.

    Of course when I put this into production, I won't be generating new
    keys everytime or storing them in code. I'll take that code out and
    just save one set of public/private keys and always use the same
    keypair. I'm just trying to figure out how to get the keys in a
    format where BouncyCastle and OpenSSL can play nice together.


    echo 'good_entropy='.$good_entropy."
    ";
    echo 'srand($good_entropy)='.srand($good_entropy)."
    ";
    //echo '='.."
    ";

    $res_privkey = openssl_pkey_new();
    echo 'privKeyResource='.$res_privkey."
    ";

    //echo
    'openssl_pkey_get_private()='.openssl_pkey_get_pri vate()."
    ";

    $dn = array(); // use defaults
    echo '$dn='.$dn."
    ";

    $res_csr = openssl_csr_new($dn, $res_privkey);
    echo '$res_csr='.$res_csr."
    ";

    $res_cert = openssl_csr_sign($res_csr, null, $res_privkey, $ndays);
    echo '$res_cert='.$res_cert."
    ";

    openssl_x509_export($res_cert, $str_cert);
    echo '$str_cert='.$str_cert."
    ";

    $res_pubkey = openssl_pkey_get_public($str_cert);
    echo '$res_pubkey='.$res_pubkey."
    ";

    $res_pkeyid = openssl_pkey_get_private($res_privkey);
    echo '$pkeyid='.$res_pkeyid."
    ";

    openssl_pkey_export($res_pkeyid, $str_privKey);
    echo '$str_privKey='.$str_privKey."
    ";

    //this line fails because it seems only capable of exporting private
    keys
    openssl_pkey_export($res_pubkey, $str_pubKey);
    echo '$str_pubKey='.$str_pubKey."
    ";

    //would be the result of hashing some document or message to be
    signed
    $hashOfSomeData = md5("Hi There");
    echo '$hashOfSomeData='.$hashOfSomeData."
    ";

    //signing the hash
    openssl_sign($hashOfSomeData, $signature, $res_pkeyid);
    echo '$signature='.$signature."
    ";

    //verifying the hash, to be performed by client
    $verifyResult = openssl_verify($hashOfSomeData,$signature,
    $res_pubkey);
    echo '$verifyResult='.$verifyResult."
    ";

    //this line fails because the function only exists in PHP 5
    $keyData = openssl_pkey_get_details($res_pubkey);


  2. Re: OpenSSL public keys for verifying in BouncyCastle

    On Sep 17, 5:15 pm, Snozz wrote:
    > I'm trying to sign messages with openssl in PHP and then verify in C#
    > with the bouncy castle crypto library.
    >
    > I'm having a real hard time, as the openssl documentation on php.net
    > seems pretty slim. Right now I'm trying to get a public key so that I
    > can use the public key in testing verification in my C# app.
    >
    > I honestly could care less about generating certificates, as I really
    > just want a RSA public/private key pair for doing signing and
    > verifying. It seems like the openssl php functions are extremely
    > coupled with certificates though. So I used the below to generate a
    > certificate for testing.
    >
    > Now I'm trying to figure out how to export a public key(or whatever it
    > is that I would deploy to my clients so that clients can verify signed
    > messages). I want to take that public key, the signature, the
    > message, and copy those into my C# application so I can then figure
    > out how to properly verify the signed msg with the public key using
    > the BouncyCastle lib.
    >
    > This is my code so far. The missing piece is how to get the public
    > key. I'm not sure what $res_pubkey is, but all it echos is a resource
    > id.
    >
    > Of course when I put this into production, I won't be generating new
    > keys everytime or storing them in code. I'll take that code out and
    > just save one set of public/private keys and always use the same
    > keypair. I'm just trying to figure out how to get the keys in a
    > format where BouncyCastle and OpenSSL can play nice together.
    >
    > >
    > echo 'good_entropy='.$good_entropy."
    ";
    > echo 'srand($good_entropy)='.srand($good_entropy)."
    ";
    > //echo '='.."
    ";
    >
    > $res_privkey = openssl_pkey_new();
    > echo 'privKeyResource='.$res_privkey."
    ";
    >
    > //echo
    > 'openssl_pkey_get_private()='.openssl_pkey_get_pri vate()."
    ";
    >
    > $dn = array(); // use defaults
    > echo '$dn='.$dn."
    ";
    >
    > $res_csr = openssl_csr_new($dn, $res_privkey);
    > echo '$res_csr='.$res_csr."
    ";
    >
    > $res_cert = openssl_csr_sign($res_csr, null, $res_privkey, $ndays);
    > echo '$res_cert='.$res_cert."
    ";
    >
    > openssl_x509_export($res_cert, $str_cert);
    > echo '$str_cert='.$str_cert."
    ";
    >
    > $res_pubkey = openssl_pkey_get_public($str_cert);
    > echo '$res_pubkey='.$res_pubkey."
    ";
    >
    > $res_pkeyid = openssl_pkey_get_private($res_privkey);
    > echo '$pkeyid='.$res_pkeyid."
    ";
    >
    > openssl_pkey_export($res_pkeyid, $str_privKey);
    > echo '$str_privKey='.$str_privKey."
    ";
    >
    > //this line fails because it seems only capable of exporting private
    > keys
    > openssl_pkey_export($res_pubkey, $str_pubKey);
    > echo '$str_pubKey='.$str_pubKey."
    ";
    >
    > //would be the result of hashing some document or message to be
    > signed
    > $hashOfSomeData = md5("Hi There");
    > echo '$hashOfSomeData='.$hashOfSomeData."
    ";
    >
    > //signing the hash
    > openssl_sign($hashOfSomeData, $signature, $res_pkeyid);
    > echo '$signature='.$signature."
    ";
    >
    > //verifying the hash, to be performed by client
    > $verifyResult = openssl_verify($hashOfSomeData,$signature,
    > $res_pubkey);
    > echo '$verifyResult='.$verifyResult."
    ";
    >
    > //this line fails because the function only exists in PHP 5
    > $keyData = openssl_pkey_get_details($res_pubkey);


    I got this figured out. I saved the $str_pubKey to a PEM file for my
    public certificate, and save both $str_pubKey and $str_privKey to a
    file for my private key.

    BouncyCastle in C# has a PEMReader class for reading private and
    public keys from PEM files.
    If anyone wants me to post the C# code that is compatible with
    signing and verifying openssl, let me know. I.E. creating signatures
    with OpenSSL that can be verified in C# and vice versa.

    websnozz CircledA yahoo d0t com


  3. Re: OpenSSL public keys for verifying in BouncyCastle

    Hi,

    is it possible that you post your C# Code, because i would need in a project.

    Thanks

+ Reply to Thread