PEM_read PrivateKey gives illegal seek - Openssl

This is a discussion on PEM_read PrivateKey gives illegal seek - Openssl ; Hi, I generated a x509 certificate. When I try to read the private key with PEM_read_PrivateKey I always get NULL as return value and when calling perror I get an Illegal seek. Here is my code: FILE *pemKeyFile; EVP_PKEY *privKey; ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: PEM_read PrivateKey gives illegal seek

  1. PEM_read PrivateKey gives illegal seek

    Hi,

    I generated a x509 certificate. When I try to read the private key with
    PEM_read_PrivateKey I always get NULL as return value and when calling
    perror I get an Illegal seek.

    Here is my code:

    FILE *pemKeyFile;
    EVP_PKEY *privKey;

    pemKeyFile = fopen ("/home/user/testkey.pem", "r");
    if (pemKeyFile == NULL) {
    perror ("open key file");
    return 7;
    }
    // reading private key in PEM format
    privKey = PEM_read_PrivateKey (pemKeyFile,
    NULL,
    NULL,
    NULL );
    if (privKey==NULL){
    perror("read");
    return 6;
    }
    if (EVP_PKEY_type(privKey->type)==EVP_PKEY_RSA){
    printf ("Key type is: %d this means RSA\n",privKey->type);
    }
    else {
    printf ("NO RSA \n");
    }

    Can anyone tell me why this does not work ?

    My openssl Version is a debian package named: 0.98c-4etch3.

    Thanks in ad.

    Ciao
    Matthias

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. RE: PEM_read PrivateKey gives illegal seek


    > Hi,
    >
    > I generated a x509 certificate. When I try to read the private key with
    > PEM_read_PrivateKey I always get NULL as return value and when calling
    > perror I get an Illegal seek.
    >
    > Here is my code:
    >
    > FILE *pemKeyFile;
    > EVP_PKEY *privKey;
    >
    > pemKeyFile = fopen ("/home/user/testkey.pem", "r");
    > if (pemKeyFile == NULL) {
    > perror ("open key file");
    > return 7;
    > }
    > // reading private key in PEM format
    > privKey = PEM_read_PrivateKey (pemKeyFile,
    > NULL,
    > NULL,
    > NULL );
    > if (privKey==NULL){
    > perror("read");
    > return 6;
    > }
    > if (EVP_PKEY_type(privKey->type)==EVP_PKEY_RSA){
    > printf ("Key type is: %d this means RSA\n",privKey->type);
    > }
    > else {
    > printf ("NO RSA \n");
    > }
    >
    > Can anyone tell me why this does not work ?


    Most likely the file you're reading doesn't contain a private key in a
    format that PEM_read_PriveKey likes. But the best way to tell is to use more
    sensible error output code. For example, call ERR_print_errors_fp(stderr).
    The 'perror' function will only work if the error was an error in a system
    call. Most likely, the error was detected in the SSL code that tried to
    process the data in the file.

    DS


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. X509_CRL_dup() problem ?

    Hello everyone,

    I try to add a certificate in a CRL. To do that, i use a X509* cert, a
    X509_CRL* crl with this algorithm :

    X509_REVOKED *r = NULL;
    r = X509_REVOKED_new();
    r->serialNumber = X509_get_serialNumber(cert);
    if(!crl->crl->revoked)
    ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
    if(!sk_X509_REVOKED_push(ci->revoked, r))
    return false;
    ASN1_UTCTIME_set(r->revocationDate,time(NULL));
    ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL));
    sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value

    After the previous code, i duplicate the X509_CRL :

    X509_CRL* xrl = X509_CRL_dup( crl );
    sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value
    as above
    sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value.

    After the duplication, the added certificate has disappear ! What do i
    miss to do ?

    Thank's in advance,
    have a nice day,
    pierre.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. RE: PEM_read PrivateKey gives illegal seek

    ....
    >>
    >> Can anyone tell me why this does not work ?

    >
    > Most likely the file you're reading doesn't contain a private key in a
    > format that PEM_read_PriveKey likes. But the best way to tell is to use
    > more
    > sensible error output code. For example, call ERR_print_errors_fp(stderr).
    > The 'perror' function will only work if the error was an error in a system
    > call. Most likely, the error was detected in the SSL code that tried to
    > process the data in the file.
    >

    Hi,

    I replaced perror with ERR_print_errors_fp(stderr) but this gives me:

    18171:error:0906B072:lib(9):func(107):reason(114)em_lib.c:481:

    Is it possible to make readable error message from this ?

    Ciao
    Matthias

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. X509_CRL_dup() problem ?

    Hello everyone,

    I try to add a certificate in a CRL. To do that, i use a X509* cert, a
    X509_CRL* crl with this algorithm :

    X509_REVOKED *r = NULL;
    r = X509_REVOKED_new();
    r->serialNumber = X509_get_serialNumber(cert);
    if(!crl->crl->revoked)
    ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
    if(!sk_X509_REVOKED_push(ci->revoked, r))
    return false;
    ASN1_UTCTIME_set(r->revocationDate,time(NULL));
    ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL));
    sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value

    After the previous code, i duplicate the X509_CRL :

    X509_CRL* xrl = X509_CRL_dup( crl );
    sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value
    as above
    sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value.

    After the duplication, the added certificate has disappear ! What do i
    miss to do ?

    Thank's in advance,
    have a nice day,
    pierre.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    Development Mailing List openssl-dev@openssl.org
    Automated List Manager majordomo@openssl.org


  6. Re: X509_CRL_dup() problem ?

    On Mon, Aug 11, 2008, delcour.pierre wrote:

    > Hello everyone,
    >
    > I try to add a certificate in a CRL. To do that, i use a X509* cert, a
    > X509_CRL* crl with this algorithm :
    >
    > X509_REVOKED *r = NULL;
    > r = X509_REVOKED_new();
    > r->serialNumber = X509_get_serialNumber(cert);
    > if(!crl->crl->revoked)
    > ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
    > if(!sk_X509_REVOKED_push(ci->revoked, r))
    > return false;
    > ASN1_UTCTIME_set(r->revocationDate,time(NULL));
    > ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL));
    > sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value
    >
    > After the previous code, i duplicate the X509_CRL :
    >
    > X509_CRL* xrl = X509_CRL_dup( crl );
    > sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value as
    > above
    > sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value.
    >
    > After the duplication, the added certificate has disappear ! What do i miss
    > to do ?
    >


    Well that CRL will be useless because its signatrue is wrong. If you call
    X509_CRL_sign() to modify the signature it should work.

    The reason you get that issue is that an X509_CRL contains a cache of the
    encoding of the signed portion to speed up signature calculation. If you
    really want to have a CRL with an invalid signature you can manually mark the
    cached version as invalid with:

    x->crl->enc.modified = 1;

    Steve.
    --
    Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
    OpenSSL project core developer and freelance consultant.
    Homepage: http://www.drh-consultancy.demon.co.uk
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  7. Re: X509_CRL_dup() problem ?

    Dr. Stephen Henson wrote:
    > On Mon, Aug 11, 2008, delcour.pierre wrote:
    >
    >
    >> Hello everyone,
    >>
    >> I try to add a certificate in a CRL. To do that, i use a X509* cert, a
    >> X509_CRL* crl with this algorithm :
    >>
    >> X509_REVOKED *r = NULL;
    >> r = X509_REVOKED_new();
    >> r->serialNumber = X509_get_serialNumber(cert);
    >> if(!crl->crl->revoked)
    >> ci->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
    >> if(!sk_X509_REVOKED_push(ci->revoked, r))
    >> return false;
    >> ASN1_UTCTIME_set(r->revocationDate,time(NULL));
    >> ASN1_UTCTIME_set(crl->crl->lastUpdate,time(NULL));
    >> sk_X509_REVOKED_num( crl->crl->revoked ); // here i see a X value
    >>
    >> After the previous code, i duplicate the X509_CRL :
    >>
    >> X509_CRL* xrl = X509_CRL_dup( crl );
    >> sk_X509_REVOKED_num( crl->crl->revoked ); // here i see the same X value as
    >> above
    >> sk_X509_REVOKED_num( xrl->crl->revoked ); // here i see a X-1 value.
    >>
    >> After the duplication, the added certificate has disappear ! What do i miss
    >> to do ?
    >>
    >>

    >
    > Well that CRL will be useless because its signatrue is wrong. If you call
    > X509_CRL_sign() to modify the signature it should work.
    >
    > The reason you get that issue is that an X509_CRL contains a cache of the
    > encoding of the signed portion to speed up signature calculation. If you
    > really want to have a CRL with an invalid signature you can manually mark the
    > cached version as invalid with:
    >
    > x->crl->enc.modified = 1;

    Hi,

    Thank you very much, with the invalid cached version it's working :

    Have a nice day,
    pierre.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  8. Engine not getting registered

    Hi,

    I just wrote a sample engine to understand the functionality
    which is part of built-in engines. To activate the engine I used the
    following sample code given at www.openssl.org/docs/crypto/engine.html

    ENGINE *e;
    const char *engine_id = "ACME";
    ENGINE_load_builtin_engines();
    e = ENGINE_by_id(engine_id);
    if(!e)
    {
    /* the engine isn't available */
    printf("Engine not found.\n");
    return;
    }
    if(!ENGINE_init(e)) {
    /* the engine couldn't initialise, release 'e' */
    ENGINE_free(e);
    return;
    }
    if(!ENGINE_set_default_RSA(e))
    /* This should only happen when 'e' can't initialise, but the
    previous
    * statement suggests it did. */
    abort();
    ENGINE_set_default_DSA(e);
    ENGINE_set_default_ciphers(e);
    /* Release the functional reference from ENGINE_init() */
    ENGINE_finish(e);
    /* Release the structural reference from ENGINE_by_id() */
    ENGINE_free(e);


    However, when I try the above code, I hit the line "Engine not
    found."

    Any ideas/areas specifically I should look for?

    Thanks,
    -Sitanshu
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    Development Mailing List openssl-dev@openssl.org
    Automated List Manager majordomo@openssl.org


  9. Re: PEM_read PrivateKey gives illegal seek

    Hi Sitanshu,

    So were you able to read the private key from the PEM file?

    I am exactly having some problems. Can anybody tell me how to read a the private key?

    I had generated it using openssl genrsa command and saved in .pem file. Now when I do a PEM_read_RSAPrivatekey, there is an error. However from the same file, I am able to read out the public key using PEM_read_RSA_PUBKEY.

    Please help

+ Reply to Thread