EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signing with OpenSSL on Linux, verifying on Windows

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#1609
Posted: 10/30/2006 04:14:00
by Colin Messitt (Standard support level)
Joined: 10/18/2006
Posts: 4

Hi,

I want to be able to generate an RSA key pair on a Windows system, transport the private key to a Linux box where it will be used by OpenSSL to sign a hash of some data, and then have a Windows box validate that signature using the corresponding public key.

Can I use PKIBlackBox (I already have a license) to achieve that? The private key that OpenSSL needs should look like...

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCC1wZzylPj9w64a6aiC8Q4J2YBK5ZnOdojW8lOztH
.. etc
.. etc
-----END RSA PRIVATE KEY-----

If it's possible could you give me a quick clue about the approach to take, to get me started?

Thanks,

Colin.
#1610
Posted: 10/30/2006 04:23:40
by Ken Ivanov (EldoS Corp.)

Yes, PKIBlackbox supports export of RSA private keys to PKCS#1-formatted BLOB. Please use either TElX509Certificate.SaveKeyToBufferPEM() method (for X.509 certificates) or TElRSAKeyMaterial.ExportSecret() (for generic RSA keys).
#1614
Posted: 10/30/2006 09:36:46
by Colin Messitt (Standard support level)
Joined: 10/18/2006
Posts: 4

I can't see an ExportSecret method of TElRSAKeyMaterial (using V5.0.99)?

Colin.
#1615
Posted: 10/30/2006 09:43:04
by Ken Ivanov (EldoS Corp.)

Sorry, the correct name of the method is 'SaveSecret()'.
#1616
Posted: 10/30/2006 10:26:02
by Colin Messitt (Standard support level)
Joined: 10/18/2006
Posts: 4

Thanks. Now using SaveSecret() I get the private key as a binary stream, but not with the -----BEGIN RSA PRIVATE KEY----- and ----END RSA PRIVATE KEY----- that OpenSSL needs.

It looks to me like OpenSSL needs the key as base64 encoded or something similar, between those two markers. I tried setting PEMEncode to true but that didn't do it.

Do I have to manually post-process that stream somehow to get it into the format OpenSSL on Linux needs? And should I be setting PEMEncode to true? Could you give me a clue how? Do I Base64 encode it and add the header and footer, or is it more complex than that?

Thanks for your help.

Colin.
#1617
Posted: 10/30/2006 10:40:47
by Ken Ivanov (EldoS Corp.)

Hmm, PEMEncode should do the trick. Do you get binary data if PEMEncode is set to true?
#1618
Posted: 10/30/2006 10:55:38
by Colin Messitt (Standard support level)
Joined: 10/18/2006
Posts: 4

Ah, you have to set PEMEncode to True after calling Generate. Generate seems to set it back to False if you set it to True before calling Generate.

I've got it in the correct format now.

Thanks,

Colin.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3230 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!