EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can't load DSA public key in PEM format?

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#28284
Posted: 02/06/2014 13:17:11
by Peter Palotas (Basic support level)
Joined: 11/01/2012
Posts: 49

I have generated a 1024 bit DSA key using openssl as follows:

openssl dsaparam -out dsaparam.pem 1024
openssl gendsa -des3 -out privkey.pem dsaparam.pem


Loading this privkey.pem into TElDSAKeyMaterial using the Load-method works just fine, and both PublicKey and SecretKey returns true as expected.

I then proceed to extract the public key part using openssl again:

openssl dsa -in privkey.pem -pubout > pubkey.pem

However, this key I cannot load into TElDSAKeyMaterial. I've tried both with the Load and LoadPublic methods, but in both cases I get an exception saying "Invalid public key".

Am I doing something wrong here?

Using SecureBlackbox.NET 11.0.243.0.
#28287
Posted: 02/06/2014 16:10:21
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Indeed TElDSAKeyMaterial doesn't support loading of public keys in the format that OpenSSL generates. You can add this feature to our wish-list: https://www.eldos.com/sbb/wishlist.php#product
#28288
Posted: 02/06/2014 16:33:02
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Actually, OpenSSL key should be PEM-encoded PKCS#8 wrapped binary key data, and after PEM-decoding it (via SBPEM unit/namespace) you should be able to load it.
#28299
Posted: 02/07/2014 03:38:24
by Peter Palotas (Basic support level)
Joined: 11/01/2012
Posts: 49

I find it a bit odd that it can load the DSA keypair generated by OpenSSL, but not a public key? Anyway, I will add that to the wishlist.

Using SBPEM.Unit.Decode on the public DSA .pem-file, I get a byte array of size 443, but then calling TElDSAKeyMaterial.LoadPublic with this resulting array doesn't seem to work either, I still get an exception "Invalid public key".

What formats do the Load method really support?
#28308
Posted: 02/07/2014 04:44:04
by Vsevolod Ievgiienko (EldoS Corp.)

Load method supports PKCS#8 format for private keys and DSAPublicKey format described in RFC 3279 for public keys. OpenSSL generates public key file in another format.
#28312
Posted: 02/07/2014 05:19:55
by Peter Palotas (Basic support level)
Joined: 11/01/2012
Posts: 49

Okay, thanks for the clarification.
#29708
Posted: 06/06/2014 07:03:57
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
I probably have the same problem. Currently I'm evaluating CryptoBlackbox for verifying signatures in Delphi created with OpenSSL in PHP.
I tried your "VerifyDetached" sample and it worked out of the box with RSA keys and signatures I created with openssl_sign. Great!

However, if I try to verify a DSA signature in the sample application I get several error messages basically saying it's invalid.
The key and signature are created with OPENSSL_KEYTYPE_DSA and "dss1".
I've attached a file to reproduce it. (I combined the message, the public key and the signature in one file, because I'm not allowed to upload an archive with several files here.)

Is there any workaround for this issue? Or is it currently simply impossible to use your product for PHP-OpenSSL DSA verification? Any outlook possible?


[ Download ]
#29709
Posted: 06/06/2014 07:24:04
by Vsevolod Ievgiienko (EldoS Corp.)

This public key format is not supported at the moment. Please convert the key to another supported format to use it.
#29710
Posted: 06/06/2014 07:30:48
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
As a novice cryptographic user I don't see a difference between a right and wrong public key format. Any hint on how to get the OpenSSL format into the desired format?
#29711
Posted: 06/06/2014 07:40:38
by Vsevolod Ievgiienko (EldoS Corp.)

OpenSSL command for conversion to supported PFX format will look like this:

openssl pkcs12 -inkey test_key.pem -in test_cert.cert -export -out new_pfx.pfx
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3349 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!