EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can't load DSA public key in PEM format?

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#29712
Posted: 06/06/2014 08:18:14
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
Is test_cert.cert supposed to be the private key?

My private key is in the form
-----BEGIN DSA PRIVATE KEY-----
...
-----END DSA PRIVATE KEY-----

When using the suggested command line
unable to load private key
12252:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_li
b.c:696:Expecting: ANY PRIVATE KEY
unable to write 'random state'
#29750
Posted: 06/10/2014 17:48:36
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
Any chance you could provide some further instructions how to get the OpenSSL created DSA keys to work with your library?
If you need some further details (like the PHP functions used to create the keys or a demo key-pair) I'd be happy to provide you with it.
#29793
Posted: 06/13/2014 14:53:08
by Ken Ivanov (EldoS Corp.)

Hi wpjackjack,

Sorry for the delayed reply.

You can actually load OpenSSL-generated public keys into a TElDSAKeyMaterial instance with little effort. Please use the following code for parsing public DSA keys:
Code
var
  PEMBuf, BinBuf : ByteArray;
  BinSize : integer;
  Header : string;
  Root, ParsSec : TElASN1ConstrainedTag;
  Succ : boolean;
  P, Q, G, Y : ByteArray;
  KM : TElDSAKeyMaterial;
  Crypto : TElDSAPublicKeyCrypto;

...
  Succ := false;
  // Decoding PEM
  PEMBuf := StrToUTF8(KeyStr);
  BinSize := Length(PEMBuf);
  SetLength(BinBuf, BinSize);
  if SBPEM.Decode(@PEMBuf[0], Length(PEMBuf), @BinBuf[0], '', BinSize, Header) = 0 then
  begin
    // Loading the key into an ASN.1 structure
    Root := TElASN1ConstrainedTag.Create();
    try
      if Root.LoadFromBuffer(@BinBuf[0], BinSize) then
      begin
        if (Root.Count = 1) and (Root.GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) and
          (TElASN1ConstrainedTag(Root.GetField(0)).Count = 2) and
          (TElASN1ConstrainedTag(Root.GetField(0)).GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) and
          (TElASN1ConstrainedTag(Root.GetField(0)).GetField(1).CheckType(SB_ASN1_BITSTRING, false)) then
        begin
          ParsSec := TElASN1ConstrainedTag(TElASN1ConstrainedTag(Root.GetField(0)).GetField(0));
          if (ParsSec.Count = 2) and (ParsSec.GetField(0).CheckType(SB_ASN1_OBJECT, false)) and
            (ParsSec.GetField(1).CheckType(SB_ASN1_SEQUENCE, true)) and
            (CompareContent(TElASN1SimpleTag(ParsSec.GetField(0)).Content, SB_OID_DSA)) then
          begin
            ParsSec := TElASN1ConstrainedTag(ParsSec.GetField(1));
            if (ParsSec.Count = 3) and (ParsSec.GetField(0).CheckType(SB_ASN1_INTEGER, false)) and
              (ParsSec.GetField(1).CheckType(SB_ASN1_INTEGER, false)) and
              (ParsSec.GetField(2).CheckType(SB_ASN1_INTEGER, false)) then
            begin
              // Key format OK, extracting the values
              P := TElASN1SimpleTag(ParsSec.GetField(0)).Content;
              Q := TElASN1SimpleTag(ParsSec.GetField(1)).Content;
              G := TElASN1SimpleTag(ParsSec.GetField(2)).Content;
              Y := TElASN1SimpleTag(TElASN1ConstrainedTag(Root.GetField(0)).GetField(1)).Content;
              if Length(Y) > 0 then
              begin
                Y := CloneArray(Y, 1, Length(Y) - 1);
                Y := ASN1ReadSimpleValue(Y, TagID);
                Succ := true;
              end;
            end;
          end;
        end;
      end;
    finally
      FreeAndNil(Root);
    end;
  end;

  ...

  if Succ then
  begin
    // creating a key material instance and loading the key values into it
    KM := TElDSAKeyMaterial.Create();
    KM.ImportPublicKey(@P[0], Length(P), @Q[0], Length(Q), @G[0], Length(G), @Y[0], Length(Y));
    ...
  end;


As for the OpenSSL-generated private DSA keys, you can pass them straight to the TElDSAKeyMaterial.LoadSecret() method.

Ken
#29857
Posted: 06/20/2014 00:38:38
by Eugene Mayevski (EldoS Corp.)

Possibility to load DSA keys has been added to SecureBlackbox 12.


Sincerely yours
Eugene Mayevski
#29862
Posted: 06/20/2014 17:03:02
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
I've just realized you've posted two replies. Thank you!!
In the meantime I've decided to go with RSA for the moment, because the project had to progress. But it's not a final implementation and I'll get back to DSA in a couple of weeks. Then I'll either try the suggested code or update the library. SecureBlackbox 12 is in a preview state as I understand. Does this mean CryptoBlackbox will be updated as soon as SecureBlackbox 12 is released as final?
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3346 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!