EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can't load DSA public key in PEM format?

Posted: 06/06/2014 08:18:14
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
Is test_cert.cert supposed to be the private key?

My private key is in the form

When using the suggested command line
unable to load private key
12252:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_li
b.c:696:Expecting: ANY PRIVATE KEY
unable to write 'random state'
Posted: 06/10/2014 17:48:36
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
Any chance you could provide some further instructions how to get the OpenSSL created DSA keys to work with your library?
If you need some further details (like the PHP functions used to create the keys or a demo key-pair) I'd be happy to provide you with it.
Posted: 06/13/2014 14:53:08
by Ken Ivanov (Team)

Hi wpjackjack,

Sorry for the delayed reply.

You can actually load OpenSSL-generated public keys into a TElDSAKeyMaterial instance with little effort. Please use the following code for parsing public DSA keys:
  PEMBuf, BinBuf : ByteArray;
  BinSize : integer;
  Header : string;
  Root, ParsSec : TElASN1ConstrainedTag;
  Succ : boolean;
  P, Q, G, Y : ByteArray;
  KM : TElDSAKeyMaterial;
  Crypto : TElDSAPublicKeyCrypto;

  Succ := false;
  // Decoding PEM
  PEMBuf := StrToUTF8(KeyStr);
  BinSize := Length(PEMBuf);
  SetLength(BinBuf, BinSize);
  if SBPEM.Decode(@PEMBuf[0], Length(PEMBuf), @BinBuf[0], '', BinSize, Header) = 0 then
    // Loading the key into an ASN.1 structure
    Root := TElASN1ConstrainedTag.Create();
      if Root.LoadFromBuffer(@BinBuf[0], BinSize) then
        if (Root.Count = 1) and (Root.GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) and
          (TElASN1ConstrainedTag(Root.GetField(0)).Count = 2) and
          (TElASN1ConstrainedTag(Root.GetField(0)).GetField(0).CheckType(SB_ASN1_SEQUENCE, true)) and
          (TElASN1ConstrainedTag(Root.GetField(0)).GetField(1).CheckType(SB_ASN1_BITSTRING, false)) then
          ParsSec := TElASN1ConstrainedTag(TElASN1ConstrainedTag(Root.GetField(0)).GetField(0));
          if (ParsSec.Count = 2) and (ParsSec.GetField(0).CheckType(SB_ASN1_OBJECT, false)) and
            (ParsSec.GetField(1).CheckType(SB_ASN1_SEQUENCE, true)) and
            (CompareContent(TElASN1SimpleTag(ParsSec.GetField(0)).Content, SB_OID_DSA)) then
            ParsSec := TElASN1ConstrainedTag(ParsSec.GetField(1));
            if (ParsSec.Count = 3) and (ParsSec.GetField(0).CheckType(SB_ASN1_INTEGER, false)) and
              (ParsSec.GetField(1).CheckType(SB_ASN1_INTEGER, false)) and
              (ParsSec.GetField(2).CheckType(SB_ASN1_INTEGER, false)) then
              // Key format OK, extracting the values
              P := TElASN1SimpleTag(ParsSec.GetField(0)).Content;
              Q := TElASN1SimpleTag(ParsSec.GetField(1)).Content;
              G := TElASN1SimpleTag(ParsSec.GetField(2)).Content;
              Y := TElASN1SimpleTag(TElASN1ConstrainedTag(Root.GetField(0)).GetField(1)).Content;
              if Length(Y) > 0 then
                Y := CloneArray(Y, 1, Length(Y) - 1);
                Y := ASN1ReadSimpleValue(Y, TagID);
                Succ := true;


  if Succ then
    // creating a key material instance and loading the key values into it
    KM := TElDSAKeyMaterial.Create();
    KM.ImportPublicKey(@P[0], Length(P), @Q[0], Length(Q), @G[0], Length(G), @Y[0], Length(Y));

As for the OpenSSL-generated private DSA keys, you can pass them straight to the TElDSAKeyMaterial.LoadSecret() method.

Posted: 06/20/2014 00:38:38
by Eugene Mayevski (Team)

Possibility to load DSA keys has been added to SecureBlackbox 12.

Sincerely yours
Eugene Mayevski
Posted: 06/20/2014 17:03:02
by wpjackjack.wordpress.com (Basic support level)
Joined: 06/06/2014
Posts: 9
I've just realized you've posted two replies. Thank you!!
In the meantime I've decided to go with RSA for the moment, because the project had to progress. But it's not a final implementation and I'll get back to DSA in a couple of weeks. Then I'll either try the suggested code or update the library. SecureBlackbox 12 is in a preview state as I understand. Does this mean CryptoBlackbox will be updated as soon as SecureBlackbox 12 is released as final?



Topic viewed 3811 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!