All geek questions in one place

DSA Signature Using OpenSSL

I am trying to sign up using DSA from OpenSSL. I have files containing public and private keys.

First of all, I am doing a unicast connection, and everything is fine. After that, I need a multicast UDP connection, and I want to sign the packets. I am trying to use the PEM_read_DSA_PUBKEY() function to load my public key from my certificate, but it does not work. It always returns NULL instead of the DSA structure.

Here you have a simplified version of the code. I compile like this:

 gcc -Wall -g -lm prueba.c -o prueba -lcrypto

Any idea? Thanks!

 #include <stdio.h> #include <openssl/dsa.h> #include <openssl/pem.h> int main() { FILE *DSA_cert_file = fopen("./certs/cert.pem", "r"); if (DSA_cert_file == NULL) return 1; printf("Certificate read\n"); DSA *dsa = DSA_new(); if((dsa = PEM_read_DSA_PUBKEY(DSA_cert_file, 0, 0, 0)) == NULL) return 1; printf("DSA public key read\n"); return 0; }
+6
source share
2 answers

Do you use a password protected public key?

If so, you need to pass the callback function as the third argument to PEM_read_DSA_PUBKEY , so if the provided password matches, it will be able to correctly load your key.

Update:

Alternatively, as pointed out by Hasturkun , you can pass a null-terminated string as the fourth argument. Quoting official documentation :

If the cb parameters are set to NULL and the u parameter is not NULL, then the u parameter is interpreted as a null-terminated string to use as a passphrase. If both cb and u are NULL then the standard callback routines that usually request a passphrase on the current terminal are echoed off.

+1
source

Does your cert.pem certificate have an X.509 certificate? It looks like PEM_read_DSA_PUBKEY expecting a PEM encoded DSA public key without an X.509 container.

Try something like this:

 X509 *cert; EVP_PKEY *pk; DSA *dsa; cert = PEM_read_X509(DSA_cert_file,NULL,NULL,NULL); if (!cert) { /* error */ } pk = X509_get_pubkey(cert); if (!pk) { /* error */ } if (pk->type != 116) { /* not a dsa key */ } dsa = pk->pkey.dsa
+1
source

Source: https://habr.com/ru/post/887180/

More articles:


All Articles