int write_key_pem_public(FILE *fp, struct ccn_pkey *private_key_ccn) { RSA *private_key_rsa; unsigned long err; private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY*) private_key_ccn); if (!private_key_rsa) { err = ERR_get_error(); PyErr_Format(g_PyExc_CCNKeyError, "Unable to obtain EVP PKEY: %s", ERR_reason_error_string(err)); return -1; } if (!PEM_write_RSAPublicKey(fp, private_key_rsa)) { err = ERR_get_error(); RSA_free(private_key_rsa); PyErr_Format(g_PyExc_CCNKeyError, "Unable to write Public Key: %s", ERR_reason_error_string(err)); return -1; } RSA_free(private_key_rsa); return 0; }
void SavePublicKey(const char *user, const char *digest, const RSA *key) { char keyname[CF_MAXVARSIZE], filename[CF_BUFSIZE]; struct stat statbuf; FILE *fp; int err; snprintf(keyname, CF_MAXVARSIZE, "%s-%s", user, digest); snprintf(filename, CF_BUFSIZE, "%s/ppkeys/%s.pub", CFWORKDIR, keyname); MapName(filename); if (stat(filename, &statbuf) != -1) { return; } Log(LOG_LEVEL_VERBOSE, "Saving public key to file '%s'", filename); if ((fp = fopen(filename, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Unable to write a public key '%s'. (fopen: %s)", filename, GetErrorStr()); return; } if (!PEM_write_RSAPublicKey(fp, key)) { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Error saving public key to '%s'. (PEM_write_RSAPublicKey: %s)", filename, ERR_reason_error_string(err)); } fclose(fp); }
static void writeKeys(char *hostname) { /* Create a private and public key and save it to disk */ struct stat dir_stat; stat("data", &dir_stat); if (!(S_ISDIR(dir_stat.st_mode))) { mkdir("data",S_IXUSR|S_IRUSR|S_IWUSR); } RSA *priv_key; priv_key = RSA_new(); priv_key = RSA_generate_key(512,656537,NULL,NULL); RSA_check_key(priv_key); FILE *fp; char filename[256]; sprintf(filename,"data/%s%s",hostname,"-pr-key.txt"); fp = fopen(filename,"w"); PEM_write_RSAPrivateKey(fp, priv_key, NULL, NULL, 0 ,0, NULL); fclose(fp); char filename2[256]; sprintf(filename2,"data/%s%s",hostname,"-pub-key.txt"); FILE *fp3; fp3 = fopen(filename2,"w"); PEM_write_RSAPublicKey(fp3, priv_key); fclose(fp3); }
int main(int argc,char *argv[]) { RSA *r = NULL; FILE *priv_output_file; FILE *pub_output_file; int key_len; char *priv_file_name; char *pub_file_name; char priv_suffix[] = ".priv"; char pub_suffix[] = ".pub"; int len; if (argc != 4) { printf("Usage %s <key_file> <keylen> <password protect flag>\n",argv[0]); exit(0); } priv_file_name = malloc(40); pub_file_name = malloc(40); len = strlen(argv[1]); memcpy(priv_file_name, argv[1], len); memcpy(pub_file_name, argv[1], len); memcpy(priv_file_name+len, priv_suffix, 10); memcpy(pub_file_name+len, pub_suffix, 9); printf("%s %s\n",priv_file_name,pub_file_name); key_len = atoi(argv[2]); r = RSA_generate_key(key_len, RSA_EXPONENT, RSA_CALLBACK, RSA_CB_ARGS); if ((priv_output_file = fopen(priv_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if ((pub_output_file = fopen(pub_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if (strcmp(argv[3],"0")==0) { if (PEM_write_RSAPrivateKey(priv_output_file,r,EVP_des_ede3_cbc(),NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } else { if (PEM_write_RSAPrivateKey(priv_output_file,r,NULL,NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } if (PEM_write_RSAPublicKey(pub_output_file,r) != 1) { printf("Error writing the public key\n"); } fclose(priv_output_file); fclose(pub_output_file); exit(0); }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { RSA *rsa_key; FILE *f; char *name = get_name(); char *pubname, *privname; fprintf(stderr, "Generating %d bits keys:\n", bits); rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); if(!rsa_key) { fprintf(stderr, "Error during key generation!\n"); return false; } else fprintf(stderr, "Done.\n"); xasprintf(&privname, "%s/rsa_key.priv", confbase); f = ask_and_open(privname, "private RSA key"); free(privname); if(!f) return false; #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); if(name) xasprintf(&pubname, "%s/hosts/%s", confbase, name); else xasprintf(&pubname, "%s/rsa_key.pub", confbase); f = ask_and_open(pubname, "public RSA key"); free(pubname); if(!f) return false; fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(name); return true; }
void SavePublicKey(const char *user, const char *digest, const RSA *key) { char keyname[CF_MAXVARSIZE], filename[CF_BUFSIZE]; struct stat statbuf; FILE *fp; int ret; ret = snprintf(keyname, sizeof(keyname), "%s-%s", user, digest); if (ret >= sizeof(keyname)) { Log(LOG_LEVEL_ERR, "USERNAME-KEY (%s-%s) string too long!", user, digest); return; } ret = snprintf(filename, sizeof(filename), "%s/ppkeys/%s.pub", CFWORKDIR, keyname); if (ret >= sizeof(filename)) { Log(LOG_LEVEL_ERR, "Filename too long!"); return; } MapName(filename); if (stat(filename, &statbuf) != -1) { return; } Log(LOG_LEVEL_VERBOSE, "Saving public key to file '%s'", filename); if ((fp = fopen(filename, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Unable to write a public key '%s'. (fopen: %s)", filename, GetErrorStr()); return; } if (!PEM_write_RSAPublicKey(fp, key)) { Log(LOG_LEVEL_ERR, "Error saving public key to '%s'. (PEM_write_RSAPublicKey: %s)", filename, CryptoLastErrorString()); } fclose(fp); }
int COsslKey::SavePublicKey( const sqbind::stdString &sPublic ) {_STT(); if ( !m_pkey || !sPublic.length() ) return 0; oex::CStr8 name = oexStrToMb( oex::CStr( sPublic.c_str(), sPublic.length() ) ); FILE *fp = fopen( ( oex::CStr8() << name ).Ptr(), "w" ); if ( !fp ) oexERROR( oexGetLastError(), oexMks( oexT( "fopen( '" ), oexMbToStr( name ), oexT( "' ) failed" ) ) ); else { PEM_write_RSAPublicKey( fp, m_pkey->pkey.rsa ); fclose( fp ); } // end else return 1; }
int main(int argc, char **argv) { RSA *keypair = RSA_new(); BIGNUM *n = BN_new(); BIGNUM *e = BN_new(); if(argc != 3) { printf("Usage : %s <n> <e>\n", argv[0]); return 1; } BN_dec2bn(&n, argv[1]); BN_dec2bn(&e, argv[2]); RSA_set0_key(keypair, n, e, NULL); PEM_write_RSAPublicKey(stdout, keypair); RSA_free(keypair); return 0; }
int main(int argc, char *argv[]) { RSA *key; FILE *fp; int keylen = 0; if (argc != 2) { fprintf(stderr, "Error: too many/few arguments.\nUsage: %s <numbits>\n", argv[0]); return 1; } keylen = atoi(argv[1]); if ((key = RSA_generate_key(keylen, 3, NULL, NULL)) == NULL) { fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL)); return 1; } if (RSA_check_key(key) < 1) { fprintf(stderr, "Error: Problems while generating RSA Key.\nRetry.\n"); return 1; } fp = fopen(SECFILE,"w"); if (PEM_write_RSAPrivateKey(fp, key, NULL, NULL, 0, 0, NULL) == 0) { fprintf(stderr, "Error: problems while writing RSA Private Key.\n"); return 1; } fclose(fp); fp = fopen(PUBFILE, "w"); if (PEM_write_RSAPublicKey(fp, key) == 0) { fprintf(stderr, "Error: problems while writing RSA Public Key.\n"); return 1; } fclose(fp); RSA_free(key); printf("RSA key generated.\nLenght (bits) = %d\n", keylen); return 0; }
int COsslKey::SaveKeys( const sqbind::stdString &sPrivate, const sqbind::stdString &sPublic ) {_STT(); // Public key? if ( m_pkey ) { oex::CStr8 name = oexStrToMb( oex::CStr( sPublic.c_str(), sPublic.length() ) ); FILE *fp = fopen( ( oex::CStr8() << name ).Ptr(), "w" ); if ( !fp ) oexERROR( oexGetLastError(), oexMks( oexT( "fopen( '" ), oexMbToStr( name ), oexT( "' ) failed" ) ) ); else { PEM_write_RSAPublicKey( fp, m_pkey->pkey.rsa ); fclose( fp ); } // end else } // end if // Private key? if ( m_pkey ) { oex::CStr8 name = oexStrToMb( oex::CStr( sPrivate.c_str(), sPrivate.length() ) ); FILE *fp = fopen( ( oex::CStr8() << name ).Ptr(), "w" ); if ( !fp ) oexERROR( oexGetLastError(), oexMks( oexT( "fopen( '" ), oexMbToStr( name ), oexT( "' ) failed" ) ) ); else { PEM_write_RSAPrivateKey( fp, m_pkey->pkey.rsa, oexNULL, oexNULL, 0, oexNULL, oexNULL ); fclose( fp ); } // end else } // end if return 1; }
void SavePublicKey(char *user, char *ipaddress, char *digest, RSA *key) { char keyname[CF_MAXVARSIZE], filename[CF_BUFSIZE]; struct stat statbuf; FILE *fp; int err; CfDebug("SavePublicKey %s\n", ipaddress); snprintf(keyname, CF_MAXVARSIZE, "%s-%s", user, digest); snprintf(filename, CF_BUFSIZE, "%s/ppkeys/%s.pub", CFWORKDIR, keyname); MapName(filename); if (cfstat(filename, &statbuf) != -1) { return; } CfOut(OUTPUT_LEVEL_VERBOSE, "", "Saving public key %s\n", filename); if ((fp = fopen(filename, "w")) == NULL) { CfOut(OUTPUT_LEVEL_ERROR, "fopen", "Unable to write a public key %s", filename); return; } ThreadLock(cft_system); if (!PEM_write_RSAPublicKey(fp, key)) { err = ERR_get_error(); CfOut(OUTPUT_LEVEL_ERROR, "PEM_write", "Error saving public key %s = %s\n", filename, ERR_reason_error_string(err)); } ThreadUnlock(cft_system); fclose(fp); }
void RSAKey::writeToPEMKeyFile(const std::string& filename, PEMPassphraseCallback callback, void* userdata) const { FILE* fp = fopen(filename.c_str(), "w+"); if (fp == NULL) { THROW_EXCEPTION_WITH_LOG(Exception::exception, "Cannot open the file."); } int result = 0; if (hasPrivateCompound()) { result = PEM_write_RSAPrivateKey(fp, d_rsa.get(), NULL, NULL, 0, callback, userdata); } else { result = PEM_write_RSAPublicKey(fp, d_rsa.get()); } fclose(fp); EXCEPTION_ASSERT_WITH_LOG(result != 0, OpenSSLException, "Cannot write PEM file"); }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { RSA *rsa_key; FILE *f; char *name = NULL; char *filename; get_config_string(lookup_config(config_tree, "Name"), &name); if(name && !check_id(name)) { fprintf(stderr, "Invalid name for myself!\n"); return false; } fprintf(stderr, "Generating %d bits keys:\n", bits); rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); if(!rsa_key) { fprintf(stderr, "Error during key generation!\n"); return false; } else fprintf(stderr, "Done.\n"); xasprintf(&filename, "%s/rsa_key.priv", confbase); f = ask_and_open(filename, "private RSA key"); if(!f) return false; if(disable_old_keys(f)) fprintf(stderr, "Warning: old key(s) found and disabled.\n"); #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); free(filename); if(name) xasprintf(&filename, "%s/hosts/%s", confbase, name); else xasprintf(&filename, "%s/rsa_key.pub", confbase); f = ask_and_open(filename, "public RSA key"); if(!f) return false; if(disable_old_keys(f)) fprintf(stderr, "Warning: old key(s) found and disabled.\n"); fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); if(name) free(name); return true; }
int main(int argc, char **argv) { RSA *keypair = RSA_new(); BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); BIGNUM *n = BN_new(); BIGNUM *d = BN_new(); BIGNUM *e = BN_new(); BIGNUM *p = BN_new(); BIGNUM *q = BN_new(); BIGNUM *dmp1 = BN_new(); BIGNUM *dmq1 = BN_new(); BIGNUM *iqmp = BN_new(); BIGNUM *r0 = BN_CTX_get(ctx); BIGNUM *r1 = BN_CTX_get(ctx); BIGNUM *r2 = BN_CTX_get(ctx); BIGNUM *r3 = BN_CTX_get(ctx); if(argc != 4) { printf("Usage : %s <p> <q> <e>\n", argv[0]); return 1; } BN_dec2bn(&p, argv[1]); BN_dec2bn(&q, argv[2]); BN_dec2bn(&e, argv[3]); if(BN_cmp(p,q) < 0) { BIGNUM *tmp = p; p = q; q = tmp; } BN_mul(n,p,q,ctx); BN_sub(r1,p,BN_value_one()); BN_sub(r2,q,BN_value_one()); BN_mul(r0,r1,r2,ctx); BN_mod_inverse(d,e,r0,ctx); BN_mod(dmp1, d, r1, ctx); BN_mod(dmp1, d, r2, ctx); BN_mod_inverse(iqmp,q,p,ctx); keypair->n = n; keypair->d = d; keypair->e = e; keypair->p = p; keypair->q = q; keypair->dmq1 = dmq1; keypair->dmp1 = dmp1; keypair->iqmp = iqmp; PEM_write_RSAPrivateKey(stdout, keypair, NULL, NULL, 0, NULL, NULL); PEM_write_RSAPublicKey(stdout, keypair); BN_CTX_end(ctx); BN_CTX_free(ctx); RSA_free(keypair); return 0; }
//------------------------------------------------------------------------------------- bool KBE_RSA::generateKey(const std::string& pubkeyname, const std::string& prikeyname, int keySize, int e) { KBE_ASSERT(rsa_public == NULL && rsa_private == NULL); RSA* rsa = NULL; FILE *fp = NULL; if ((rsa = RSA_generate_key(keySize, e, NULL, NULL)) == NULL) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: RSA_generate_key error({} : {})\n", errret, err)); return false; } if (!RSA_check_key(rsa)) { ERROR_MSG("KBE_RSA::generateKey: invalid RSA Key.\n"); RSA_free(rsa); return false; } fp = fopen(prikeyname.c_str(), "w"); if (!fp) { RSA_free(rsa); return false; } if (!PEM_write_RSAPrivateKey(fp, static_cast<RSA*>(rsa), NULL, NULL, 0, 0, NULL)) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: PEM_write_RSAPrivateKey error({} : {})\n", errret, err)); fclose(fp); RSA_free(rsa); return false; } fclose(fp); fp = fopen(pubkeyname.c_str(), "w"); if (!fp) { RSA_free(rsa); return false; } if (!PEM_write_RSAPublicKey(fp, static_cast<RSA*>(rsa))) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: PEM_write_RSAPublicKey error({} : {})\n", errret, err)); fclose(fp); RSA_free(rsa); return false; } INFO_MSG(fmt::format("KBE_RSA::generateKey: RSA key generated. keysize({}) bits.\n", keySize)); RSA_free(rsa); fclose(fp); return loadPrivate(prikeyname) && loadPublic(pubkeyname); }
/* * generate public/private RSA keypairs for all hosts that don't have one. */ static int keygen (int bits) { RSA *rsa_key; FILE *f; char *name = NULL; char *fname; asprintf (&fname, "%s/hostkeys", confbase); mkdir (fname, 0700); free (fname); asprintf (&fname, "%s/pubkey", confbase); mkdir (fname, 0700); free (fname); for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) { conf_node *node = *i; asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); f = fopen (fname, "a"); /* some libcs are buggy and require an extra seek to the end */ if (!f || fseek (f, 0, SEEK_END)) { perror (fname); exit (EXIT_FAILURE); } if (ftell (f)) { if (!quiet) fprintf (stderr, "'%s' already exists, skipping this node %d\n", fname, quiet); fclose (f); continue; } fprintf (stderr, _("generating %d bits key for %s:\n"), bits, node->nodename); rsa_key = RSA_generate_key (bits, 0xFFFF, indicator, NULL); if (!rsa_key) { fprintf (stderr, _("error during key generation!\n")); return -1; } else fprintf (stderr, _("Done.\n")); require (PEM_write_RSAPublicKey (f, rsa_key)); fclose (f); free (fname); asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); f = fopen (fname, "a"); if (!f) { perror (fname); exit (EXIT_FAILURE); } require (PEM_write_RSAPrivateKey (f, rsa_key, NULL, NULL, 0, NULL, NULL)); fclose (f); free (fname); } return 0; }
int main(int argc, char *argv[]) { int err = 0; int v; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "12345678"; unsigned char ctext_ex[256]; int plen; int clen = 0; int num; int n; int i; EVP_PKEY *pkey; printf("ptext_ex: %s\n", ptext_ex); { key = RSA_new(); key5(key); plen = sizeof(ptext_ex) - 1; num = RSA_private_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); if (num != 128) //模数长度 { printf("PKCS#1 v1.5 encryption failed!\n"); err=1; goto next; } //加密后的数据 printf("encrypted text: \n"); for (i = 0; i < num; i++) { printf("\\x%02x", ctext[i]); } printf("\n"); printf("RSA_private_encrypt num: %d\n", num); num = RSA_public_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("PKCS#1 v1.5 decryption failed!\n"); err=1; } else printf("PKCS #1 v1.5 encryption/decryption ok\n"); printf("RSA_public_decrypt num: %d\n", num); ptext[num] = '\0'; //字符串结尾 printf("ptext: %s\n", ptext); next: //公钥和私钥输出为 PEM 格式: PEM_write_RSAPrivateKey(stdout, key, NULL, NULL, 0, NULL, NULL); PEM_write_RSAPublicKey(stdout, key); //释放申请的内存 RSA_free(key); } if (err) printf("ERROR: %d\n", err); return err; }
void KeepKeyPromises(const char *public_key_file, const char *private_key_file) { unsigned long err; #ifdef OPENSSL_NO_DEPRECATED RSA *pair = RSA_new(); BIGNUM *rsa_bignum = BN_new(); #else RSA *pair; #endif FILE *fp; struct stat statbuf; int fd; static char *passphrase = "Cfengine passphrase"; const EVP_CIPHER *cipher; char vbuff[CF_BUFSIZE]; cipher = EVP_des_ede3_cbc(); if (stat(public_key_file, &statbuf) != -1) { printf("A key file already exists at %s\n", public_key_file); return; } if (stat(private_key_file, &statbuf) != -1) { printf("A key file already exists at %s\n", private_key_file); return; } printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); #ifdef OPENSSL_NO_DEPRECATED BN_set_word(rsa_bignum, 35); if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL)) #else pair = RSA_generate_key(2048, 35, NULL, NULL); if (pair == NULL) #endif { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Unable to generate key '%s'", ERR_reason_error_string(err)); return; } fd = open(private_key_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { Log(LOG_LEVEL_ERR, "Open '%s' failed. (open: %s)", private_key_file, GetErrorStr()); return; } if ((fp = fdopen(fd, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Couldn't open private key '%s'. (fdopen: %s)", private_key_file, GetErrorStr()); close(fd); return; } Log(LOG_LEVEL_VERBOSE, "Writing private key to '%s'", private_key_file); if (!PEM_write_RSAPrivateKey(fp, pair, cipher, passphrase, strlen(passphrase), NULL, NULL)) { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Couldn't write private key. (PEM_write_RSAPrivateKey: %s)", ERR_reason_error_string(err)); return; } fclose(fp); fd = open(public_key_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { Log(LOG_LEVEL_ERR, "Unable to open public key '%s'. (open: %s)", public_key_file, GetErrorStr()); return; } if ((fp = fdopen(fd, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Open '%s' failed. (fdopen: %s)", public_key_file, GetErrorStr()); close(fd); return; } Log(LOG_LEVEL_VERBOSE, "Writing public key to file '%s'", public_key_file); if (!PEM_write_RSAPublicKey(fp, pair)) { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Unable to write public key. (PEM_write_RSAPublicKey: %s)", ERR_reason_error_string(err)); return; } fclose(fp); snprintf(vbuff, CF_BUFSIZE, "%s/randseed", CFWORKDIR); RAND_write_file(vbuff); chmod(vbuff, 0644); }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { BIGNUM *e = NULL; RSA *rsa_key; FILE *f; char filename[PATH_MAX]; BN_GENCB *cb; int result; fprintf(stderr, "Generating %d bits keys:\n", bits); cb = BN_GENCB_new(); if(!cb) { abort(); } BN_GENCB_set(cb, indicator, NULL); rsa_key = RSA_new(); if(BN_hex2bn(&e, "10001") == 0) { abort(); } if(!rsa_key || !e) { abort(); } result = RSA_generate_key_ex(rsa_key, bits, e, cb); BN_free(e); BN_GENCB_free(cb); if(!result) { fprintf(stderr, "Error during key generation!\n"); RSA_free(rsa_key); return false; } else { fprintf(stderr, "Done.\n"); } snprintf(filename, sizeof(filename), "%s/rsa_key.priv", confbase); f = ask_and_open(filename, "private RSA key"); if(!f) { RSA_free(rsa_key); return false; } #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); char *name = get_name(); if(name) { snprintf(filename, sizeof(filename), "%s/hosts/%s", confbase, name); free(name); } else { snprintf(filename, sizeof(filename), "%s/rsa_key.pub", confbase); } f = ask_and_open(filename, "public RSA key"); if(!f) { RSA_free(rsa_key); return false; } fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); RSA_free(rsa_key); return true; }
int main(int argc,char *argv[]) { RSA *r = NULL; FILE *priv_output_file; FILE *pub_output_file; int key_len; char *priv_file_name; char *pub_file_name; char priv_suffix[] = "_priv.txt"; char pub_suffix[] = "_pub.txt"; int len; if (argc != 4) { printf("Usage %s <key_file> <keylen> <password protect flag>\n",argv[0]); exit(0); } priv_file_name = malloc(40); pub_file_name = malloc(40); len = strlen(argv[1]); memcpy(priv_file_name, argv[1], len); memcpy(pub_file_name, argv[1], len); memcpy(priv_file_name+len, priv_suffix, 10); memcpy(pub_file_name+len, pub_suffix, 9); printf("%s %s\n",priv_file_name,pub_file_name); key_len = atoi(argv[2]); //daveti: add time measurement for this function call struct timeval tpstart,tpend; float timeuse = 0; gettimeofday(&tpstart,NULL); r = RSA_generate_key(key_len, RSA_EXPONENT, RSA_CALLBACK, RSA_CB_ARGS); gettimeofday(&tpend,NULL); timeuse=1000000*(tpend.tv_sec-tpstart.tv_sec)+tpend.tv_usec-tpstart.tv_usec; timeuse/=1000000; printf("Total time on crypto_genkeypair() is [%f] ms\n", timeuse); if ((priv_output_file = fopen(priv_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if ((pub_output_file = fopen(pub_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if (strcmp(argv[3],"0")==0) { if (PEM_write_RSAPrivateKey(priv_output_file,r,EVP_des_ede3_cbc(),NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } else { if (PEM_write_RSAPrivateKey(priv_output_file,r,NULL,NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } if (PEM_write_RSAPublicKey(pub_output_file,r) != 1) { printf("Error writing the public key\n"); } close(priv_output_file); close(pub_output_file); exit(0); }
static void KeepKeyPromises(void) { unsigned long err; RSA *pair; FILE *fp; struct stat statbuf; int fd; static char *passphrase = "Cfengine passphrase"; const EVP_CIPHER *cipher; char vbuff[CF_BUFSIZE]; NewScope("common"); cipher = EVP_des_ede3_cbc(); if (cfstat(CFPUBKEYFILE, &statbuf) != -1) { CfOut(cf_cmdout, "", "A key file already exists at %s\n", CFPUBKEYFILE); return; } if (cfstat(CFPRIVKEYFILE, &statbuf) != -1) { CfOut(cf_cmdout, "", "A key file already exists at %s\n", CFPRIVKEYFILE); return; } printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); pair = RSA_generate_key(2048, 35, NULL, NULL); if (pair == NULL) { err = ERR_get_error(); CfOut(cf_error, "", "Unable to generate key: %s\n", ERR_reason_error_string(err)); return; } if (DEBUG) { RSA_print_fp(stdout, pair, 0); } fd = open(CFPRIVKEYFILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { CfOut(cf_error, "open", "Open %s failed: %s.", CFPRIVKEYFILE, strerror(errno)); return; } if ((fp = fdopen(fd, "w")) == NULL) { CfOut(cf_error, "fdopen", "Couldn't open private key %s.", CFPRIVKEYFILE); close(fd); return; } CfOut(cf_verbose, "", "Writing private key to %s\n", CFPRIVKEYFILE); if (!PEM_write_RSAPrivateKey(fp, pair, cipher, passphrase, strlen(passphrase), NULL, NULL)) { err = ERR_get_error(); CfOut(cf_error, "", "Couldn't write private key: %s\n", ERR_reason_error_string(err)); return; } fclose(fp); fd = open(CFPUBKEYFILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { CfOut(cf_error, "open", "Unable to open public key %s.", CFPUBKEYFILE); return; } if ((fp = fdopen(fd, "w")) == NULL) { CfOut(cf_error, "fdopen", "Open %s failed.", CFPUBKEYFILE); close(fd); return; } CfOut(cf_verbose, "", "Writing public key to %s\n", CFPUBKEYFILE); if (!PEM_write_RSAPublicKey(fp, pair)) { err = ERR_get_error(); CfOut(cf_error, "", "Unable to write public key: %s\n", ERR_reason_error_string(err)); return; } fclose(fp); snprintf(vbuff, CF_BUFSIZE, "%s/randseed", CFWORKDIR); RAND_write_file(vbuff); cf_chmod(vbuff, 0644); }
void ssl_client_init() { /* * This is twisted. We can generate the required keys by calling RSA_generate_key, * however we cannot put the private part and the public part in the two containers. * For that we need to save each part to a file and then load each part from * the respective file. */ RSA *key = NULL; key = RSA_generate_key(1024, 17, NULL, NULL); if (!key) { correctly_initialized = false; return; } char name_template_private[] = "/tmp/tls_test/mnopqrXXXXXX"; char name_template_public[] = "/tmp/tls_test/stuvwxXXXXXX"; int private_key_file = 0; FILE *private_key_stream = NULL; int ret = 0; private_key_file = mkstemp(name_template_private); if (private_key_file < 0) { correctly_initialized = false; return; } private_key_stream = fdopen(private_key_file, "w+"); if (!private_key_stream) { correctly_initialized = false; return; } ret = PEM_write_RSAPrivateKey(private_key_stream, key, NULL, NULL, 0, 0, NULL); if (ret == 0) { correctly_initialized = false; return; } fseek(private_key_stream, 0L, SEEK_SET); PRIVKEY = PEM_read_RSAPrivateKey(private_key_stream, (RSA **)NULL, NULL, NULL); if (!PRIVKEY) { correctly_initialized = false; return; } fclose(private_key_stream); int public_key_file = 0; FILE *public_key_stream = NULL; public_key_file = mkstemp(name_template_public); if (public_key_file < 0) { correctly_initialized = false; return; } public_key_stream = fdopen(public_key_file, "w+"); if (!public_key_stream) { correctly_initialized = false; return; } ret = PEM_write_RSAPublicKey(public_key_stream, key); if (ret == 0) { correctly_initialized = false; return; } fseek(public_key_stream, 0L, SEEK_SET); PUBKEY = PEM_read_RSAPublicKey(public_key_stream, (RSA **)NULL, NULL, NULL); if (!PUBKEY) { correctly_initialized = false; return; } fclose(public_key_stream); RSA_free(key); SSLCLIENTCONTEXT = SSL_CTX_new(SSLv23_client_method()); if (SSLCLIENTCONTEXT == NULL) { Log(LOG_LEVEL_ERR, "SSL_CTX_new: %s", ERR_reason_error_string(ERR_get_error())); goto err1; } /* Use only TLS v1 or later. TODO option for SSL_OP_NO_TLSv{1,1_1} */ SSL_CTX_set_options(SSLCLIENTCONTEXT, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); /* Never bother with retransmissions, SSL_write() should * always either write the whole amount or fail. */ SSL_CTX_set_mode(SSLCLIENTCONTEXT, SSL_MODE_AUTO_RETRY); /* * Create cert into memory and load it into SSL context. */ if (PRIVKEY == NULL || PUBKEY == NULL) { correctly_initialized = false; return; } /* Generate self-signed cert valid from now to 50 years later. */ { X509 *x509 = X509_new(); X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_time_adj(X509_get_notAfter(x509), 60*60*24*365*50, NULL); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, PRIVKEY); X509_NAME *name = X509_get_subject_name(x509); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const char *) "", -1, -1, 0); X509_set_issuer_name(x509, name); X509_set_pubkey(x509, pkey); const EVP_MD *md = EVP_get_digestbyname("sha384"); if (md == NULL) { correctly_initialized = false; return; } ret = X509_sign(x509, pkey, md); EVP_PKEY_free(pkey); SSLCLIENTCERT = x509; if (ret <= 0) { Log(LOG_LEVEL_ERR, "Couldn't sign the public key for the TLS handshake: %s", ERR_reason_error_string(ERR_get_error())); goto err3; } } /* Log(LOG_LEVEL_ERR, "generate cert from priv key: %s", */ /* ERR_reason_error_string(ERR_get_error())); */ SSL_CTX_use_certificate(SSLCLIENTCONTEXT, SSLCLIENTCERT); ret = SSL_CTX_use_RSAPrivateKey(SSLCLIENTCONTEXT, PRIVKEY); if (ret != 1) { Log(LOG_LEVEL_ERR, "Failed to use RSA private key: %s", ERR_reason_error_string(ERR_get_error())); goto err3; } /* Verify cert consistency. */ ret = SSL_CTX_check_private_key(SSLCLIENTCONTEXT); if (ret != 1) { Log(LOG_LEVEL_ERR, "Inconsistent key and TLS cert: %s", ERR_reason_error_string(ERR_get_error())); goto err3; } /* Set options to always request a certificate from the peer, either we * are client or server. */ SSL_CTX_set_verify(SSLCLIENTCONTEXT, SSL_VERIFY_PEER, NULL); /* Always accept that certificate, we do proper checking after TLS * connection is established since OpenSSL can't pass a connection * specific pointer to the callback (so we would have to lock). */ SSL_CTX_set_cert_verify_callback(SSLCLIENTCONTEXT, TLSVerifyCallback, NULL); correctly_initialized = true; return; err3: X509_free(SSLCLIENTCERT); SSLCLIENTCERT = NULL; SSL_CTX_free(SSLCLIENTCONTEXT); SSLCLIENTCONTEXT = NULL; err1: correctly_initialized = false; return; }
int main(int argc, char* argv[]){ // Local Variable definitions int i, j, k; size_t ret; int rsa_byte_size = RSA_KEY_SIZE/8; // buffer used to seed the PRNG unsigned char seed[rsa_byte_size]; //unsigned char *keybuff; unsigned char *priv; unsigned char *pub; unsigned char *mod; size_t keybuff_len=0; // File pointers FILE *urand; FILE *pubkeyfile; FILE *privkeyfile; // RSA Struct used to store Priv/Pub key vals RSA *key = RSA_new(); // Set the exponent size, e, to be used by RSA. BIGNUM *e = BN_new(); // Open the public keyfile pubkeyfile = fopen("./publickey.txt","w+"); if(pubkeyfile == NULL){ fprintf(stderr, "ERROR: Unable to open publickey.txt for writing!\n"); exit(-1); } // Open the private keyfile privkeyfile = fopen("./secretkey.txt","w+"); if(privkeyfile == NULL){ fprintf(stderr, "ERROR: Unable to open privatekey.txt for writing!\n"); exit(-1); } // Open dev rand to seed our random data. urand = fopen("/dev/urandom","r"); if(urand == NULL){ fprintf(stderr, "ERROR: Unable to open /dev/urandom for reading!\n"); exit(-1); } // Read the rand data from /dev/urandom ret = fread(&seed, sizeof(char), RSA_KEY_SIZE/8, urand); if(ret < RSA_KEY_SIZE/8){ fprintf(stderr, "ERROR: Unable to obtain random seed from /dev/urandom!\n"); exit(-1); } // Seed the PRNG RAND_seed(&seed, RSA_KEY_SIZE/8); // Setup our BIGNUM, this acts as the exponent e and will be stored with the pub/priv keys struct // read the BN_rand description to see why the last two args are 1. //ret = BN_generate_prime_ex(e, RSA_KEY_SIZE, 1, NULL, NULL, NULL); ret = BN_set_word(e, 0x10001); // 65537 if(!ret){ fprintf(stderr, "ERROR: There was a problem generating the mod 'e'\n"); exit(-1); } // NOTE: As per the OpenSSL docs, RSA_generate_key(...) is deprecated. // int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); // Generate the RSA keys ret = RSA_generate_key_ex(key, RSA_KEY_SIZE, e, NULL); /* Currently, the OpenSSL doc does not detail the return value of RSA_generate_key_ex :-( */ if(!ret){ fprintf(stderr, "ERROR: There was a problem generating RSA key!\n"); exit(-1); } /* printf("DBG: Public Key - "); char * n_val = BN_bn2hex(key->n); for(i = 0; i < 256; i++){ printf("%c", n_val[i]); } printf("\n"); */ if(!PEM_write_RSAPublicKey(pubkeyfile, key)){ fprintf(stderr, "ERROR: There was a problem writing the Public RSA key!\n"); exit(-1); } if(!PEM_write_RSAPrivateKey(privkeyfile, key, NULL, NULL, 0, NULL, NULL)){ fprintf(stderr, "ERROR: There was a problem writing the Private RSA key!\n"); exit(-1); } /* // Write the public and private key values out to disk respectively //i = BN_num_bytes(key->e); //j = BN_num_bits(key->e); //keybuff = BN_bn2hex(key->e); priv = BN_bn2hex(key->d); pub = BN_bn2hex(key->e); mod = BN_bn2hex(key->n); // Write out the public modulus, n j = BN_num_bytes(key->e); for(i = 0; i < j; i++){ fprintf(pubkeyfile, "%c", mod[i]); fprintf(privkeyfile, "%c", mod[i]); } fprintf(pubkeyfile,"\n"); fprintf(privkeyfile,"\n"); // Write out the public key j = BN_num_bytes(key->e); for(i = 0; i < j; i++){ fprintf(pubkeyfile, "%c", pub[i]); } // Write out the private key j = BN_num_bytes(key->d); for(i = 0; i < j; i++){ fprintf(privkeyfile, "%c", priv[i]); } */ //printf("DBG: Number of bytes in e - %d\n", i); //DBG: Number of bytes in e - 256 //printf("DBG: Number of bits in e - %d\n", j); //DBG: Number of bits in e - 2048 /* printf("DBG: Print e:\n"); for(k = 0; k < i; k++){ printf("%c",keybuff[k]); } printf("\nDone.\n"); // Note, the below is 256 characters, or 2048 bits worth of data. DBG: Print e: DF61CD9DCFF8B60F8302098EEA099F1B9ECED5C5AD3C98E129D380121A765BE089D6FAFEBACF272B5A87FC98995 A259D6F9D069805436F0B93AFBB02ABAD2C19DD767F25DC25226DA99B24C92727A0F583FE8CAD4C60702A1F4EDB 7F8E3A872519A8515DCBB963E676939FDCC2DFFD40C970137952FADB5048F7DAB4632646C8 Done. */ // Free allocated memory fclose(urand); fclose(pubkeyfile); fclose(privkeyfile); // Free the allocated RSA structures. RSA_free(key); BN_free(e); return 1; }
inline void rsa_key::write_public_key(file _file) const { error::throw_error_if_not(PEM_write_RSAPublicKey(_file.raw(), ptr().get()) != 0); }