Topic: Getting public key from certificate with wolfSSL embedded SSL

Hi everyone,

I'm currently developed an application using wolfssl library and got some problem.

I want to encrypt some data with RSA. For this purpose I will use rsa function from ctaocrypt library.
My problem is how to get the public key from the certificate which is stored on the hard disk?
I try the following solution:

byte publicKeyBuffer[1024];
WOLFSSL_X509* x509cert = wolfSSL_X509_load_certificate_file("certAI.der", SSL_FILETYPE_ASN1);
publicKeyBuffer = wolfSSL_X509_get_pubkey(x509cert);

But wolfSSL_X509_get_pubkey(x509cert) return a WOLFSSL_EVP_PKEY* type which is not compatible with RsaPrivateKeyDecode function.

Any idea for a solution?

I have also some other problem but I will create new posts.

Thanks in advance,

Eric

Share

Re: Getting public key from certificate with wolfSSL embedded SSL

Hi Eric,

You should be able to extract the public key from a DER-encoded X.509 certificate into an RsaKey structure using something similar to this:

int ret;
int derCertSz;
byte derCert[4096];

FILE* file;
RsaKey pubKey;
word32 idx = 0;
DecodedCert cert;

/* open and read DER-formatted cert into buffer */
file = fopen("./client-cert.der", "rb");
if (!file)
    // error reading file

derCertSz = fread(derCert, 1, sizeof(derCert), file);
fclose(file);

/* initialize DecodedCert with DER cert */
InitDecodedCert(&cert, derCert, derCertSz, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
    // ParseCert failed

/* extract the public key from the cert */
InitRsaKey(&pubKey, 0);
idx = 0;
ret = RsaPublicKeyDecode(cert.publicKey, &idx, &pubKey, cert.pubKeySize);
if (ret != 0)
    // RsaPublicKeyDecode failed

In order to use the InitDecodedCert() and ParseCert() functions, you'll need to add the WOLFSSL_TEST_CERT define to the wolfSSL preprocessor flags (C_EXTRA_FLAGS) when compiling the library, and then to your application ones as well.

After doing the above, you'll have an RsaKey structure containing the public key which you can then use with the RSA functions.

Hope this helps.

Best Regards,
Chris

Re: Getting public key from certificate with wolfSSL embedded SSL

Hi Chris,

Thanks a lot for the answer, it works perfectly.
I got another problem when loading my DER filetype private key.
I try to read the file with openssl using "openssl pkcs8" command and it works without problem but when I try to load the private key in wolfSSL embedded SSL I got a parsing error (-143).
I don't understand why it fail...
Here is the code:

idx = 0;
    byte privateKeyBuffer[1024];
    file = fopen("aipk.der", "rb");
    if (!file)
        cout << "ERROR reading private key..." << endl;
    int szPrivateKey = fread(privateKeyBuffer, 1, sizeof(privateKeyBuffer), file);
    cout << szPrivateKey << endl;
    fclose(file);
    ret = RsaPrivateKeyDecode(privateKeyBuffer, &idx, &rsaPrivateKey, szPrivateKey);
    if (ret != 0)
        cout << "ERROR priv key decode: " << ret <<endl;

The key is generate by java's bouncy castle library.

Thanks in advance,

Eric

Share

Re: Getting public key from certificate with wolfSSL embedded SSL

Hi Eric,

Could you send me a key which demonstrates the problem?

Thanks,
Chris

Re: Getting public key from certificate with wolfSSL embedded SSL

Hi Chris,

Here is the key in pem format:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCUf6y8OkKiaL2YTMSfmKhlMGaVvi5hx4noFcGpYCVipW6OAIbV
pI0bgBOsrgNwV7EZkM3iagnkfY0uDb/lz6AmWeV+3bLvpZ0mi186Lt10We1fx4oQ
Nmth3Rh5Lym2hJRhmLtef2eKsuCSdwHhk3X3XAKnpCW4DeSA+RWpphzIhQIDAQAB
AoGAMyixJ7+iiTUwbDG2Y41CJmpATUJR1FncBtrH90QqXQvFRKKl0SB5hInhPVJN
2Pw9BSO/6krB0bf3VXBjNhcLguEGUMJLHgCKILeiJdYS4Dpe58LDUccznXO2dSbi
cspCICd78uAbcNK+qTk/qzb6JEx8SClSdGyEv8zVKvBOx4ECQQD09AGSO14qX+K0
ND896dBUWBs5e7MOzJLoHWJ4cuDkMIy1WCPNGpU2TDD3orw8f+tNTYarIp3I58Zu
7J5K9OuxAkEAmzIZNuxUGUvPMWmNS7JfgClqLgHLcxLLJ6RijYmTMp+JCc0aldZk
sTf5ANL/Qf4D0ZBctVCAfHEUmDWE7uBjFQJBAIL8PB7bOkaEkbD1Q2AzOKDxoFVD
zYM7Z89Rb0ejfpjnUUbjw/k4ntOzOHgjgG8FpGjo7Pt0flVhg13rj9XbVHECQGLL
DoAHCzYbKycCUT7pqp+UPZJR9Cgpw4dVvqLo+/oS0pKZrR3LH8gsoGck6fchc17Z
LhsBxvjwpzKJhzjlQE0CQCNO1YrekqJBOc2OtLMO+I5jXGgGnZUuxn+G8jZwQzD/
JfAuobFefFGLShZEV84TL0Sitec8AQGN78DngXdriTY=
-----END RSA PRIVATE KEY-----

Do you want the der format keyfile?

Share