1 Reply by Eric_2014

(4 replies, posted in wolfSSL)

Hi Chris,

Here is the key in pem format:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCUf6y8OkKiaL2YTMSfmKhlMGaVvi5hx4noFcGpYCVipW6OAIbV
pI0bgBOsrgNwV7EZkM3iagnkfY0uDb/lz6AmWeV+3bLvpZ0mi186Lt10We1fx4oQ
Nmth3Rh5Lym2hJRhmLtef2eKsuCSdwHhk3X3XAKnpCW4DeSA+RWpphzIhQIDAQAB
AoGAMyixJ7+iiTUwbDG2Y41CJmpATUJR1FncBtrH90QqXQvFRKKl0SB5hInhPVJN
2Pw9BSO/6krB0bf3VXBjNhcLguEGUMJLHgCKILeiJdYS4Dpe58LDUccznXO2dSbi
cspCICd78uAbcNK+qTk/qzb6JEx8SClSdGyEv8zVKvBOx4ECQQD09AGSO14qX+K0
ND896dBUWBs5e7MOzJLoHWJ4cuDkMIy1WCPNGpU2TDD3orw8f+tNTYarIp3I58Zu
7J5K9OuxAkEAmzIZNuxUGUvPMWmNS7JfgClqLgHLcxLLJ6RijYmTMp+JCc0aldZk
sTf5ANL/Qf4D0ZBctVCAfHEUmDWE7uBjFQJBAIL8PB7bOkaEkbD1Q2AzOKDxoFVD
zYM7Z89Rb0ejfpjnUUbjw/k4ntOzOHgjgG8FpGjo7Pt0flVhg13rj9XbVHECQGLL
DoAHCzYbKycCUT7pqp+UPZJR9Cgpw4dVvqLo+/oS0pKZrR3LH8gsoGck6fchc17Z
LhsBxvjwpzKJhzjlQE0CQCNO1YrekqJBOc2OtLMO+I5jXGgGnZUuxn+G8jZwQzD/
JfAuobFefFGLShZEV84TL0Sitec8AQGN78DngXdriTY=
-----END RSA PRIVATE KEY-----

Do you want the der format keyfile?

Go to forum: wolfSSL

2 Reply by Eric_2014

(4 replies, posted in wolfSSL)

Hi Chris,

Thanks a lot for the answer, it works perfectly.
I got another problem when loading my DER filetype private key.
I try to read the file with openssl using "openssl pkcs8" command and it works without problem but when I try to load the private key in wolfSSL embedded SSL I got a parsing error (-143).
I don't understand why it fail...
Here is the code:

idx = 0;
    byte privateKeyBuffer[1024];
    file = fopen("aipk.der", "rb");
    if (!file)
        cout << "ERROR reading private key..." << endl;
    int szPrivateKey = fread(privateKeyBuffer, 1, sizeof(privateKeyBuffer), file);
    cout << szPrivateKey << endl;
    fclose(file);
    ret = RsaPrivateKeyDecode(privateKeyBuffer, &idx, &rsaPrivateKey, szPrivateKey);
    if (ret != 0)
        cout << "ERROR priv key decode: " << ret <<endl;

The key is generate by java's bouncy castle library.

Thanks in advance,

Eric

Go to forum: wolfSSL

3 Reply by Eric_2014

(2 replies, posted in wolfSSL)

Hi Chris,

Thanks for the response.
I check that and everything is ok. But I still got the problem... I think that I miss something but I don't know what...

Here are more informations about the certificates:
CA certificate (Self-Signed):

-----BEGIN CERTIFICATE-----
MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMA8xDTALBgNVBAMMBFRlc3Qw
HhcNMTMwMTAxMTAyOTI5WhcNMTcwMTAxMTAyOTI5WjAPMQ0wCwYDVQQDDARUZXN0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPFNyv0i29DbGDRkGPjXBub6q2
ZNdMQoT6YWxsmfBuzgIuF3F8Dd80NUTXfOfCxRnndCUmjgfhOekRI1AlEOXWw6vD
yrcUNu/spJxILVeiq+bCw3VwVhs1Xiztc9Cvvk9CTxLT+NhQpvS17djwhLMrMDnZ
nZMwKsOpzIlW0LG4PQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAG7wI8WlzynLTl7U
1fS9ty/4WjRrpuMmawbt6owy92NdWmC0j+u8sEWB/q318AqhxgQRNSfmBcVobff8
CYYsLcfBCiNmn12d3osu12O6FF9yZEOBQ5pmwzBe+Xzu/8c+4uDuduBLIvq1PcKP
L8EuNu0JuMRSe2Tk+LvqcZkm5t2I
-----END CERTIFICATE-----

Certificate that I want to verify:

-----BEGIN CERTIFICATE-----
MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMA8xDTALBgNVBAMMBFRlc3Qw
HhcNMTMwMTAxMTAyOTI5WhcNMTcwMTAxMTAyOTI5WjAPMQ0wCwYDVQQDDARUZXN0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPFNyv0i29DbGDRkGPjXBub6q2
ZNdMQoT6YWxsmfBuzgIuF3F8Dd80NUTXfOfCxRnndCUmjgfhOekRI1AlEOXWw6vD
yrcUNu/spJxILVeiq+bCw3VwVhs1Xiztc9Cvvk9CTxLT+NhQpvS17djwhLMrMDnZ
nZMwKsOpzIlW0LG4PQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAG7wI8WlzynLTl7U
1fS9ty/4WjRrpuMmawbt6owy92NdWmC0j+u8sEWB/q318AqhxgQRNSfmBcVobff8
CYYsLcfBCiNmn12d3osu12O6FF9yZEOBQ5pmwzBe+Xzu/8c+4uDuduBLIvq1PcKP
L8EuNu0JuMRSe2Tk+LvqcZkm5t2I
-----END CERTIFICATE-----

And the CRL (PEM filetype):

-----BEGIN X509 CRL-----
MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDDARUZXN0Fw0xNDAy
MjExMDI5MjlaFw0xNzAxMDExMDI5MjlaMBQwEgIBAhcNMTQwMjIxMTAyOTI5WqBK
MEgwOgYDVR0jAQH/BDAwLoAUqOWqy6shef9NnNyVchZVhrDteQmhE6QRMA8xDTAL
BgNVBAMMBFRlc3SCAQEwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAIdw7
xiP/xlPi9uCbmF7V2dBAmRH+UICTTf6pwAZwdeNgbdASZr5Uco4pt9fSLACBmEGU
1yThSHwSpnBYyOYjsu82aZ2kkBlGXXBOCJ+lWVTW79+QvsAv6j61c8e7LOPjTnXt
hS6hONmAa0dQvGXYhH4QIhUhVCY8i0HqQpKxokY=
-----END X509 CRL-----

I just test crl under windows and it don't work too, so the problem seems to come from the crl certificate generation... I'll try to find the problem.

Thanks,

Eric

EDIT: I solve the problem, I made some mistakes when generating CRL. Now everything works fine wink

Go to forum: wolfSSL

4 Topic by Eric_2014

(2 replies, posted in wolfSSL)

Hi everyone,

Here is my problem, I use the wolfSSL embedded SSL certificate manager API to verify some certificate. It works perfectly when CRL option is disable.
Once I turn it on it fails...
I load CRL (DER format) without any error code but then, when I try to verify a certificate, I got an -262 error code (which says "CRL Not Loaded")... I don't understand where is the problem...

Here is my code:

        certManager = CyaSSL_CertManagerNew();
    if (certManager == NULL) {
        cout << "Failure cm new!" << endl;
    } else cout << "Success cm new!" << endl;
    
    ret = CyaSSL_CertManagerLoadCA(certManager, "CACert.pem", 0);
    if (ret != SSL_SUCCESS) {
        cout << "Failure Loading CA certificate!" << endl;
    } else cout << "Success Loading CA certificate!" << endl;
    
    ret = CyaSSL_CertManagerEnableCRL(certManager, 0);
    if (ret != SSL_SUCCESS) {
        cout << "Failure Enable CRL!" << endl << endl;
    } else cout << "Success Enable CRL!" << endl << endl;
    
    ret = CyaSSL_CertManagerLoadCRL(certManager, "CRL/", SSL_FILETYPE_ASN1, 0);
    if (ret != SSL_SUCCESS) {
        cout << "Failure Loading CRL!" << endl << endl;
    } else cout << "Success Loading CRL!" << endl << endl;
    
    cout << "Validation of a certificate...." << endl;
    ret = CyaSSL_CertManagerVerify(certManager,  "certificate.der", SSL_FILETYPE_ASN1);
    cout << ret << endl; //Here I get -262 error code - MISSING_CRL
    if (ret != SSL_SUCCESS) {
        cout << "Failure verify certificate!" << endl << endl;
    } else cout << "Success verify certificate!" << endl << endl;

Any idea?

Thanks in advance,

Eric

Go to forum: wolfSSL

5 Topic by Eric_2014

(4 replies, posted in wolfSSL)

Hi everyone,

I'm currently developed an application using wolfssl library and got some problem.

I want to encrypt some data with RSA. For this purpose I will use rsa function from ctaocrypt library.
My problem is how to get the public key from the certificate which is stored on the hard disk?
I try the following solution:

byte publicKeyBuffer[1024];
WOLFSSL_X509* x509cert = wolfSSL_X509_load_certificate_file("certAI.der", SSL_FILETYPE_ASN1);
publicKeyBuffer = wolfSSL_X509_get_pubkey(x509cert);

But wolfSSL_X509_get_pubkey(x509cert) return a WOLFSSL_EVP_PKEY* type which is not compatible with RsaPrivateKeyDecode function.

Any idea for a solution?

I have also some other problem but I will create new posts.

Thanks in advance,

Eric

Go to forum: wolfSSL