gnutls_x509_privkey_import_openssl
MK
mk at cognitivedissonance.ca
Tue Oct 9 23:18:09 CEST 2012
Hi gang!
I just started using gnuTLS, and one of the first things I needed to do
was incorporate a certificate with encrypted key generated by openSSL.
This seemed like a very simple task, here's a minimal reproduction of
the technique I used to decrypt the original key:
void usage (const char *name) {
fprintf(stderr,
"Usage: %s [password] < keyfile.in > keyfile.out\n",
name
);
exit(0);
}
int main (int argc, const char *argv[]) {
if (argc != 2) usage(argv[0]);
unsigned char buffer[4096] = { 0 };
int i = 0,
c = fgetc(stdin);
while (c != EOF) {
buffer[i++] = c;
c = fgetc(stdin);
}
const gnutls_datum_t raw = {
.data = buffer,
.size = i
};
gnutls_x509_privkey_t decrypted;
int check = gnutls_x509_privkey_import_openssl(decrypted, &raw,
argv[1]);
if (check) fatal("Import error", check);
Feeding in the key file resulted in GNUTLS_E_DECRYPTION_FAILED. Since
the key can be decrypted other ways (eg, via "openssl -rsa") and used
successfully, I realized perhaps I should just use the encrypted data
in the file sans header*, but this led to GNUTLS_E_PARSING_ERROR.
Glancing at the gnutls source, that bail appears to happen before
DECRYPTION_FAILED, so I presume I am correct to feed in the entire file.
So I'm at a loss -- what am I doing wrong? I'm using 3.1.2 built from
source.
* the header being:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC
Thanks -- Mark
--
"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)
More information about the Gnutls-help
mailing list