Cryptography Reference
In-Depth Information
if ( !buffer )
{
perror( “Not enough memory” );
return NULL;
}
bufptr = buffer;
while ( ( bytes_read = read( file, ( void * ) buffer, buffer_size ) ) )
{
bufptr += bytes_read;
}
close( file );
if ( buffer_length != NULL )
{
*buffer_length = buffer_size;
}
return buffer;
}
Supporting Encrypted Private Key Files
If you run
privkey
on the previously generated private key fi le, you see the
modulus and private exponent of your RSA key:
[jdavies@localhost ssl]$ ./privkey -pem key_decoded.pem
Modulus:b1b26d3343d328c56090645e0ddc169632fc2efa085b68a8e0322c48c7f1145c3c2
b7a0ac4e86f16830b52e675ac5d76d8b87dba511be44f4bc815782af3bf01
Private Exponent:9acf5fe3b1cb5d51d7f6f3fa1d0909848196c33681e16124ff6db6b711ba2e8959
095b1071d0885d4e23db1e76fea10db8329d429d87e2e0a38287cc24c33981
Still, it seems a shame to require that the server user keep the private key
stored in plaintext on a disk somewhere. As you can see from the header on
the original, encrypted key fi le, this is encrypted using DES, which you have
code to decrypt. Why not go ahead and implement the code to decrypt the
encrypted fi le?
The fi le, by default, starts with two bits of information:
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BD1FF235EA6104E1
First, the Proc-Type tells you that the fi le is encrypted. The DEK-Info gives
you the encryption algorithm, followed by an initialization vector.
Note that the key contents themselves are PKCS #1 formatted, but the extra
header information is OpenSSL/PEM-specifi c. In fact, if you use OpenSSL to
save the key fi le itself in DER format, you lose the encryption. Because there's
Search WWH ::
Custom Search