OK.. I think I understood this API wrongly then. What will X509_verify() will verify if I pass it public key. I mean in place of private key , if I try to match the public key than rather than doing keys comparision, will passing the public key to this API, help ? I mean does it check the private key with which certificate was signed, or the public key which this certificate signs. Sorry, I think I am still bit not clear on purpose of the API. Thanks & Regards, Nayna Jain From: Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> To: openssl-users at openssl.org, openssl-dev at openssl.org Date: 06/22/2015 08:00 AM Subject: Re: [openssl-dev] [openssl-users] X509_verify() error - block type is not 01 Sent by: "openssl-dev" <openssl-dev-bounces at openssl.org> On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote: > I want to match the certificate with the private key for whose public key > that certificate is provided. That's the subject key, and unless the certificate is self-signed, the X509_verify() function is not the right interface. You want to extract the certificate's public key and compare it with the key you have. You can compare (memcmp()) the DER encoding of the public key from the certificate with the DER encoding of the desired key. > If this verifies who signed the certificate, then how do I verify whether > the certificate provided is for the private key which was generated, You compare the keys, or the key fingerprints. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150622/204524f4/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150622/204524f4/attachment-0001.gif>