Re: Accessing bignums of a RSA key with OpenSSL 3.0?

[Matt Caswell <matt@xxxxxxxxxxx>]

Note that the names are also documented here:

https://www.openssl.org/docs/manmaster/man7/EVP_KEYMGMT-RSA.html

On 30/07/2021 14:29, Olivier Mascia via openssl-users wrote:
> Thanks!
>
> 	BIGNUM* n;
> 	BIGNUM* e;
> 	BIGNUM* d;
> 	EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_N, &n);
> 	EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_E, &e);
> 	EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_D, &d);
>
> Now, the reverse exercise for me: to create another RSA key, solely through EVP_PKEY interfaces (knowing these n, e, d parameters), I think I should go this route:
>
> 	mKey = EVP_PKEY_new();
> 	EVP_PKEY_set_type(mKey, some int type ?);
>
> 	EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_N, n2);
> 	EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_E, e2);
> 	EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_D, d2);
> 	
> But how to get the proper int type to pass to EVP_PKEY_set_type()?

Don't do it like this. Instead you need to use EVP_PKEY_fromdata():


https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html


Here's an example of doing it with DSA. The same principle applies to RSA:


https://github.com/openssl/openssl/blob/5540855bda5e58f4b33f2306feb6ff4e93c0af81/apps/testdsa.h#L239-L268

Matt


> Thanks all for support switching to OpenSSL 3.0.
> __
> Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
> Olivier Mascia
>
> > Le 30 juil. 2021 à 15:07, Dr Paul Dale <pauli@xxxxxxxxxxx> a écrit :
> >
> > Try: include/openssl/core_names.h
> > The names are "n", "e" and "d" in this case.
> >
> >
> > Pauli
> >
> >
> > On 30/7/21 10:57 pm, Olivier Mascia via openssl-users wrote:
> > > Dear all,
> > >
> > > Testing migration to OpenSSL 3.0.
> > > Got to update some code building a JWK (in relation to ACME LetsEncrypt protocols).
> > >
> > > Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1) to extract the bignums needed for inclusion into the JWK:
> > >
> > > 	// Access the numerical components of the certificate RSA keys.
> > > 	BIGNUM* n;
> > > 	BIGNUM* e;
> > > 	BIGNUM* d;
> > > 	RSA_get0_key(cert.RSAkey(), &n, &e, &d);
> > >
> > > ( my cert.RSAkey() returned RSA* from my embedded EVP_PKEY* through EVP_PKEY_get0_RSA() )
> > >
> > > I understand I should now start straight from the EVP_PKEY and use :
> > >
> > > 	EVP_PKEY_get_bn_param(cert.key(), "name-n?", &n);
> > > 	EVP_PKEY_get_bn_param(cert.key(), "name-e?", &e);
> > > 	EVP_PKEY_get_bn_param(cert.key(), "name-d?", &d);
> > >
> > > ( cert.key() returns EVP_KEY* )
> > >
> > > The question is: where can I find the proper names for these bignums out of a RSA key?
> > >
> > > __
> > > Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
> > > Olivier Mascia