Note that the names are also documented here:
https://www.openssl.org/docs/manmaster/man7/EVP_KEYMGMT-RSA.html
On 30/07/2021 14:29, Olivier Mascia via openssl-users wrote:
Thanks!
BIGNUM* n;
BIGNUM* e;
BIGNUM* d;
EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_N, &n);
EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_E, &e);
EVP_PKEY_get_bn_param(cert.key(), OSSL_PKEY_PARAM_RSA_D, &d);
Now, the reverse exercise for me: to create another RSA key, solely through EVP_PKEY interfaces (knowing these n, e, d parameters), I think I should go this route:
mKey = EVP_PKEY_new();
EVP_PKEY_set_type(mKey, some int type ?);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_N, n2);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_E, e2);
EVP_PKEY_set_bn_param(mKey, OSSL_PKEY_PARAM_RSA_D, d2);
But how to get the proper int type to pass to EVP_PKEY_set_type()?
Don't do it like this. Instead you need to use EVP_PKEY_fromdata():
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html
Here's an example of doing it with DSA. The same principle applies to RSA:
https://github.com/openssl/openssl/blob/5540855bda5e58f4b33f2306feb6ff4e93c0af81/apps/testdsa.h#L239-L268
Matt
Thanks all for support switching to OpenSSL 3.0.
__
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
Olivier Mascia
Le 30 juil. 2021 à 15:07, Dr Paul Dale <pauli@xxxxxxxxxxx> a écrit :
Try: include/openssl/core_names.h
The names are "n", "e" and "d" in this case.
Pauli
On 30/7/21 10:57 pm, Olivier Mascia via openssl-users wrote:
Dear all,
Testing migration to OpenSSL 3.0.
Got to update some code building a JWK (in relation to ACME LetsEncrypt protocols).
Having an EVP_PKEY which happens to be a RSA key, I proceeded this way (1.1.1) to extract the bignums needed for inclusion into the JWK:
// Access the numerical components of the certificate RSA keys.
BIGNUM* n;
BIGNUM* e;
BIGNUM* d;
RSA_get0_key(cert.RSAkey(), &n, &e, &d);
( my cert.RSAkey() returned RSA* from my embedded EVP_PKEY* through EVP_PKEY_get0_RSA() )
I understand I should now start straight from the EVP_PKEY and use :
EVP_PKEY_get_bn_param(cert.key(), "name-n?", &n);
EVP_PKEY_get_bn_param(cert.key(), "name-e?", &e);
EVP_PKEY_get_bn_param(cert.key(), "name-d?", &d);
( cert.key() returns EVP_KEY* )
The question is: where can I find the proper names for these bignums out of a RSA key?
__
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
Olivier Mascia