provider implementation of verify: cannot find private key of public key from example-pub.pem

"'Bernd Ritter' via openssl-users" <openssl-users@xxxxxxxxxxx> · Mon, 19 Aug 2024 11:51:07 +0200

Hello everyone,

I want to verify a signature from a message with my custom provider. 
Generating the private and public key works, I get to create the custom 
oid'd keys example.pem and example-pub.pem as files.

Creating the signature from a text file also works.

Then I naturally want to verify the message against the signature. Here 
I get this:

openssl pkeyutl -provider-path build -provider default -provider 
ed25519ph -propquery ?provider=myprovider -verify -inkey example-pub.pem 
-pubin -in message.txt -rawin -sigfile message.txt.sigp

ed25519ph provider init...
ed25519ph provider init complete
operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02d90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02de0
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04680
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04630
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04680
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220dfc6f0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e07310
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e09320
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e092d0
provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e09320
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
Could not find private key of public key from example-pub.pem
800BFD680F7A0000:error:1608010C:STORE 
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
800BFD680F7A0000:error:1608010C:STORE 
routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
pkeyutl: Error initializing context

Why does OpenSSL look for the private key in the public key file? The 
same command using ed25519 and ed25519ph (as pkeyopt) work just fine.

All the best,
Bernd

--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537

--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/094327c5-68f6-48db-99d4-a1fac3bfc569%40b1-systems.de.