Re: provider implementation of verify: cannot find private key of public key from example-pub.pem

["'Bernd Ritter' via openssl-users" <openssl-users@xxxxxxxxxxx>]

Hey everyone,

I am still struggling on this. My lead was to check if the public key 
was somehow incorrect. But both the ed25519 and my own X509_PUBKEY look 
quite similar:

# openssl asn1parse -in example-pub.ed25519.pem
    0:d=0  hl=2 l=  42 cons: SEQUENCE
    2:d=1  hl=2 l=   5 cons: SEQUENCE
    4:d=2  hl=2 l=   3 prim: OBJECT            :ED25519
    9:d=1  hl=2 l=  33 prim: BIT STRING

# openssl asn1parse -in example-pub.pem
    0:d=0  hl=2 l=  42 cons: SEQUENCE
    2:d=1  hl=2 l=   5 cons: SEQUENCE
    4:d=2  hl=2 l=   3 prim: OBJECT            :1.2.3.4
    9:d=1  hl=2 l=  33 prim: BIT STRING

Besides that, given the logs below the provider does not seem to load my 
own decoder to read the public key file. But I have no idea which that 
might be.

Hoping for some ideas.

All the best,
Bernd

Am 19.08.24 um 11:51 schrieb 'Bernd Ritter' via openssl-users:
> Hello everyone,
>
> I want to verify a signature from a message with my custom provider. 
> Generating the private and public key works, I get to create the custom 
> oid'd keys example.pem and example-pub.pem as files.
>
> Creating the signature from a text file also works.
>
> Then I naturally want to verify the message against the signature. Here 
> I get this:
>
> openssl pkeyutl -provider-path build -provider default -provider 
> ed25519ph -propquery ?provider=myprovider -verify -inkey example-pub.pem 
> -pubin -in message.txt -rawin -sigfile message.txt.sigp
>
> ed25519ph provider init...
> ed25519ph provider init complete
> operating switch: 22 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02d90
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e02de0
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04630
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e04680
> provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04630
> provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e04680
> operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220dfc6f0
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e07310
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e092d0
> provider/src/ed25519ph_decoder.c - Decoder context new 0x595220e09320
> provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e092d0
> provider/src/ed25519ph_decoder.c - Decoder context free 0x595220e09320
> operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> operating switch: 21 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG, 
> 20=ENC, 21=DEC, 22=STOR), 0x595220dedc90
> Could not find private key of public key from example-pub.pem
> 800BFD680F7A0000:error:1608010C:STORE 
> routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
> 800BFD680F7A0000:error:1608010C:STORE 
> routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
> pkeyutl: Error initializing context
>
> Why does OpenSSL look for the private key in the public key file? The 
> same command using ed25519 and ed25519ph (as pkeyopt) work just fine.
>
> All the best,
> Bernd

--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537

--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/697d1d48-6d42-4613-ac49-0b656fd41359%40b1-systems.de.