Test code
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
# include <openssl/e_os2.h>
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/ssl.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/rand.h>
static
void
loadRsaPrivateKey(const char * file, const char * passphrase);
static
void
genRsaPrivateKey(const char * file, const char * passphrase);
int
main(int argc, char * argv[])
{
// initialize openssl library
// Notice, if not initialized,
// some decryption routine will fail.
// but, if links in all algos, prog will grow large.
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
// generate test rsa key into local file.
genRsaPrivateKey("bobkey.pem", "passphrase");
// load tes ras key from local file.
loadRsaPrivateKey("bobkey.pem","passphrase");
// cleanup library
EVP_cleanup();
return 0;
}
static
void
loadRsaPrivateKey(const char * file, const char * passphrase)
{
BIO * in = BIO_new(BIO_s_file());
if (!in) return ;
if (BIO_read_filename(in, (char*)file) <= 0)
return ;
RSA * x = PEM_read_bio_RSAPrivateKey(in \
, NULL /*or, &x */
, NULL /*void callback*/
, (void *)passphrase);
if (!x) return ;
BIO * bio_err = NULL;
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
//RSA_print_fp(stdout, x, 0);
RSA_print(bio_err, x, 0);
if (x) RSA_free(x);
else{
/*Error*/
ERR_print_errors_fp(stdout);
}
x = NULL;
if (in) BIO_free(in);
in = NULL;
return ;
}
static
void
genRsaPrivateKey(const char * file, const char * passphrase)
{
BIO *out = BIO_new(BIO_s_file());
BIO_write_filename(out, (char*)file);
BIGNUM *bn = BN_new();
BN_set_word(bn, RSA_F4);
RSA *rsa = RSA_new();
RSA_generate_key_ex(rsa, 2048 /*key bits*/, bn, NULL);
PEM_write_bio_RSAPrivateKey(out
, rsa
, EVP_des_ede3_cbc()
, NULL, 0
, NULL, (void*)passphrase);
if (rsa) RSA_free(rsa);
if (bn) BN_free(bn);
if (out) BIO_free(out);
}
Notice:
For the PEM write routines if the kstr parameter is not NULL then klen bytes at kstr are used as the passphrase and cb is ignored.
If the cb parameters is set to NULL and the u parameter is not NULL then the u parameter is interpreted as a null terminated string to use as the passphrase.
If both cb and u are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off.
Default pass phrase callback definition, as following:
int cb(char *buf, int size, int rwflag, void *u);
Error
- Failed to call
PEM_read_bio_RSAPrivateKey()
$ ./genrsa.exe
7040:error:0906B072:lib(9):func(107):reason(114):pem_lib.c:537:
check error code with openssl errstr
utility
$ openssl errstr 0906b027
error:0906B027:PEM routines:PEM_get_EVP_CIPHER_INFO:OCSP lib
Reason
- crypt algorithms is neither initialized nor loaded.
check these following links about openssl library initialization routines.
// initially
OpenSSL_add_all_algorithms()
// or, OpenSSL_add_all_digests() && OpenSSL_add_all_ciphers()
//
// finally
EVP_cleanup()