Introduction


The example 'C' program keytest.c demonstrates how to load a private SSL key to perform actions such as digital signing of certificates or other data, using the OpenSSL library functions. The example is assuming a RSA key.

Example Code Listing


/* ------------------------------------------------------------------------ *
 * file:        keytest.c                                                   *
 * purpose:     tests loading of a private key for certificate signing      *
 * author:      02/23/2004 Frank4DD                                         * 
 * ------------------------------------------------------------------------ */
#include <stdio.h>
#include <string.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/evp.h>

int main() {
   EVP_PKEY *privkey;
   FILE *fp;
   RSA *rsakey;

   /* ---------------------------------------------------------- *
    * Next function is essential to enable openssl functions     *
    ------------------------------------------------------------ */
   OpenSSL_add_all_algorithms();

   privkey = EVP_PKEY_new();

   fp = fopen ("test-key.pem", "r");

   PEM_read_PrivateKey( fp, &privkey, NULL, NULL);

   fclose(fp);

   rsakey = EVP_PKEY_get1_RSA(privkey);

   if(RSA_check_key(rsakey)) {
     printf("RSA key is valid.\n");
   }
   else {
     printf("Error validating RSA key.\n");
   }

   RSA_print_fp(stdout, rsakey, 3);

   PEM_write_PrivateKey(stdout,privkey,NULL,NULL,0,0,NULL);

   exit(0);
}

Compiling the Program


Compile the test program with:

fm@susie114:~> gcc keytest.c -o keytest -lssl -lcrypto

Example Output


The program expects a keyfile called ca_key.pem in the same directory it is run. Example key generation using the OpenSSL commandline:

root@susie:/c-code# openssl genrsa -out test-key.pem 512
Generating RSA private key, 512 bit long modulus
.........++++++++++++
..........++++++++++++
e is 65537 (0x10001)

Private keys are commonly protected by a passphrase. Our example handles a unprotected key. If the key loading is successful, the following output is produced for an unencrypted key (of course not a "real" one :-) ) With an incorrect passphrase, the key wont be loaded and the pointer is NULL.

fm@susie114:~> ./keytest
RSA key is valid.
   Private-Key: (512 bit)
   modulus:
       00:a0:7a:15:f4:51:78:c8:35:e5:c3:e8:7e:57:b7:
       9c:8c:96:d7:a2:a3:f9:38:81:fb:9f:4e:96:5a:a8:
       0e:f7:04:56:8e:5a:00:2b:fa:86:ec:4a:e4:47:85:
       75:bd:fe:f8:0b:ed:71:38:8e:f4:c0:c0:98:bf:94:
       7b:09:8a:db:d9
   publicExponent: 65537 (0x10001)
   privateExponent:
       6d:de:48:0b:a6:7f:df:ea:ee:ac:eb:0f:1c:f5:0b:
       8c:41:75:ce:d7:1e:b8:ae:5d:5c:5b:4c:9b:32:b6:
       54:2d:21:9f:bb:15:02:1d:05:9c:1a:fb:ad:f9:79:
       e0:fc:ab:e5:9e:25:8c:6b:75:71:62:cf:bc:87:df:
       3d:1c:46:75
   prime1:
       00:ca:cb:c0:13:70:9c:72:e1:4a:6e:3e:09:dc:a5:
       9d:e2:c4:52:0a:18:dd:dd:ca:6c:86:be:30:e1:1b:
       d8:eb:63
   prime2:
       00:ca:94:17:7b:3e:23:28:c0:d2:3c:82:3d:21:1e:
       0c:1f:8a:d1:4b:c7:a2:0f:ec:2a:5b:53:28:23:d0:
       39:26:93
   exponent1:
       00:a6:2c:8b:39:e2:be:f0:0b:d7:f7:b9:f2:4e:d1:
       8f:2c:b0:7e:21:33:fb:29:b0:a3:79:4e:03:b3:92:
       24:0f:cd
   exponent2:
       00:8a:e1:90:5f:9b:af:fb:06:86:9b:99:26:53:88:
       08:03:af:e5:e1:30:11:f9:1c:8d:c5:62:73:48:6a:
       3e:64:25
   coefficient:
       00:99:a0:bb:db:51:3d:05:24:60:22:6b:73:fc:78:
       26:aa:01:b2:7c:b9:75:8d:3e:70:04:48:4e:18:b4:
       ee:9a:a4
-----BEGIN PRIVATE KEY-----
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAoHoV9FF4yDXlw+h+
V7ecjJbXoqP5OIH7n06WWqgO9wRWjloAK/qG7ErkR4V1vf74C+1xOI70wMCYv5R7
CYrb2QIDAQABAkBt3kgLpn/f6u6s6w8c9QuMQXXO1x64rl1cW0ybMrZULSGfuxUC
HQWcGvut+Xng/KvlniWMa3VxYs+8h989HEZ1AiEAysvAE3CccuFKbj4J3KWd4sRS
Chjd3cpshr4w4RvY62MCIQDKlBd7PiMowNI8gj0hHgwfitFLx6IP7CpbUygj0Dkm
kwIhAKYsiznivvAL1/e58k7RjyywfiEz+ymwo3lOA7OSJA/NAiEAiuGQX5uv+waG
m5kmU4gIA6/l4TAR+RyNxWJzSGo+ZCUCIQCZoLvbUT0FJGAia3P8eCaqAbJ8uXWN
PnAESE4YtO6apA==
-----END RSA PRIVATE KEY-----

OpenSSL Logo

Topics:

Source:

Documentation: