Introduction
The example 'C' program keytest.c demonstrates how to load a private SSL key to perform actions such as digital signing of certificates or other data, using the OpenSSL library functions. The example is assuming a RSA key.
Example Code Listing
/* ------------------------------------------------------------------------ *
* file: keytest.c *
* purpose: tests loading of a private key for certificate signing *
* author: 02/23/2004 Frank4DD *
* ------------------------------------------------------------------------ */
#include <stdio.h>
#include <string.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
int main() {
EVP_PKEY *privkey;
FILE *fp;
RSA *rsakey;
/* ---------------------------------------------------------- *
* Next function is essential to enable openssl functions *
------------------------------------------------------------ */
OpenSSL_add_all_algorithms();
privkey = EVP_PKEY_new();
fp = fopen ("test-key.pem", "r");
PEM_read_PrivateKey( fp, &privkey, NULL, NULL);
fclose(fp);
rsakey = EVP_PKEY_get1_RSA(privkey);
if(RSA_check_key(rsakey)) {
printf("RSA key is valid.\n");
}
else {
printf("Error validating RSA key.\n");
}
RSA_print_fp(stdout, rsakey, 3);
PEM_write_PrivateKey(stdout,privkey,NULL,NULL,0,0,NULL);
exit(0);
}
Compiling the Program
Compile the test program with:
fm@susie114:~> gcc keytest.c -o keytest -lssl -lcrypto
Example Output
The program expects a keyfile called ca_key.pem in the same directory it is run. Example key generation using the OpenSSL commandline:
root@susie:/c-code# openssl genrsa -out test-key.pem 512 Generating RSA private key, 512 bit long modulus .........++++++++++++ ..........++++++++++++ e is 65537 (0x10001)
Private keys are commonly protected by a passphrase. Our example handles a unprotected key. If the key loading is successful, the following output is produced for an unencrypted key (of course not a "real" one :-) ) With an incorrect passphrase, the key wont be loaded and the pointer is NULL.
fm@susie114:~> ./keytest RSA key is valid. Private-Key: (512 bit) modulus: 00:a0:7a:15:f4:51:78:c8:35:e5:c3:e8:7e:57:b7: 9c:8c:96:d7:a2:a3:f9:38:81:fb:9f:4e:96:5a:a8: 0e:f7:04:56:8e:5a:00:2b:fa:86:ec:4a:e4:47:85: 75:bd:fe:f8:0b:ed:71:38:8e:f4:c0:c0:98:bf:94: 7b:09:8a:db:d9 publicExponent: 65537 (0x10001) privateExponent: 6d:de:48:0b:a6:7f:df:ea:ee:ac:eb:0f:1c:f5:0b: 8c:41:75:ce:d7:1e:b8:ae:5d:5c:5b:4c:9b:32:b6: 54:2d:21:9f:bb:15:02:1d:05:9c:1a:fb:ad:f9:79: e0:fc:ab:e5:9e:25:8c:6b:75:71:62:cf:bc:87:df: 3d:1c:46:75 prime1: 00:ca:cb:c0:13:70:9c:72:e1:4a:6e:3e:09:dc:a5: 9d:e2:c4:52:0a:18:dd:dd:ca:6c:86:be:30:e1:1b: d8:eb:63 prime2: 00:ca:94:17:7b:3e:23:28:c0:d2:3c:82:3d:21:1e: 0c:1f:8a:d1:4b:c7:a2:0f:ec:2a:5b:53:28:23:d0: 39:26:93 exponent1: 00:a6:2c:8b:39:e2:be:f0:0b:d7:f7:b9:f2:4e:d1: 8f:2c:b0:7e:21:33:fb:29:b0:a3:79:4e:03:b3:92: 24:0f:cd exponent2: 00:8a:e1:90:5f:9b:af:fb:06:86:9b:99:26:53:88: 08:03:af:e5:e1:30:11:f9:1c:8d:c5:62:73:48:6a: 3e:64:25 coefficient: 00:99:a0:bb:db:51:3d:05:24:60:22:6b:73:fc:78: 26:aa:01:b2:7c:b9:75:8d:3e:70:04:48:4e:18:b4: ee:9a:a4 -----BEGIN PRIVATE KEY----- MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAoHoV9FF4yDXlw+h+ V7ecjJbXoqP5OIH7n06WWqgO9wRWjloAK/qG7ErkR4V1vf74C+1xOI70wMCYv5R7 CYrb2QIDAQABAkBt3kgLpn/f6u6s6w8c9QuMQXXO1x64rl1cW0ybMrZULSGfuxUC HQWcGvut+Xng/KvlniWMa3VxYs+8h989HEZ1AiEAysvAE3CccuFKbj4J3KWd4sRS Chjd3cpshr4w4RvY62MCIQDKlBd7PiMowNI8gj0hHgwfitFLx6IP7CpbUygj0Dkm kwIhAKYsiznivvAL1/e58k7RjyywfiEz+ymwo3lOA7OSJA/NAiEAiuGQX5uv+waG m5kmU4gIA6/l4TAR+RyNxWJzSGo+ZCUCIQCZoLvbUT0FJGAia3P8eCaqAbJ8uXWN PnAESE4YtO6apA== -----END RSA PRIVATE KEY-----