9

I am trying to build a p2p application that requires the following, using RSA in OpenSSL:

-Encryption
-Decryption
-Generating Keys (done)
-Saving and loading keys (done)
-Saving the PUBLIC key as bytes so it can be sent over the sockets
-Loading keys from the above format

I have chosen to use the EVP functions, whatever that means. However I am having supreme difficulty finding which functions I need to use to do these things, and in what order. Official documentation of OpenSSL seems to be non-existant.

Does anyone know what functions I need to use in what order and their prototypes? Any example code lying around would also be nice.

Thanks much in advance,

twitchliquid64.

PS: This is what I have so far

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include <openssl/rand.h>

RSA* Generate_KeyPair(void)
{
  char rand_buff[16];
  EVP_PKEY *pkey = NULL;
  RSA* r;
  char* pass = "passgdfgf";//for now

  int bits = 512;       //      512, 1024, 2048, 4096
  unsigned long exp = RSA_F4;     //      RSA_3
  OpenSSL_add_all_algorithms();

  RAND_seed(rand_buff, 16); //On linux: RAND_load_file("/dev/urandom", 1024);
  r = RSA_generate_key(bits,exp,NULL,NULL);

  if (RSA_check_key(r)!=1);;; //Check key - error out

  //Create EVP to save to file.
  pkey = EVP_PKEY_new();
  EVP_PKEY_assign_RSA(pkey, r);

  //Save private key
  FILE* fp = fopen("private.key", "w");
  PEM_write_PrivateKey(fp,pkey,EVP_aes_256_cbc(),NULL,0,NULL,pass)
  fclose(fp);

  //Save public key
  fp = fopen("public.key", "w");
  PEM_write_PUBKEY(fp, pkey);
  fclose(fp);

  return r;
}

EVP_PKEY* ReadPrivKey_FromFile(char* filename, char* pass)
{
  FILE* fp = fopen(filename, "r");
  EVP_PKEY* key = NULL;
  PEM_read_PrivateKey(fp, &key, NULL, pass);
  fclose(fp);

  return key;
}

EVP_PKEY* ReadPubKey_FromFile(char* filename)
{
  FILE* fp = fopen(filename, "r");
  EVP_PKEY* key = NULL;
  PEM_read_PUBKEY(fp, &key, NULL, NULL);
  fclose(fp);

  return key;
}
64bit_twitchyliquid
  • 894
  • 2
  • 10
  • 22
  • 3
    Honestly, getting direct answers to this question is much more likely to do you a disservice than a service. The trick is having the right framework to achieve your security objectives, and getting all the "little pieces" right does *not* in any way ensure that the system as a whole is secure. You'll be much better off if you start out by saying what you're trying to accomplish. (For example, if you send a public key over a socket, what stops an attacker from substituting his own public key and thus being able to decrypt the message and re-encrypt it with the correct key?) – David Schwartz May 28 '12 at 03:41
  • This is mainly a proof of concept. Secondly, I have solutions to the aboved mentioned problems (man-in-the-middle attack etc), all that remains for me to do is these 'little bits'. – 64bit_twitchyliquid May 28 '12 at 23:49
  • You'll find the example code that comes with OpenSSL more useful than the documentation. For example, documentation of encryption with RSA is shows in `apps/rsa.c`. It may help to work out the OpenSSL command lines to perform each function you want to do with the command line tool and then figure out what the code actually does (by inspecting it) so you can make your code do the same thing. – David Schwartz May 29 '12 at 00:30

1 Answers1

8

As said in a comment on my question:

You'll find the example code that comes with OpenSSL more useful than the documentation. For example, documentation of encryption with RSA is shows in apps/rsa.c. It may help to work out the OpenSSL command lines to perform each function you want to do with the command line tool and then figure out what the code actually does (by inspecting it) so you can make your code do the same thing. – David Schwartz

This example code was exactly what I needed, I advise anyone with a similar problem to consult the rsa code and header file, and also their are small use examples in the documentation as well.

64bit_twitchyliquid
  • 894
  • 2
  • 10
  • 22