[botan-devel] import openssl pkcs8 ecdsa key with Botan 1.10.1

tobeki at gmx.de tobeki at gmx.de
Sun Jul 8 04:22:11 EDT 2012


Hi,

for some testing I created an ecdsa key with openssl and converted it to 
pkcs8 compatible. Then I was trying to import the key with Botan 
PKCS8::load_key as shown below.
But this causes an invalid state exception. Can someone point me out what to 
do/configure to get this working?

Create ecdsa priate key
------------------------------

openssl ecparam -outform PEM -genkey -conv_form uncompressed -param_enc 
named_curve
-out C:\custom_keystore\test-plain-key.pem -name prime256v1

openssl ec -in C:\custom_keystore\test-plain-key.pem -out 
C:\custom_keystore\test-enc-key.pem
-aes128 -passout pass:G3bz1L1gmB5ULietOZdoLPu63D7uwTLMEk

openssl pkcs8 -topk8 -in C:\custom_keystore\test-enc-key.pem
-out C:\custom_keystore\test-enc-pkcs8-key.pem


Result is test-enc-pkcs8-key.pem:
------------------------------

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGwMBsGCSqGSIb3DQEFAzAOBAhLqOHiUDFjTwICCAAEgZD1k1BiBROTLBRoFQG5
gNEipqwBXlKKv+cen7laWHdABXBPGSXBTZGiwsfVPitW+mT3kLHjPZOwJ+55Chka
QkBardzHxD2LwX8BXxDqiv61R/NsGh376+KXxTbZApobC3p40T24wMvX0O04HXaZ
6qPBsRo1byuhn0jM6Qr0O/HnYHH4/fiIN6Iq2HF6/QaUnak=
-----END ENCRYPTED PRIVATE KEY-----


Trying to load that key with Botan API:
--------------------------------------------------

try
   {
      // load key file
      AutoSeeded_RNG rng;
      DataSource_Stream 
prvKeySource("C:\\custom_keystore\\test-enc-pkcs8-key.pem");
      std::auto_ptr<PKCS8_PrivateKey> 
apEcPrivateKey(PKCS8::load_key(prvKeySource, rng,
                                                     "G3bz1L1gmB5ULietOZdoLPu63D7uwTLMEk"));

      // create ECDSA private key
      std::auto_ptr<ECDSA_PrivateKey> apEcdsaPrivateKey;
      apEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcPrivateKey.release()));
      m_spEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcdsaPrivateKey.release()));

      // create ECDSA signer
      ...
    }
    ...


Import failed by calling PKCS8::load_key  in ber_dec.cpp:
---------------------------------------------------------------------------

* Verify that no bytes remain in the source
*/
BER_Decoder& BER_Decoder::verify_end()
{
if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT))
   throw Invalid_State("BER_Decoder::verify_end called, but data remains");
return (*this);
}

Regards,
Tobias 




More information about the botan-devel mailing list