Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

Unable to load public key when encrypting data with openssl
Monday - Oct 10th 2016 - by - (0 comments)

For an inhouse application I needed to add a monitoring of the login process. Usually that's pretty simple as most systems just use a form with username and password and send a POST of the values. 

But not in this case. I figured that the login procedure was much more complicated:

1) Make a POST request to a URL to retrieve server tokens

2) With the received tokens make yet another POST request and retrieve the string of a public RSA key

3) Encrypt the real password with the received public key and send it with yet another POST request

So far all my steps were working until I needed to encrypt the password with the public key with openssl.
The received public key was saved in a file tmpkey.pub:

$ cat tmpkey.pub
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALdjFsLLaCgRkWaOMLrUPQgGAPM4DXHnq9bAkd1VFwdSIgNkTxY0Bcvr1PxUkNHlYwFjAx/lGEqish6yCgeLURsCAwEAAQ==
-----END PUBLIC KEY-----

I then tried to encrypt the password with this key but it failed:

$ echo "myPassword" | openssl rsautl -encrypt -pubin -inkey tmpkey.pub
unable to load Public Key

Huh? Where did I make the mistake? I came across a blog post (Fun with public keys) by Peter Williams where the author had not the same but a similar problem.
His advice, to verify the public key was a big help though:

$ openssl rsa -text -pubin < tmpkey.pub
unable to load Public Key
139783763789472:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:812:

bad base64 decode! This error message helps!

I found another article from a different blog which had some information how to debug this error. In my case, the number of characters per line exceeded 64 which is a must for openssl - d'uh!

With the command "fold" the output of a file can be cut to a certain number of lines (-w N):

$ fold -w 64 tmpkey.pub
-----BEGIN RSA PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALdjFsLLaCgRkWaOMLrUPQgGAPM4DXHn
q9bAkd1VFwdSIgNkTxY0Bcvr1PxUkNHlYwFjAx/lGEqish6yCgeLURsCAwEAAQ==
-----END RSA PUBLIC KEY-----

Nice! Now I saved this output in my tmpkey.pub and tried the validation again:

$ openssl rsa -text -pubin < tmpkey.pub
Public-Key: (512 bit)
Modulus:
    00:b7:63:16:c2:cb:68:28:11:91:66:8e:30:ba:d4:
    3d:08:06:00:f3:38:0d:71:e7:ab:d6:c0:91:dd:55:
    17:07:52:22:03:64:4f:16:34:05:cb:eb:d4:fc:54:
    90:d1:e5:63:01:63:03:1f:e5:18:4a:a2:b2:1e:b2:
    0a:07:8b:51:1b
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALdjFsLLaCgRkWaOMLrUPQgGAPM4DXHn
q9bAkd1VFwdSIgNkTxY0Bcvr1PxUkNHlYwFjAx/lGEqish6yCgeLURsCAwEAAQ==
-----END PUBLIC KEY-----

Gotcha!

Now I could get back to encrypt the password with the public key:

$ echo "myPassword" | openssl rsautl -encrypt -pubin -inkey tmpkey.pub | base64
WRoZqrXGmcF5/6xTkB437nv+BCqF4XlkEhS6Gx8RIje496tMn/38WOt5QxE8EympP8NsFtVLJxJm
r1/UHkySvw==

 

 

Add a comment

Show form to leave a comment

Comments (newest first):

No comments yet.

Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6939 Days
until Death of Computers
Why?