
Zippy1970
Novice
Feb 2, 2014, 3:20 AM
Post #1 of 2
(14867 views)
|
Crypt::OpenSSL::RSA -> AES 128 not supported?
|
Can't Post
|
|
The short version If I create an RSA private key using:
openssl genrsa -aes128 -out priv.pem -passout pass:[privateKeyPass] 2048
I get an error on this line of code:
151: my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key( $key_string ); RSA.xs:178: OpenSSL error: unsupported encryption at test.pl line 151.
If I omit the -aes128 parameter, I don't get an error. Question: How can I get Crypt::OpenSSL::RSA to support AES 128? The long version (you can skip this if you want) I was trying to digitally sign XML using XML::Sig but as it turned out it wasn't possible to create the proper signed XML using XML::Sig for my purpose (online payments). So I ended up writing my own XML signing routine. AFAICT, my code should work. It creates a signed XML that meets all requirements from the bank yet when I send this signed XML to the bank, it returns an error that the electronic signature is invalid. I've looked over my code a thousand times and I'm 99.99% sure it (no longer) contains any errors. But of course, you can never be 100% sure. Now the only thing I can think of that might cause the problem, is the private key (and certificate) I'm using. The bank's implementation guidelines state that you should create your private key as follows:
openssl genrsa -aes128 -out priv.pem -passout pass:[privateKeyPass] 2048
The problem is that if I create this key like this, I get an error on this line of code:
151: my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key( $key_string ); RSA.xs:178: OpenSSL error: unsupported encryption at test.pl line 151.
If I create my private key without AES 128 encryption (by ommitting the -aes128 parameter) like this:
openssl genrsa -out priv.pem -passout pass:[privateKeyPass] 2048
I don't get that error and it happily signs the XML - but then I get the "invalid electronic signature" error from the bank. Like I said, I don't know if the error is caused because I don't create the key exactly as they want. But I can't rule it out. I actually have another thread related to this, but since that thread is about signing XML, and this thread is about getting Crypt::OpenSSL::RSA to work with AES 128, I created a new thread to avoid two seperate issues being discussed in one thread and cause confusion.
|