CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
Crypt::OpenSSL::RSA -> AES 128 not supported?

 



Zippy1970
Novice

Feb 2, 2014, 3:20 AM

Post #1 of 2 (8817 views)
Crypt::OpenSSL::RSA -> AES 128 not supported? Can't Post

The short version

If I create an RSA private key using:

openssl genrsa -aes128 -out priv.pem -passout pass:[privateKeyPass] 2048

I get an error on this line of code:
151: my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key( $key_string );

RSA.xs:178: OpenSSL error: unsupported encryption at test.pl line 151.

If I omit the -aes128 parameter, I don't get an error.

Question: How can I get Crypt::OpenSSL::RSA to support AES 128?


The long version (you can skip this if you want)

I was trying to digitally sign XML using XML::Sig but as it turned out it wasn't possible to create the proper signed XML using XML::Sig for my purpose (online payments).

So I ended up writing my own XML signing routine.

AFAICT, my code should work. It creates a signed XML that meets all requirements from the bank yet when I send this signed XML to the bank, it returns an error that the electronic signature is invalid.

I've looked over my code a thousand times and I'm 99.99% sure it (no longer) contains any errors. But of course, you can never be 100% sure.

Now the only thing I can think of that might cause the problem, is the private key (and certificate) I'm using.

The bank's implementation guidelines state that you should create your private key as follows:

openssl genrsa -aes128 -out priv.pem -passout pass:[privateKeyPass] 2048

The problem is that if I create this key like this, I get an error on this line of code:
151: my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key( $key_string );

RSA.xs:178: OpenSSL error: unsupported encryption at test.pl line 151.

If I create my private key without AES 128 encryption (by ommitting the -aes128 parameter) like this:

openssl genrsa -out priv.pem -passout pass:[privateKeyPass] 2048

I don't get that error and it happily signs the XML - but then I get the "invalid electronic signature" error from the bank. Like I said, I don't know if the error is caused because I don't create the key exactly as they want. But I can't rule it out.

I actually have another thread related to this, but since that thread is about signing XML, and this thread is about getting Crypt::OpenSSL::RSA to work with AES 128, I created a new thread to avoid two seperate issues being discussed in one thread and cause confusion.


Zippy1970
Novice

Feb 2, 2014, 10:05 AM

Post #2 of 2 (8798 views)
Re: [Zippy1970] Crypt::OpenSSL::RSA -> AES 128 not supported? [In reply to] Can't Post

To (partly) answer my own question:

Adding the following code gets rid of the "unsupported encryption" error:
use Net::SSLeay;
Net::SSLeay::OpenSSL_add_all_algorithms();

The only problem is that it also causes a prompt to appear that asks me for the passkey, but when I manually enter that the program continues. So for now (for testing purposes) that's sufficient.

Turned out I still get the "invalid electronic signature" error from the bank so the problem I was trying to solve still exists. But I'll pick that up in the other thread.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives