| RSA_check_key.3 (100947) | RSA_check_key.3 (110010) |
|---|---|
| 1.\" Automatically generated by Pod::Man version 1.15 | 1.\" Automatically generated by Pod::Man version 1.15 |
| 2.\" Tue Jul 30 09:21:49 2002 | 2.\" Mon Jan 13 19:28:31 2003 |
| 3.\" 4.\" Standard preamble: 5.\" ====================================================================== 6.de Sh \" Subsection heading 7.br 8.if t .Sp 9.ne 5 10.PP --- 122 unchanged lines hidden (view full) --- 133. ds Th \o'LP' 134. ds ae ae 135. ds Ae AE 136.\} 137.rm #[ #] #H #V #F C 138.\" ====================================================================== 139.\" 140.IX Title "RSA_check_key 3" | 3.\" 4.\" Standard preamble: 5.\" ====================================================================== 6.de Sh \" Subsection heading 7.br 8.if t .Sp 9.ne 5 10.PP --- 122 unchanged lines hidden (view full) --- 133. ds Th \o'LP' 134. ds ae ae 135. ds Ae AE 136.\} 137.rm #[ #] #H #V #F C 138.\" ====================================================================== 139.\" 140.IX Title "RSA_check_key 3" |
| 141.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL" | 141.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL" |
| 142.UC 143.SH "NAME" 144RSA_check_key \- validate private \s-1RSA\s0 keys 145.SH "SYNOPSIS" 146.IX Header "SYNOPSIS" 147.Vb 1 148\& #include <openssl/rsa.h> 149.Ve --- 19 unchanged lines hidden (view full) --- 169If the key is invalid or an error occurred, the reason code can be 170obtained using ERR_get_error(3). 171.SH "NOTES" 172.IX Header "NOTES" 173This function does not work on \s-1RSA\s0 public keys that have only the modulus 174and public exponent elements populated. It performs integrity checks on all 175the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private 176key data too. | 142.UC 143.SH "NAME" 144RSA_check_key \- validate private \s-1RSA\s0 keys 145.SH "SYNOPSIS" 146.IX Header "SYNOPSIS" 147.Vb 1 148\& #include <openssl/rsa.h> 149.Ve --- 19 unchanged lines hidden (view full) --- 169If the key is invalid or an error occurred, the reason code can be 170obtained using ERR_get_error(3). 171.SH "NOTES" 172.IX Header "NOTES" 173This function does not work on \s-1RSA\s0 public keys that have only the modulus 174and public exponent elements populated. It performs integrity checks on all 175the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private 176key data too. |
| 177.PP 178Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work 179transparently with any underlying \s-1ENGINE\s0 implementation because it uses the 180key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can 181override the way key data is stored and handled, and can even provide 182support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR 183key data at all! If the \s-1ENGINE\s0 in question is only being used for 184acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data 185is complete and untouched, but this can't be assumed in the general case. 186.SH "BUGS" 187.IX Header "BUGS" 188A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need 189to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure 190elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and 191completely violating encapsulation and object-orientation in the process). 192The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the 193\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also 194provide their own verifiers. |
|
| 177.SH "SEE ALSO" 178.IX Header "SEE ALSO" | 195.SH "SEE ALSO" 196.IX Header "SEE ALSO" |
| 179rsa(3), err(3) | 197rsa(3), ERR_get_error(3) |
| 180.SH "HISTORY" 181.IX Header "HISTORY" | 198.SH "HISTORY" 199.IX Header "HISTORY" |
| 182\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. | 200\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. |