159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191SkrisRSA_check_key - validate private RSA keys 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191Skris #include <openssl/rsa.h> 1059191Skris 1159191Skris int RSA_check_key(RSA *rsa); 1259191Skris 1359191Skris=head1 DESCRIPTION 1459191Skris 1559191SkrisThis function validates RSA keys. It checks that B<p> and B<q> are 1659191Skrisin fact prime, and that B<n = p*q>. 1759191Skris 1859191SkrisIt also checks that B<d*e = 1 mod (p-1*q-1)>, 1959191Skrisand that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. 2059191Skris 21100936SnectarAs such, this function can not be used with any arbitrary RSA key object, 22100936Snectareven if it is otherwise fit for regular RSA operation. See B<NOTES> for more 23100936Snectarinformation. 2459191Skris 2559191Skris=head1 RETURN VALUE 2659191Skris 2759191SkrisRSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise. 2859191Skris-1 is returned if an error occurs while checking the key. 2959191Skris 3059191SkrisIf the key is invalid or an error occurred, the reason code can be 3159191Skrisobtained using L<ERR_get_error(3)|ERR_get_error(3)>. 3259191Skris 33100936Snectar=head1 NOTES 34100936Snectar 35100936SnectarThis function does not work on RSA public keys that have only the modulus 36100936Snectarand public exponent elements populated. It performs integrity checks on all 37100936Snectarthe RSA key material, so the RSA key structure must contain all the private 38100936Snectarkey data too. 39100936Snectar 40109998SmarkmUnlike most other RSA functions, this function does B<not> work 41109998Smarkmtransparently with any underlying ENGINE implementation because it uses the 42109998Smarkmkey data in the RSA structure directly. An ENGINE implementation can 43109998Smarkmoverride the way key data is stored and handled, and can even provide 44109998Smarkmsupport for HSM keys - in which case the RSA structure may contain B<no> 45109998Smarkmkey data at all! If the ENGINE in question is only being used for 46109998Smarkmacceleration or analysis purposes, then in all likelihood the RSA key data 47109998Smarkmis complete and untouched, but this can't be assumed in the general case. 48109998Smarkm 49109998Smarkm=head1 BUGS 50109998Smarkm 51109998SmarkmA method of verifying the RSA key using opaque RSA API functions might need 52109998Smarkmto be considered. Right now RSA_check_key() simply uses the RSA structure 53109998Smarkmelements directly, bypassing the RSA_METHOD table altogether (and 54109998Smarkmcompletely violating encapsulation and object-orientation in the process). 55109998SmarkmThe best fix will probably be to introduce a "check_key()" handler to the 56109998SmarkmRSA_METHOD function table so that alternative implementations can also 57109998Smarkmprovide their own verifiers. 58109998Smarkm 5959191Skris=head1 SEE ALSO 6059191Skris 61109998SmarkmL<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> 6259191Skris 6359191Skris=head1 HISTORY 6459191Skris 65109998SmarkmRSA_check_key() appeared in OpenSSL 0.9.4. 6659191Skris 6759191Skris=cut 68