[strongSwan] Unable to load the private key without openssl plugin

Kiran Joshi kiran.joshi38 at yahoo.com
Sat Jan 26 02:12:26 CET 2013


Hi Martin,
 
Here's the detail output for the original "key integrity failed" error.
It seems to inciate that the "ASN1 tag 0x30 expected, but is 0x02 log message" is related to some PKCS#8 vs. traditional standard format issue. This is what our setup is generating using our Openssl0.9.8q + OCF cryptodev engine?
 
I used the openssl command line on our setup to generate the key.
root at devux03gw2:/#  openssl req -new -newkey rsa:2048 -nodes -subj '/CN=devux03gw2.uxdev.com/O=Sonus/OU=Symphony/C=US/ST=IL/L=Schaumburg' -keyout mykey2.pem -out myreq2.pem                  
RSA_PKCS1_SSLeay
Generating a 2048 bit RSA private key
RSA_PKCS1_SSLeay
RSA_new_method no engine
rsa->meth->rsa_keygen
RSA_eay_keygen
............................................................................................+++
......................................+++
writing new private key to 'mykey2.pem'
-----
RSA_eay_private_encrypt: padding = 1
 
 
00[ASN]   -----BEGIN RSA PRIVATE KEY-----
00[ASN]   -----END RSA PRIVATE KEY-----
00[ASN] L0 - RSAPrivateKey:
00[ASN] L1 - version:
00[ASN] => 1 bytes @ 0x2675e
00[ASN]    0: 00                                               .
00[ASN] L1 - modulus:
00[ASN] => 257 bytes @ 0x26763
00[ASN]    0: 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0 69 F5 C7 AD  ..[...n..}%.i...
00[ASN]   16: 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D 94 FF AC 2A  V..s.....oH}...*
00[ASN]   32: 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E 86 C2 91 C3  +=..Kd.....n....
00[ASN]   48: 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF B7 82 3C 0D  .z=....P......<.
00[ASN]   64: 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4 D5 28 45 7E  .p.6.........(E~
00[ASN]   80: 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3 87 47 F4 E0  .g....4YO....G..
00[ASN]   96: A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52 0A 99 CB 99  ...M*.F...{R....
00[ASN]  112: EE F9 CE DB BE EF BC 50 66 87 F9 D8 17 72 FB 49  .......Pf....r.I
00[ASN]  128: D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5 F0 BC DC A1  ......v...c.....
00[ASN]  144: EF 27 95 15 2B 37 E3 BD 2A 05 64 F5 8C 0C DD 42  .'..+7..*.d....B
00[ASN]  160: 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB B3 49 EF A8  C&M.Jo;.z.9..I..
00[ASN]  176: BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C C7 36 6A 55  ..Y;.4...2.\.6jU
00[ASN]  192: BA 4C DE CE 80 01 C5 17 E5 3B 5E D6 F0 5F 81 10  .L.......;^.._..
00[ASN]  208: 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7 FC FA 76 AC  ......LL.'....v.
00[ASN]  224: 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72 4B F3 6C C0  ?>J..|.N..zrK.l.
00[ASN]  240: 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F A1 37 B6 9E  ...i.....#...7..
00[ASN]  256: 53                                               
00[ASN] L1 - publicExponent:
00[ASN] => 3 bytes @ 0x26866
00[ASN]    0: 01 00 01                                         ...
00[ASN] L1 - privateExponent:
00[ASN] => 256 bytes @ 0x2686d
00[ASN]    0: 0F D0 BB 27 26 BA 25 69 97 39 E6 61 50 E5 E1 AB  ...'&.%i.9.aP...
00[ASN]   16: 94 95 19 F4 12 6C BE E4 72 2F 0B 6F 34 A9 EF CC  .....l..r/.o4...
00[ASN]   32: 53 A9 00 D6 A0 B6 8F A7 48 3C F0 96 03 D4 31 68  S.......H<....1h
00[ASN]   48: 9A 28 E8 5F 10 8A E0 F7 FB 52 40 D8 BE 85 B9 97  .(._.....R at .....
00[ASN]   64: 52 7D 4D 69 2F D2 5F E7 25 D9 4D 7C F3 32 5F D4  R}Mi/._.%.M|.2_.
00[ASN]   80: 3B 76 38 2D 74 80 99 D8 E6 09 DF 45 7D 76 93 97  ;v8-t......E}v..
00[ASN]   96: 5B 54 50 4E E7 E8 D2 09 62 7A FD 51 76 4B 6E 76  [TPN....bz.QvKnv
00[ASN]  112: EF 07 4F FD 38 3C DD 15 3C DC ED 07 3E 66 66 53  ..O.8<..<...>ffS
00[ASN]  128: 10 F5 EA 92 0F 29 45 6C 4E 91 04 BF 2F AF 8F 94  .....)ElN.../...
00[ASN]  144: 6B 46 76 D3 1B 7C 6C E0 A6 32 B8 49 C3 37 25 EA  kFv..|l..2.I.7%.
00[ASN]  160: 8D 0B F4 48 19 D9 5C DC B5 8F 2F BA 42 50 AB 4B  ...H..\.../.BP.K
00[ASN]  176: A2 4B E0 1C 3B 0B B6 FF F7 FC 4B EC F2 0E D8 E8  .K..;.....K.....
00[ASN]  192: E4 72 15 74 28 79 48 26 FC 8F 00 08 A2 7F 7A BD  .r.t(yH&......z.
00[ASN]  208: 78 47 ED 44 49 93 AE 62 55 DA 62 C6 56 75 17 E7  xG.DI..bU.b.Vu..
00[ASN]  224: B3 80 88 71 F2 BF FE F3 D6 76 5E F2 B6 88 A7 BA  ...q.....v^.....
00[ASN]  240: AB C1 36 C1 2D 6C 1D 7A 2F E4 3A E2 7B 49 BC C9  ..6.-l.z/.:.{I.
00[ASN] L1 - prime1:
00[ASN] => 129 bytes @ 0x26970
00[ASN]    0: 00 FB F2 DE A0 94 D7 FB 11 1F 15 81 3D 7D 09 18  ............=}..
00[ASN]   16: A1 BE 6E A9 84 59 65 E3 51 D4 83 FE 84 88 15 B8  ..n..Ye.Q.......
00[ASN]   32: 12 A4 DB 0D 29 37 5E E2 16 DB 8B 19 27 B3 57 82  ....)7^.....'.W.
00[ASN]   48: 92 50 05 78 92 E8 32 9B 73 34 7B 14 D2 2C 93 EC  .P.x..2.s4{..,..
00[ASN]   64: 88 4A 58 BE 39 5A 98 1E 62 3C 12 34 54 0A C1 A9  .JX.9Z..b<.4T...
00[ASN]   80: 0A 44 6F 27 C5 7C 63 26 BD AF 44 B3 36 30 C4 32  .Do'.|c&..D.60.2
00[ASN]   96: 8B 10 E3 76 B3 19 90 4D 58 CE B5 7A 2F 3E 72 3E  ...v...MX..z/>r>
00[ASN]  112: BC 68 24 E3 D2 09 AC EA 28 07 FB 55 1E 8B 29 40  .h$.....(..U..)@
00[ASN]  128: D7                                               .
00[ASN] L1 - prime2:
00[ASN] => 129 bytes @ 0x269f4
00[ASN]    0: 00 E5 FF 4D F0 5E 2B F7 EF AF E7 C5 C7 68 5F 91  ...M.^+......h_.
00[ASN]   16: CD 2A D1 E2 08 21 70 5B 60 B6 6B C1 7F BF 51 CA  .*...!p[`.k...Q.
00[ASN]   32: 9C 93 A4 8E 0E C2 EF 65 F4 FC 1E 7B A7 7B D1 96  .......e...{.{..
00[ASN]   48: 75 61 83 09 69 F6 1B 1F 76 98 5B 7B 7D 82 62 AF  ua..i...v.[{}.b.
00[ASN]   64: 34 BA BD 6A E3 6B E3 A5 21 E6 FA FA 2E 9C 6A 21  4..j.k..!.....j!
00[ASN]   80: EC EF 78 26 74 2D D0 1A CF D6 80 EA 2B 68 81 89  ..x&t-......+h..
00[ASN]   96: 41 EF 8E 8F 69 13 66 48 19 9A CC E2 95 45 B3 C4  A...i.fH.....E..
00[ASN]  112: 8B 62 E1 A1 2E 29 A4 92 06 EE C5 FC A5 C6 33 92  .b...)........3.
00[ASN]  128: E5                                               .
00[ASN] L1 - exponent1:
00[ASN] => 257 bytes @ 0x26a79
00[ASN]    0: 00 D7 F2 E1 8F 5F 3A 60 A2 36 9F 27 A8 9D 9A A8  ....._:`.6.'....
00[ASN]   16: 56 E5 90 7C 4D 33 BE CC 48 1E 50 59 8C 3A AB B2  V..|M3..H.PY.:..
00[ASN]   32: 14 DC D7 2F B0 B5 8C 0C 43 85 1A 95 A5 0C E3 08  .../....C.......
00[ASN]   48: 64 78 1B DA F0 A5 4D 51 2D C9 6C D5 95 1C 21 69  dx....MQ-.l...!i
00[ASN]   64: 82 67 AD 55 B1 68 34 DC BC 8F B9 2F 42 63 27 88  .g.U.h4..../Bc'.
00[ASN]   80: 95 A0 59 58 4C 4C 59 78 0A C0 BA D3 72 90 B9 93  ..YXLLYx....r...
00[ASN]   96: 94 4D 63 EF EB CF 7C 14 B8 48 8A 98 9E FD 98 24  .Mc...|..H.....$
00[ASN]  112: 15 75 4B 34 49 79 A5 5E 84 3E 7C 44 16 B1 58 E7  .uK4Iy.^.>|D..X.
00[ASN]  128: B4 9F 2A 7E 39 17 DB 53 E8 23 5C D4 A7 C6 72 B9  ..*~9..S.#\...r.
00[ASN]  144: 1B 38 F7 45 93 C1 F9 1A 9B 03 59 76 29 13 4D B6  .8.E......Yv).M.
00[ASN]  160: 09 9A 93 F1 1C AD 1C A1 CD AD B7 79 D3 01 1C 46  ...........y...F
00[ASN]  176: 39 A3 1D 3E B1 9E B9 8F 38 1B 39 0F DC 41 76 7B  9..>....8.9..Av{
00[ASN]  192: 6B 78 FA CA 05 94 E0 CE C1 FE 8B F9 5D FE 74 EF  kx..........].t.
00[ASN]  208: EC 2A 74 EF DB 83 BF F0 63 65 8B B6 68 4D 7A 86  .*t.....ce..hMz.
00[ASN]  224: 0A 90 6E C6 31 AE 01 DD 99 7C 87 E5 86 0A A3 D1  ..n.1....|......
00[ASN]  240: 8E 5A 63 A4 31 3A 02 22 2F 13 A8 40 13 57 F4 94  .Zc.1:."/.. at .W..
00[ASN]  256: E7                                               
00[ASN] L1 - exponent2:
00[ASN] => 256 bytes @ 0x26b7e
00[ASN]    0: 62 08 1C 0D 4C 16 4C 2D C9 71 9E E6 FE B5 3A F7  b...L.L-.q....:.
00[ASN]   16: 66 0C EF 18 B3 13 A7 75 58 A9 2C F0 78 B8 DB 0D  f......uX.,.x...
00[ASN]   32: 93 A5 8F FC 1D 36 2B AB 3D CE 94 21 40 02 3F 1F  .....6+.=..!@.?.
00[ASN]   48: A6 6A D1 AC 38 84 8F D2 BD 39 78 26 EB 8D D2 F0  .j..8....9x&....
00[ASN]   64: 44 EB E3 40 9D 79 34 B9 DE 6D 2F D3 91 DF 75 4B  D.. at .y4..m/...uK
00[ASN]   80: B0 9D F3 3A 2D 80 E7 A9 37 E2 1E 28 5A 41 0B 5E  ...:-...7..(ZA.^
00[ASN]   96: 12 5F 5C C0 A3 68 D0 4F 97 92 59 9D AB AB 11 40  ._\..h.O..Y....@
00[ASN]  112: 74 66 F5 4D D7 32 26 3D 00 97 81 8A C6 53 53 66  tf.M.2&=.....SSf
00[ASN]  128: 18 D3 C1 98 FB 4A FC F5 F3 0B 23 1E C0 90 D6 41  .....J....#....A
00[ASN]  144: 3F 09 1C 87 8B 65 C5 9F 5B 0A 7D A8 08 86 CE 7C  ?....e..[.}....|
00[ASN]  160: 6C 78 81 D0 BA B6 5B 84 D0 5B 9E EE 3A 3C 1F C8  lx....[..[..:<..
00[ASN]  176: 3F 90 DD 31 B4 EF C6 95 9C E3 EA 54 5F 3A 34 00  ?..1.......T_:4.
00[ASN]  192: 4A 82 B4 CD 6B 82 40 FA 96 EB B3 6C 7B 00 B8 EC  J...k. at ....l{...
00[ASN]  208: 11 1B 10 C8 3F DB 67 87 66 6F D9 5A 4A E7 F9 A2  ....?.g.fo.ZJ...
00[ASN]  224: C0 AF E6 C6 FE 31 56 B2 9C A5 DD 2B ED 19 75 C0  .....1V....+..u.
00[ASN]  240: D4 CF 1C 2C C3 FA FE ED 45 54 1E 16 05 7B DD A1  ...,....ET...{.
00[ASN] L1 - coefficient:
00[ASN] => 129 bytes @ 0x26c81
00[ASN]    0: 00 D1 11 4F C8 2E 46 7D 1B 3E B4 8D 13 44 EE F2  ...O..F}.>...D..
00[ASN]   16: 9D 64 EF AC 88 5F 48 97 48 5B AA 8C 31 25 87 ED  .d..._H.H[..1%..
00[ASN]   32: 1C 99 49 F2 B8 DC CF 9F 8F 0E FB 4F 37 73 1F 68  ..I........O7s.h
00[ASN]   48: 39 4C F8 15 56 D5 29 15 E5 C1 11 79 03 2B EB C0  9L..V.)....y.+..
00[ASN]   64: 16 60 3C 68 62 74 0D 64 C0 FB D2 C7 D0 3F 99 3A  .`<hbt.d.....?.:
00[ASN]   80: 85 F5 16 1F 34 04 54 43 F3 57 9C 81 C4 6A 34 51  ....4.TC.W...j4Q
00[ASN]   96: CA AA 79 DF 91 1F 0E 61 21 FF 35 8C 13 E6 A8 D7  ..y....a!.5.....
00[ASN]  112: 05 3A 05 D1 08 D1 DA D3 2E 77 9A 6C 22 4E 89 F8  .:.......w.l"N..
00[ASN]  128: 3D                                               =
00[LIB] key integrity tests failed
00[ASN] L0 - encryptedPrivateKeyInfo:
00[ASN] L1 - encryptionAlgorithm:
00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02
00[ASN] => 3 bytes @ 0x2675c
00[ASN]    0: 02 01 00                                         ...
00[ASN] L0 - privateKeyInfo:
00[ASN] L1 - version:
00[ASN] => 1 bytes @ 0x2675e
00[ASN]    0: 00                                               .
00[ASN] L1 - privateKeyAlgorithm:
00[ASN] L2 - algorithmIdentifier: ASN1 tag 0x30 expected, but is 0x02
00[ASN] => 261 bytes @ 0x2675f
00[ASN]    0: 02 82 01 01 00 E2 5B 84 C6 04 6E ED 97 7D 25 F0  ......[...n..}%.
00[ASN]   16: 69 F5 C7 AD 56 B9 FC 73 AE 9E B5 FF 0F 6F 48 7D  i...V..s.....oH}
00[ASN]   32: 94 FF AC 2A 2B 3D F6 BF 4B 64 DE 15 AE ED 9E 6E  ...*+=..Kd.....n
00[ASN]   48: 86 C2 91 C3 8D 7A 3D F9 A0 00 8E 50 1B 85 CC AF  .....z=....P....
00[ASN]   64: B7 82 3C 0D 07 70 B0 36 ED AC E5 A6 F7 FD C9 F4  ..<..p.6........
00[ASN]   80: D5 28 45 7E 8D 67 F5 05 A0 E2 34 59 4F E2 A2 C3  .(E~.g....4YO...
00[ASN]   96: 87 47 F4 E0 A1 D8 F5 4D 2A 1C 46 1A D8 D6 7B 52  .G.....M*.F...{R
00[ASN]  112: 0A 99 CB 99 EE F9 CE DB BE EF BC 50 66 87 F9 D8  ...........Pf...
00[ASN]  128: 17 72 FB 49 D4 C8 01 04 ED 2E 76 A5 E2 1D 63 C5  .r.I......v...c.
00[ASN]  144: F0 BC DC A1 EF 27 95 15 2B 37 E3 BD 2A 05 64 F5  .....'..+7..*.d.
00[ASN]  160: 8C 0C DD 42 43 26 4D 07 4A 6F 3B ED 7A F4 39 AB  ...BC&M.Jo;.z.9.
00[ASN]  176: B3 49 EF A8 BA A1 59 3B 9B 34 F5 01 F4 32 B7 5C  .I....Y;.4...2.\
00[ASN]  192: C7 36 6A 55 BA 4C DE CE 80 01 C5 17 E5 3B 5E D6  .6jU.L.......;^.
00[ASN]  208: F0 5F 81 10 9F 98 D6 AD 00 12 4C 4C E7 27 C6 A7  ._........LL.'..
00[ASN]  224: FC FA 76 AC 3F 3E 4A C6 1F 7C 2E 4E 8C 0A 7A 72  ..v.?>J..|.N..zr
00[ASN]  240: 4B F3 6C C0 19 14 DF 69 AF 16 B5 C7 01 23 F3 9F  K.l....i.....#..
00[ASN]  256: A1 37 B6 9E 53                                   .7..
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
00[CFG]   loading private key from '/tmp/ssl/private/MyServerKey.pem' failed
  
Regards  Kiran

________________________________
 From: Martin Willi <martin at strongswan.org>
To: Kiran Joshi <kiran.joshi38 at yahoo.com> 
Cc: "users at lists.strongswan.org" <users at lists.strongswan.org> 
Sent: Thursday, January 24, 2013 2:59 AM
Subject: Re: [strongSwan] Unable to load the private key without openssl plugin
  
Hi Kiran,

> 00[LIB] key integrity tests failed: chect that exp1(150380) is d(150368) mod (p(150344)-1), t=-1097449556
> 00[LIB] key integrity tests failed: checkt that exp2(150392) is d(150368) mod (q(150356)-1), t=-1097449556

Seems like this key is definitely invalid. By definition in PKCS#1:
  exponent1 is d mod (p - 1)
  exponent2 is d mod (q - 1)

But in your key, this is not the case.

> is created with the openssl -engine cryptodev (OCF + h/w driver) option.

Looks like a bug to me in your hardware or driver.

> works fine for our SIP TLS 

This is absolutely possible, for example if it regenerates the
exponents. Nonetheless, the key is not valid according to PKCS#1.

Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130125/6377943c/attachment.html>


More information about the Users mailing list