Question:
What is the cause of this error?
ChilkatLog: OpenSslSignStringENC: DllDate: Aug 15 2013 ChilkatVersion: 9.4.1.42 UnlockPrefix: xxx Username: xxx Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 inputNumBytes: 16 modulusBitlen: 1024 RSA_padAndSign: KeyType: Private HashInSize: 16 modulusBitlen: 1024 paddedInSize: 128 Private key required, but not provided sigOutSize: 0 --RSA_padAndSign signatureNumBytes: 0 Failed. --OpenSslSignStringENC --ChilkatLog
this is my script using PowerBuilder (all declarations and results checks omitted):
loo_Cert.ConnectToNewObject("Chilkat_9_5_0.Cert") loo_Cert.LoadFromFile("x.cer") loo_PubKey = loo_Cert.ExportPublicKey()// Let's have a look at it (in XML format). mle_1.text = "Public Key from Certificate:" + loo_PubKey.GetXml() + ls_crlf mle_1.text += "SubjectDN:" + loo_Cert.SubjectDN + ls_crlf mle_1.text += "Common Name:" + loo_Cert.SubjectCN + ls_crlf mle_1.text += "Issuer Common Name:" + loo_Cert.IssuerCN + ls_crlf mle_1.text += "Serial Number:" + loo_Cert.SerialNumber + ls_crlf // -------------------------------------------------------------------- ALL IS OK
ls_PubKey = loo_PubKey.GetXml() loo_Rsa.ConnectToNewObject("Chilkat_9_5_0.Rsa") loo_Rsa.UnlockComponent("xxx") loo_Rsa.ImportPublicKey(ls_PubKey)
// just to be sure loo_Rsa.EncodingMode = "base64" loo_Rsa.OaepPadding = 0 loo_Rsa.LittleEndian = 0
ls_StrData = "xxx"
// Create an OpenSSL style signature: ls_Sig = loo_Rsa.OpenSslSignStringENC(ls_StrData)
BUT ls_Sig IS EMPTY !!!
The problem is that a private key is required for creating signatures. A .cer file contains only a certificate (and by default the cert's public key). It does not contain the associated private key. Typically, private keys are stored in .pfx/.p12 files, or in Java KeyStore files. (They may also be pre-installed on Windows systems.) The solution is to load the private key and call loo_Rsa.ImportPrivateKey before trying to create the signature via OpenSslSignStringENC.
I've got the same problem, trying to duplicate the openssl rsautl command using a .cer file.
After calling OpenSslSignString, the Rsa object return "Private key required" error to me; but using che command
openssl.exe rsautl -encrypt -in secret.txt -out secret.enc -inkey SanitelCF.cer -certin -pkcs
it works, and the certificate is the same!
How to explain this?