Archived Forum Post

Index of archived forum posts

Question:

RSA signing error: Private key required, but not provided

Dec 10 '15 at 04:27

What is the cause of this error? 

ChilkatLog:
  OpenSslSignStringENC:
    DllDate: Aug 15 2013
    ChilkatVersion: 9.4.1.42
    UnlockPrefix: xxx
    Username: xxx
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
    inputNumBytes: 16
    modulusBitlen: 1024
    RSA_padAndSign:
      KeyType: Private
      HashInSize: 16
      modulusBitlen: 1024
      paddedInSize: 128
      Private key required, but not provided
      sigOutSize: 0
    --RSA_padAndSign
    signatureNumBytes: 0
    Failed.
  --OpenSslSignStringENC
--ChilkatLog

this is my script using PowerBuilder (all declarations and results checks omitted): 

loo_Cert.ConnectToNewObject("Chilkat_9_5_0.Cert")
loo_Cert.LoadFromFile("x.cer")
loo_PubKey = loo_Cert.ExportPublicKey()


//  Let's have a look at it (in XML format).
mle_1.text = "Public Key from Certificate:" + loo_PubKey.GetXml() + ls_crlf
mle_1.text += "SubjectDN:" + loo_Cert.SubjectDN + ls_crlf
mle_1.text += "Common Name:" + loo_Cert.SubjectCN + ls_crlf
mle_1.text += "Issuer Common Name:" + loo_Cert.IssuerCN + ls_crlf
mle_1.text += "Serial Number:" + loo_Cert.SerialNumber + ls_crlf
// -------------------------------------------------------------------- ALL IS OK


ls_PubKey = loo_PubKey.GetXml()
loo_Rsa.ConnectToNewObject("Chilkat_9_5_0.Rsa")
loo_Rsa.UnlockComponent("xxx")
loo_Rsa.ImportPublicKey(ls_PubKey)


// just to be sure
loo_Rsa.EncodingMode = "base64"
loo_Rsa.OaepPadding = 0
loo_Rsa.LittleEndian = 0


ls_StrData = "xxx"


//  Create an OpenSSL style signature:
ls_Sig = loo_Rsa.OpenSslSignStringENC(ls_StrData)

BUT ls_Sig IS EMPTY !!!

Answer

The problem is that a private key is required for creating signatures. A .cer file contains only a certificate (and by default the cert's public key). It does not contain the associated private key. Typically, private keys are stored in .pfx/.p12 files, or in Java KeyStore files. (They may also be pre-installed on Windows systems.) The solution is to load the private key and call loo_Rsa.ImportPrivateKey before trying to create the signature via OpenSslSignStringENC.

Answer

I've got the same problem, trying to duplicate the openssl rsautl command using a .cer file.
After calling OpenSslSignString, the Rsa object return "Private key required" error to me; but using che command 

openssl.exe rsautl -encrypt -in secret.txt -out secret.enc -inkey SanitelCF.cer -certin -pkcs

it works, and the certificate is the same!
How to explain this?