X509_check_private_key, X509_REQ_check_private_key - check the consistency of a private key with the public key in an X509 certificate or certificate request

#include <openssl/x509.h>
int X509_check_private_key(const X509 *cert, EVP_PKEY *pkey);
int X509_REQ_check_private_key(X509_REQ *req, EVP_PKEY *pkey);

X509_check_private_key() function checks the consistency of private key pkey with the public key in cert.

X509_REQ_check_private_key() is equivalent to X509_check_private_key() except that req represents a certificate request of structure X509_REQ.

X509_check_private_key() and X509_REQ_check_private_key() return 1 if the keys match each other, and 0 if not.

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

The X509_check_private_key() and X509_REQ_check_private_key() functions do not check if pkey itself is indeed a private key or not. They merely compare the public materials (e.g., exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. So they also return success if pkey is a matching public key.


Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

2024-06-04 3.3.1