## NAME

`RSA_check_key`

—
validate private RSA keys

## SYNOPSIS

```
#include
<openssl/rsa.h>
```

`int`

`RSA_check_key`

(`RSA *rsa`);

## DESCRIPTION

This function validates RSA keys. It checks that
`rsa->p` and `rsa->q` are in
fact prime, and that `rsa->n` satisfies n = p*q.

It also checks that `rsa->d` and
`rsa->e` satisfy d*e = 1 mod ((p-1)*(q-1)), and that
`rsa->dmp1`, `rsa->dmq1`, and
`resa->iqmp` are set correctly or are
`NULL`

.

This function does not work on RSA public keys that have only the
modulus and public exponent elements populated. It performs integrity checks
on all the RSA key material, so the `RSA` key structure
must contain all the private key data too. Therefore, it cannot be used with
any arbitrary `RSA` key object, even if it is otherwise
fit for regular RSA operation.

## RETURN VALUES

`RSA_check_key`

() returns 1 if
`rsa` is a valid RSA key, and 0 otherwise. -1 is
returned if an error occurs while checking the key.

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

## SEE ALSO

## HISTORY

`RSA_check_key`

() first appeared in OpenSSL
0.9.4 and has been available since OpenBSD 2.6.

## BUGS

A method of verifying the RSA key using opaque RSA API functions
might need to be considered. Right now
`RSA_check_key`

() simply uses the
`RSA` structure elements directly, bypassing the
`RSA_METHOD` table altogether (and completely violating
encapsulation and object-orientation in the process). The best fix will
probably be to introduce a `check_key`

() handler to
the `RSA_METHOD` function table so that alternative
implementations can also provide their own verifiers.