> From: owner-openssl-us...@openssl.org On Behalf Of Ken Goldman
> Sent: Tuesday, 26 March, 2013 10:39
> For the first:
> - generate the RSA key
> - pull n,e,d bignums out of the RSA structure
> - use bn2bin to get the key parts
>
> For the second:
> - use bin2bn on n,e,d
> - assign the bignums to the RSA structure
>
For RSA privatekey operations, the naive key form (n,d only)
is much less efficient. Openssl generates, and writes out and
reads back (see below), the better Chinese Remainder Theorem form.
With e AND d (and n) you can reconstruct CRT but it's not trivial,
and it may not be any more efficient (I haven't gone through fully).
> I can point you to sample code if you like.
>
> On 3/25/2013 10:32 AM, rod_proteus wrote:
> > Hello.
> >
> > I need to Get and Set public and private keys to encrypt
> and decrypt using
> > RSA algorithm.
> > In both cases I need to handle the info in binary format ,
> something like
> > this:
> >
> > For example:
> > int KeyLen = 256;
> > unsigned char Modulus[32];
> > unsigned char Exponent[32];
> > unsigned char Private[32];
> >
> > memset((void *)Modulus, 0x00, sizeof(Modulus));
> > memset((void *)Exponent, 0x00, sizeof(Exponent));
> > memset((void *)Private, 0x00, sizeof(Private));
> >
If you just want *some* binary format, Openssl provides
{i2d,d2i}_RSAPrivateKey{,_fp,_bio} which writes out and
reads back the full CRT form as above in ASN.1 DER, a
binary format. CRT is about twice as big as the naive key.
This full key in Openssl can be used for both privatekey
and publickey operations, or you can copy the public parts
to an RSA* that is used only for publickey, and you can
write out and read back with {i2d,d2i}_RSAPublicKey*.
Openssl also provides generic forms _PKCS8PrivateKeyInfo and
_PublicKey which for RSA are basically the key plus an OID
= slightly larger but usable in somewhat more cases.
The public exponent e is usually chosen to be a small number,
such as 3 17 or 65537, since it doesn't need to resist
guessing and this is more efficient. Especially for signing,
where (public) verification usually is much more frequent.
But RSA 256 bits is not secure and hasn't been for decades,
maybe even since it was published.
Aside: memset doesn't need a cast there in correct C or even C++.
Cargo-cult programming is more dangerous on average in C
than in nearly all other languages.
Note RSA moduli (and their prime factors) are almost always
chosen to "fill" their size which is a power or near-power of 2,
e.g. a "RSA 1536 bit" key has the 2^1535 bit set (in binary).
The private exponent d, and the other CRT data fields, have
some chance of doing so. For representations that can handle
signed numbers, like ASN.1 DER and some others, this means the
encoded/stored value is one octet longer than you might think.
For variable-length representations, also like DER, there is
a chance some of them happen to be <2^size/512 thus shorter.
<snip>
> > The info (Modulus, Exponent and Private) must be no
> encypted (without
> > phrase protection or so).
> >
Which is a risk that presumably you're accepting.
The formats above are not encrypted; Openssl also has a PKCS8
(not PKCS8...Info) format which is encrypted and binary. The
PEM (nonbinary) formats have the option to be encrypted or not.
No supported publickey formats are encrypted because public keys
generally don't need to be kept secret.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
