Menu
Is it possible to store a RSA Private/Public Key in the source for example in a byte[] or string or any other container and use this key for encryption / decryption?
A decode function from file would look like:
void Decode(const string& filename, BufferedTransformation& bt)
{
// http://www.cryptopp.com/docs/ref/class_file_source.html
FileSource file(filename.c_str(), true /*pumpAll*/);
file.TransferTo(bt);
bt.MessageEnd();
}
That loads the key from file which is not what I want.
I know it's gotta be possible since I can create the key with AutoSeededRandomPool.
I just don't know how to use an existing one.
Maybe I'm overlooking this part in the documentation.
908
You cannot generate private key from public key but you can generate public key from the private key using puttygen. As @alfasin mentioned if you could generate the private key from public key then RSA would be useless and this would make you vulnerable to attack.
Save your private key: Under "Actions", next to "Save the generated key", click Save private key. Note: If you didn't passphrase-protect your private key, the utility will ask whether you're sure you want to save it without a passphrase.
BEGIN RSA PRIVATE KEY is PKCS#1 and is just an RSA key. It is essentially just the key object from PKCS#8, but without the version or algorithm identifier in front. BEGIN PRIVATE KEY is PKCS#8 and indicates that the key type is included in the key data itself.
The Crypto++ Keys and Formats and Crypto++ RSA Cryptography pages may be of interest.
If you're generating the RSA parameters like this:
AutoSeededRandomPool rng;
InvertibleRSAFunction params;
params.GenerateRandomWithKeySize(rng, 2048);
You can use the use the DEREncode and BERDecode methods of InvertibleRSAFunction to encode and decode all the parameters respectively:
{
FileSink output("rsaparams.dat");
params.DEREncode(output);
}
InvertibleRSAFunction params2;
{
FileSource input("rsaparams.dat", true);
params2.BERDecode(input);
}
To encode/decode the private and public material separately, use the DEREncode and BERDecode methods on the RSA::PrivateKey and RSA::PublicKey objects themselves:
// Initialize keys from generated params
RSA::PrivateKey rsaPrivate(params);
RSA::PublicKey rsaPublic(params);
// Write keys to file
{
FileSink output("rsaprivate.dat");
rsaPrivate.DEREncode(output);
}
{
FileSink output("rsapublic.dat");
rsaPublic.DEREncode(output);
}
// Read keys from file into new objects
RSA::PrivateKey rsaPrivate2;
RSA::PublicKey rsaPublic2;
{
FileSource input("rsaprivate.dat", true);
rsaPrivate2.BERDecode(input);
}
{
FileSource input("rsapublic.dat", true);
rsaPublic2.BERDecode(input);
}
FileSource and FileSink are just example source and sink objects you could use. The encode/decode routines take BufferedTransformation objects as parameters, so you can use any other suitable implementations of that interface.
For example, ArraySink can be used to write data into a memory buffer you supply, and StringSource (also aliased as ArraySource) can be used to read from a buffer.
Here's some code showing use of ArraySink and ArraySource to round-trip the private key material through a std::vector<byte>:
RSA::PrivateKey rsaPrivate(params);
std::vector<byte> buffer(8192 /* buffer size */);
ArraySink arraySink(&buffer[0], buffer.size());
rsaPrivate.DEREncode(arraySink);
// Initialize variable with the encoded key material
// (excluding unwritten bytes at the end of our buffer object)
std::vector<byte> rsaPrivateMaterial(
&buffer[0],
&buffer[0] + arraySink.TotalPutLength());
RSA::PrivateKey rsaPrivate2;
ArraySource arraySource(
&rsaPrivateMaterial[0],
rsaPrivateMaterial.size(),
true);
rsaPrivate2.BERDecode(arraySource);
(See also @jww's answer for an example which avoids the fixed-size buffer by using a ByteQueue).
And another example using a std::string to store the key material and using the StringSink class to write to this, which avoids some of the buffer management (the string will be resized automatically to match the amount of data that is encoded). Note that this is still binary data even though it's in a std::string object.
RSA::PrivateKey rsaPrivate(params);
std::string rsaPrivateMaterial;
StringSink stringSink(rsaPrivateMaterial);
rsaPrivate.DEREncode(stringSink);
RSA::PrivateKey rsaPrivate2;
StringSource stringSource(rsaPrivateMaterial, true);
rsaPrivate2.BERDecode(stringSource);
Alternatively, if you want to control the format yourself, you can use the methods of the InvertibleRSAFunction object or the key objects to extract the individual parameters (as shown in the "Crypto++ RSA Cryptography" link above) and use that to extract the values for storage in your own format:
const Integer& n = params.GetModulus();
const Integer& p = params.GetPrime1();
const Integer& q = params.GetPrime2();
const Integer& d = params.GetPrivateExponent();
const Integer& e = params.GetPublicExponent();
These could then be restored to a new InvertibleRSAFunction or RSA::*Key instance when read from the file or container, by using the corresponding setter methods (SetModulus(), SetPrime1(), etc.).
172
How would I load a Private / Public Key from a string / byte array or any other container
The Crypto++ library has built-in support for std:strings. But other C++ containers are going to be trickier. ArraySource was added at Crypto++ 5.6, but its just a typedef for StringSource.
If you are using sensitive material, then you should also consider using a SecByteBlock. It will wipe or zeroize the sensitive material when the destructor runs.
string and StringSource (load)
string spki = ...;
StringSource ss(spki, true /*pumpAll*/);
RSA::PublicKey publicKey;
publicKey.Load(ss);
vector and ArraySource (load)
vector<byte> spki = ...;
ArraySource as(&spki[0], spki.length(), true /*pumpAll*/);
RSA::PublicKey publicKey;
publicKey.Load(as);
string and StringSink (save)
string spki;
StringSink ss(spki);
RSA::PublicKey publicKey(...);
publicKey.Save(ss);
vector (save)
See code below.
Below is an example of saving to and loading from a std::vector. You have to use an intermediate ByteQueue to save because you can't easily create a VectorSink.
AutoSeededRandomPool prng;
RSA::PrivateKey pk1, pk2;
pk1.Initialize(prng, 1024);
ByteQueue queue;
pk1.Save(queue);
vector<byte> spki;
spki.resize(queue.MaxRetrievable());
ArraySink as1(&spki[0], spki.size());
queue.CopyTo(as1);
ArraySource as2(&spki[0], spki.size(), true);
pk2.Load(as2);
bool valid = pk2.Validate(prng, 3);
if(valid)
cout << "Validated private key" << endl;
else
cout << "Failed to validate private key" << endl;
We don't have an explicit VectorSink, and we can't easily create one because of an implicit expectation of traits_type::char_type. For example:
using CryptoPP::StringSinkTemplate;
typedef StringSinkTemplate< std::vector<byte> > VectorSink;
In file included from cryptopp-test.cpp:65:
In file included from /usr/local/include/cryptopp/files.h:5:
/usr/local/include/cryptopp/filters.h:590:22: error: no member named
'traits_type' in 'std::vector<unsigned char, std::allocator<unsigned char>
>'
typedef typename T::traits_type::char_type char_type;
~~~^
cryptopp-test.cpp:243:20: note: in instantiation of template class
'CryptoPP::StringSinkTemplate<std::vector<unsigned char,
std::allocator<unsigned char> > >' requested here
VectorSink vs(spki);
You can create the VectorSource and VectorSink, its just going to take some work. You can get an idea about the work involved by looking at StringSource and StringSink source code in filters.h and filters.cpp.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
