1 Topic by nsindhe (edited by nsindhe 2012-01-16 01:11:40)

  • Registered: 2011-12-22
  • Posts: 15

Topic: Sign data using RSA

Hi,

I was looking through the functionality provided by ctaocrypt for signing and verifying data. Though I found RsaSSL_Sign and RsaSSL_Verify, i'm not sure how to use it.

Generally we use a private key to sign and public key to verify the signature.  But the test.c file uses the same key to sign and verify. Am I missing something here?

Also,  http://yassl.com/yaSSL/Docs-cyassl-manu … cates.html shows how to generate an RSA key. This is a private key. What about public key??

Thanks,

Nitin

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: Sign data using RSA

Hi Nitin,

... the test.c file uses the same key to sign and verify. Am I missing something here?

A RSA private key contains the public key, therefore CyaSSL is able to use it as both the public and private key as used in test.c.  You can load a separate public key using RsaPublicKeyDecode if you would like.  Apart from this, RsaSSL_Sign and RsaSSL_Verify are just inverse operations to the RsaPublicEncrypt and RsaPrivateDecrypt functions described in the CTaoCrypt Usage Reference.

Also,  http://yassl.com/yaSSL/Docs-cyassl-manu … cates.html shows how to generate an RSA key. This is a private key. What about public key??

CTaoCrypt doesn't currently have functionality to generate an individual public key (but the private key does contain the public key, as mentioned above).  The reasoning behind this is that for SSL, the private key and the public key in the form of a certificate is all that is needed.  You could use the OpenSSL command line utility to generate an individual public key based off your private key if needed.

Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2011-12-22
  • Posts: 15

Re: Sign data using RSA

Thanks Chris !

Share

  • Registered: 2011-12-22
  • Posts: 15

Re: Sign data using RSA

Another quick question... Is there a way to convert the generated RSA key into PKCS #8 format using cyassl?? (Key is also generated using cyassl embedded SSL).

Basically I am looking to interoperate the keys with crypto++ library. To load a key into crypto++, the key has to be in PKCS #8 format and DER encoded. The current keys generated using cyassl dont work with crypto++ and i get BER decode error. I believe this is as the key is not in PKCS #8 format.

Thanks,
Nitin

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: Sign data using RSA

Is there a way to convert the generated RSA key into PKCS #8 format using cyassl?

CyaSSL doesn't currently have this feature, no.  You'll need to save the generated key to a file and then use the OpenSSL command line utility to convert it to PKCS#8 format.

Just out of curiosity, what kind of project are you working on where you are using Crypto++ with CyaSSL?  Are you able to use CTaoCrypt instead?

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • Registered: 2011-12-22
  • Posts: 15

Re: Sign data using RSA

Ok thanks. Well the project is more like an academic research project. I started using cyassl for secure socket communication and crypto++ was already used for various encryption and signing tasks.

Share