1 (edited by Frank Young 2013-05-19 15:08:48)

Topic: [SOLVED] RSA PUBLIC KEY OPERATIONS

What should be the format of the key supplied to RsaPublicKeyDecode()? PEM or DER ?
I think it should be PEM but according to section 10.5.1 of http://yassl.com/yaSSL/Docs-cyassl-manu … rence.html , it seems it should be .der since it includes a comment refering to "RsaPublicKey.der". Does that means a PEM key has to be first base64 decoded?

DECODING PUBLIC KEY
--------------
I am also of the impression that RsaPublicKeyDecode() in wolfSSL embedded SSL can be be a replacement for PEM_read_bio_RSAPublicKey() or d2i_RSAPublicKey() in openssl without any issues since wolfSSL provides openssl compatibility layer for only private key rsa private key operations

ENCODING PUBLIC KEY
-----------------------------
I couldn't find any function in wolfSSL for encoding public keys.
Is there any wolfSSL alternative for openssl i2d_RSAPublicKey()

Share

Re: [SOLVED] RSA PUBLIC KEY OPERATIONS

Hi Frank,

What's your overall goal that you are trying to accomplish in your application regarding RSA keys?  There may be an easier way to accomplish it using the wolfSSL API.

What should be the format of the key supplied to RsaPublicKeyDecode()? PEM or DER ?

The input key to RsaPublicKeyDecode() needs to be in DER format, correct.  wolfSSL embedded SSL does provide a function called CyaSSL_KeyPemToDer() to convert a PEM-encoded key to DER format.  You can also use the OpenSSL command line tool to easily convert a PEM-encoded RSA key to DER format.  You would do something similar to:

openssl rsa -inform PEM -in mykey.pem -outform DER -out mykey.der

I am also of the impression that RsaPublicKeyDecode() in wolfSSL can be be a replacement for PEM_read_bio_RSAPublicKey() or d2i_RSAPublicKey() in openssl without any issues since wolfSSL provides openssl compatibility layer for only private key rsa private key operations

RsaPublicKeyDecode() decodes a public RSA key from DER format into an internal RsaKey structure.

I couldn't find any function in wolfSSL for encoding public keys.

If wolfSSL is compiled with key generation (--enable-keygen or define WOLFSSL_KEY_GEN), wolfSSL provides the RsaKeyToDer() function which will convert an internal RsaKey to a DER-encoded buffer.  Is this similar to what you are looking for?

Best Regards,
Chris

Re: [SOLVED] RSA PUBLIC KEY OPERATIONS

chrisc wrote:

Hi Frank,

What's your overall gaol that you are trying to accomplish in your application regarding RSA keys?  There may be an easier way to accomplish it using the wolfSSL API.

I'm porting my code from openssl to wolfSSL due to the bloated size of openssl static library.
The application is heavily dependent on multiple ciphers.

In this case i will first use  wolfSSL_KeyPemToDer() to convert the key to der format, then use RsaPublicKeyDecode() to convert it into a rsa key.

If wolfSSL is compiled with key generation (--enable-keygen or define WOLFSSL_KEY_GEN), wolfSSL provides the RsaKeyToDer() function which will convert an internal RsaKey to a DER-encoded buffer.  Is this similar to what you are looking for?

Great, that is exactly what i need.

There is a new issue that i discovered today.
wolfSSL_RSA_public_encrypt() is actually not implemented. The implementation simply void the parameters and return a failure code.
I could use RsaPublicEncrypt() but I have no means of using RSA_PKCS1_OAEP_PADDING padding.

Do you have any suggest on this for me?

Thank you alot for your time.

The compatibility layer of the ssl portion is almost a 100% job done. really excellent.
But when it comes to the area of crypto, there is really a lot of work to be done.

Share

Re: [SOLVED] RSA PUBLIC KEY OPERATIONS

Hi Frank,

I could use RsaPublicEncrypt() but I have no means of using RSA_PKCS1_OAEP_PADDING padding.

Correct, for the RsaPublicEncrypt() function, wolfSSL currently uses PKCS #1 v1.5 padding from RFC 2313 (http://tools.ietf.org/html/rfc2313).  We haven't added support for RSA-OAEP padding as of this point.  Do you need OAEP padding or are you able to use RsaPublicEncrypt() with PKCS #1 v1.5 padding?

he compatibility layer of the ssl portion is almost a 100% job done. really excellent.
But when it comes to the area of crypto, there is really a lot of work to be done.

Traditionally we have offered the OpenSSL compatibility layer for those people porting applications from OpenSSL over to wolfSSL - allowing them to keep many of the same functions in their application code.  The compatibility layer contains about 300 of the most commonly used OpenSSL functions.  As there are over 4,000 OpenSSL functions, this layer does slowly grow as additional projects use it while porting over from OpenSSL to wolfSSL.

Best Regards,
Chris

Re: [SOLVED] RSA PUBLIC KEY OPERATIONS

Hi Frank,

Am going through forum posts looking for RSA OAEP, to announce that we added RSA OAEP in the recent wolfSSL release version 3.9.0. Example code using it can be found in the function rsa_test() located in the file wolfcrypt/test/test.c.

Regards,
Jacob

Share