Can I read a PEM format openssl generated public key using a cryptopp one-liner...?
David Cole
encrypt data using openssl_private_encrypt from php. I generated the
key as follows:
$ openssl genrsa -out key.prv 1024
Generating RSA private key, 1024 bit long modulus
...++++++
.....................++++++
e is 65537 (0x10001)
The file key.prv looks like this:
$ cat key.prv
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCx9iucYoPgSgCuLjq0QdMHdCxQnEMLU/NxTGlC1owFWYmmXNMn
FEOVFotr1qgHPag0vGmSolAGkSTrkvnaBplU1bBlVt8L8lmg2ZAdxjDXS8IlHpnE
Ks7kR/TEv7ewpbiuZc4YBS6ly9wd3gTmw5+Ex67Xy8HORGIqdbWpTV8w4wIDAQAB
AoGAHSwEVBtWENMwr1zGpLvRkvw5M3GaD+ZQFrd23cz7oPjfdpTqzBInTe4nJqNG
YgF6bEKib7YJtjneunsaV+ITCi4FrqVvp/m23bDmIJyWZpaXKFt9KpHK/zHlSC0D
9CBUHtpuR9y7uT+bmQ4nAn5fK2FrnJj9lqAnGbQQSa6tN8ECQQDcb+RtL9yVhS/0
ukasK7wgDFSTPzQBq7iDPFs/b0GiQNeFKbhKW8FOabFFujJj8u+B+xusQ9Buw4UF
m20+ThMhAkEAzqwHsIKdNShVu+B0vYmYA3fiEUNN3jpVYJPbIwLlWA6OclUP/vxn
ZreiDONLCdMY8JtzwywfZHvh6calmbWHgwJAB6butAecTahw8Lripylhf29OJEpm
YMR4RD39IOeYzKwZjyrSleo3fKRYngYHp8aQH9/6pvE3tBCfdoFdunL1YQJAQx6T
kLuamrzyuwV2ZGffOqEghkK5c0a2m5rpPEGggiyYDoGZpFIMsstIka7vm802+E1E
F0qpF1U0VVvyRC00SQJAemRd9mhKOzEy4l0xhLMXerM3W3btPoPyyWHBaxcdWsoZ
+mVgZnshXtU6iFIChue+aD5aO+Y+frofrJ/Vp5i4AQ==
-----END RSA PRIVATE KEY-----
Then I created a corresponding public key:
$ openssl rsa -in key.prv -pubout -out key.pub
writing RSA key
$ cat key.pub
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx9iucYoPgSgCuLjq0QdMHdCxQ
nEMLU/NxTGlC1owFWYmmXNMnFEOVFotr1qgHPag0vGmSolAGkSTrkvnaBplU1bBl
Vt8L8lmg2ZAdxjDXS8IlHpnEKs7kR/TEv7ewpbiuZc4YBS6ly9wd3gTmw5+Ex67X
y8HORGIqdbWpTV8w4wIDAQAB
-----END PUBLIC KEY-----
I cannot for the life of me figure out an easy way to read the public
key PEM file into cryptopp to decrypt a message encrypted via
openssl_private_encrypt. Can I read a PEM format openssl generated
public key using a cryptopp one-liner...? And then easily decrypt
something encrypted in php with openssl_private_encrypt?
I've read a few other posts that imply I will have to convert the
public key to a DER format to read it easily with cryptopp
FileSource... Is that correct?
Is RSAES_OAEP_SHA_Decryptor the proper class to use for this? Are the
default parameters going to be compatible with something encrypted in
php via openssl_private_encrypt or will I have to get fancier than the
simple examples to be found on the wiki / web?
Thanks,
David Cole
Geoff Beier
> I cannot for the life of me figure out an easy way to read the public
> key PEM file into cryptopp to decrypt a message encrypted via
> openssl_private_encrypt. Can I read a PEM format openssl generated
> public key using a cryptopp one-liner...? And then easily decrypt
> something encrypted in php with openssl_private_encrypt?
>
1. Add -outform der to the command that emits the public key.
2. Use a text editor to delete the lines that have the dashes, then
use a Base64Decoder.
3. Write a simple filter to ignore the ----- BEGIN OBJECT ----- and
----- END OBJECT ----- lines.
I've posted an example for how you might do (3) here:
http://cryptopp.pastebin.com/f446c0f2c
Though I use that and it works, I couldn't attest to its robustness
with a wide variety of inputs... I use it for stuff that I control and
that I produce with OpenSSL.
It expects your header and footer lines to always have 10 dashes.
I'm not really familiar with the openssl_private_encrypt function in
PHP, but it sounds like it only makes sense for signatures. If you're
padding properly in your PHP code and just signing SHA1 hashes, use
RSASSA_PKCS1v15_SHA_Verifier. If you're not, I think you'll have to
work at a lower level than most of the samples show.
HTH,
Geoff