Load Private RSA key

133 views
Skip to first unread message

Brad Tilley

unread,
Sep 3, 2011, 9:56:59 PM9/3/11
to Crypto++ Users
Hello,

I have a PEM encoded private RSA key that I used for decryption. The
key works fine with OpenSSL and various other crypto libraries, but I
cannot use it with Crypto++. Here's what I've tried to do to load it
into Crypto++:

1. I convert the key to der format using OpenSSL:

openssl rsa -in key.pem -outform DER -out keyout.der

2. I then try to load the key with Crypto++:

CryptoPP::RSA::PrivateKey PK;
CryptoPP::ByteQueue bytes;
CryptoPP::FileSource File( rsa_private_keyfile.c_str(),
true );
File.TransferTo( bytes );
bytes.MessageEnd();

// This line causes BER decode error
PK.Load( bytes );

At first, I suspected something was wrong with the key, but after
successfully using it with OpenSSL and a few other libraries, I now
suspect that it's something I've done wrong within Crypto++. To
further confuse things, the above code loads and validates other
private RSA keys just fine.

Any ideas or suggestions are appreciated.

Brad

Geoff Beier

unread,
Sep 4, 2011, 7:37:58 AM9/4/11
to Brad Tilley, Crypto++ Users
You need to use PKCS#8 format for the private key.

Here's the source to a simple file signing program that uses crypto++:
http://pastebin.com/ce1TRyZk

Here's the source to a simple file verification program that uses crypto++:
http://pastebin.com/hE0mEr9d

Here's a command-line transcript of how those two programs can use
keys generated by openssl:
$ openssl genrsa 2048 >privkey.pem
Generating RSA private key, 2048 bit long modulus
..............+++
....................................+++
e is 65537 (0x10001)
$ openssl pkcs8 -in privkey.pem -out privkey.p8 -topk8 -nocrypt -outform der
$ openssl rsa -in privkey.pem -pubout -out pubkey.der -outform der
writing RSA key
$ ./filesign-cryptopp -k privkey.p8 -o sig.bin Makefile
Signature over Makefile written to sig.bin.
$ ./fileverify-cryptopp -k pubkey.der -s sig.bin Makefile
Signature was successfuly verified.

Everything in that code is public domain. (Most of it probably came
from test.cpp distributed with crypto++...) I'd recommend adding quite
a bit more error checking before you use it for anything important,
though :)

HTH,

Geoff

Brad Tilley

unread,
Sep 4, 2011, 8:53:01 AM9/4/11
to Crypto++ Users
Thanks Geoff!

That helped a lot. I can load and validate the key now. I appreciate
your advice.

Brad

Brad Tilley

unread,
Sep 4, 2011, 2:32:07 PM9/4/11
to Crypto++ Users
One last question... Geoff's advice works and allows me to load,
validate and decrypt with the private RSA key. However, I'm curious if
there is a way to do the PEM to DER conversion within Crypto++ without
having to rely on OpenSSL? In other words, can Crypto++ read a private
RSA key in PEM format, and convert it to DER like OpenSSL does with
this command:

openssl pkcs8 -in privkey.pem -out privkey.p8 -topk8 -nocrypt -outform
der

Thanks,

Brad

Reply all
Reply to author
Forward
0 new messages