Encrypting RSA private key with passphrase
Vadim Ismailov
void GenerateRSAKey(
unsigned int keyLength,
const char *privFilename,
const char *pubFilename,
const char *seed)
{
RandomPool randPool;
randPool.Put((byte *)seed, strlen(seed));
RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength);
HexEncoder privFile(new FileSink(privFilename));
priv.DEREncode(privFile);
privFile.MessageEnd();
RSAES_OAEP_SHA_Encryptor pub(priv);
HexEncoder pubFile(new FileSink(pubFilename));
pub.DEREncode(pubFile);
pubFile.MessageEnd();
}
However, in this example both private and public keys are written to
the files. I need to add one more parameter to this function (conat
char* passphrase) and encrypt the private key (using some symmetric
algorithm) prior to saving it to the file. Thus, each time anybody
will need to use this private key for signing or decryption, he will
need to enter the passphrase first, in order to decrypt private key.
PGP works this way.
Could anybody help me with this, please? I'm not familiar with the
library yet and it is kind of hard to figure out myself. OTOH I have
some urgent project to finish which requires such functionality.
Obviously enough usage of temporary files is unacceptable in this
case. This will compromise security.
Thanks,
Vadim
P.S. I believe that this should be added to FAQ.
Claude Robitaille
Jeffrey Walton
Humm almost 20 years later and I have the same question. And the FAQ does not have the answer.
Actually, my case is a little bit more specific. I need to unlock a private key that was locked somewhere else, using openSSL. The key usage is for decrypting and unwrapping.