Encrypting RSA private key with passphrase

57 views
Skip to first unread message

Vadim Ismailov

unread,
Aug 27, 2004, 4:57:26 PM8/27/04
to CryptoPP
There's an example in the cryptest how to generate RSA keypair. Here it is:

void GenerateRSAKey(
unsigned int keyLength,
const char *privFilename,
const char *pubFilename,
const char *seed)
{
RandomPool randPool;
randPool.Put((byte *)seed, strlen(seed));
RSAES_OAEP_SHA_Decryptor priv(randPool, keyLength);
HexEncoder privFile(new FileSink(privFilename));
priv.DEREncode(privFile);
privFile.MessageEnd();

RSAES_OAEP_SHA_Encryptor pub(priv);
HexEncoder pubFile(new FileSink(pubFilename));
pub.DEREncode(pubFile);
pubFile.MessageEnd();
}

However, in this example both private and public keys are written to
the files. I need to add one more parameter to this function (conat
char* passphrase) and encrypt the private key (using some symmetric
algorithm) prior to saving it to the file. Thus, each time anybody
will need to use this private key for signing or decryption, he will
need to enter the passphrase first, in order to decrypt private key.
PGP works this way.

Could anybody help me with this, please? I'm not familiar with the
library yet and it is kind of hard to figure out myself. OTOH I have
some urgent project to finish which requires such functionality.

Obviously enough usage of temporary files is unacceptable in this
case. This will compromise security.

Thanks,
Vadim

P.S. I believe that this should be added to FAQ.

Claude Robitaille

unread,
Nov 16, 2023, 10:46:17 AM11/16/23
to Crypto++ Users
Humm almost 20 years later and I have the same question. And the FAQ does not have the answer.

Actually, my case is a little bit more specific. I need to unlock a private key that was locked somewhere else, using openSSL. The key usage is for decrypting and unwrapping.

Jeffrey Walton

unread,
Nov 16, 2023, 10:49:18 AM11/16/23
to Crypto++ Users
On Thursday, November 16, 2023 at 10:46:17 AM UTC-5 cl.rob...@gmail.com wrote:
Humm almost 20 years later and I have the same question. And the FAQ does not have the answer.
 
Yeah, the FAQ is kind of old. Use the wiki now: <https://www.cryptopp.com/wiki/Main_Page>.

Actually, my case is a little bit more specific. I need to unlock a private key that was locked somewhere else, using openSSL. The key usage is for decrypting and unwrapping.

Reply all
Reply to author
Forward
0 new messages