Topic: DER to RSAKey

I am new to RSA so this may be a dumb question.
How do you convert a public key in DER format into an RSAKey

Share

Re: DER to RSAKey

Hi,

In <wolfssl/wolfcrypt/rsa.h>, you can use the following functions to import a DER-formatted public or private RSA key into an RsaKey structure:

int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);

Best Regards,
Chris

Re: DER to RSAKey

Thanks I tried that and so far so good but when I try to decode the Der I get ASN_PARSE_E        = -140.
I did compare the contents of the file with my data structure and it matched so the right data is being sent to the function call wc_RsaPublicKeyDecode.
This is just a public key in Der format and not a cert.

Share

Re: DER to RSAKey

Hi,

If you are importing an RSA key generated by OpenSSL, you will need to define RSA_DECODE_EXTRA when compiling wolfSSL and your application.  Can you give that a try?

Can you also verify that you are compiling your application with the same preprocessor flags as you have with wolfSSL?  If you compiled wolfSSL using the autoconf (./configure) system, you can simply include <wolfssl/options.h> in your application code.

Thanks,
Chris

Re: DER to RSAKey

Thanks Chris. I got it working. The issue was that the inx on the call to the decode was not set to zero. Everything works great now and I have to say I am impressed with WolfSSL.
Thank you again for all your help.

Share

Re: DER to RSAKey

Great, glad to hear things are working!

7 (edited by colin.foster 2016-07-06 11:13:30)

Re: DER to RSAKey

I'm having an issue reading in Der files to an RSA key as well, though my issue is slightly different.

I'm saving the der to a file with the following code (error checks omitted):

int saveKeypair(char *sPubkeyFile, char *sPrivkeyFile, RsaKey *pRsaKey)
{
    FILE *pubkeyFile = fopen(sPubkeyFile, "w");
    uint8_t data[4096];
    int dataSize = wc_RsaKeyToDer(pRsaKey, data, sizeof(data));

    int retval = fwrite( data, dataSize, 1, pubkeyFile);

    fclose(pubkeyFile);

    return 0;
}

Everything seems to work fine, because I can successfully read everything back using

int tryOpenKeypair(char *sPubkeyFile)
{
    FILE *pubkeyFile = fopen(sPubkeyFile, "r");
    uint8_t data[4096];

    int dataSize = fread(data, 1, sizeof(data), pubkeyFile);
    
    fclose(pubkeyFile);

    RsaKey *pTempRsaKey = malloc(sizeof(RsaKey));
    wc_InitRng(&rng);
    wc_InitRsaKey(pTempRsaKey, 0);

    unsigned int idx = 0; // Start of the data...
    int retval = wc_RsaPublicKeyDecode(data, &idx, pTempRsaKey, dataSize);
    
    uint8_t new_e[3];
    uint8_t new_n[384];
    uint32_t new_e_size = 3;
    uint32_t new_n_size = 384;
    int ret = wc_RsaFlattenPublicKey(pTempRsaKey, new_e, &new_e_size, new_n, &new_n_size);

    if (ret != 0)
    {
        printf("Error flattening public key: %d\n", ret);
        printf("pubkey buffer size = %d\n", pubkey_buffer_size);
        return -1;
    }
    else
    {
      printf("Successfully flattened key\n");
      printf("New N %d ", new_n_size);
      print_buffer(new_n, new_n_size);
      printf("New E %d ", new_e_size);
      print_buffer(new_e, new_e_size);
    }
}

The results that I get are

Successfully flattened key
New N 0 Buffer:
New E 128 Buffer:
        0xc8 0xc9 0xcb 0xed 0xcc 0xc0 0x3c 0xcf
        0xc7 0x92 0x73 0x6f 0x76 0x38 0x1d 0x9a
        0xf7 0x08 0x2f 0x43 0x80 0x00 0x00 0x00
        ...

The exponent buffer is clearly corrupting memory during the flatten operation. Before writing the key, I verify that my syntax is right:

    int ret = wc_MakeRsaKey(pRsaKey, numBytes * 8, 65537, pRng);

    // Try to get the key now
    unsigned int new_e_size, new_n_size;
    new_e_size = 3;
    new_n_size = numBytes;
    ret = wc_RsaFlattenPublicKey(pRsaKey, pPubkey_e, &new_e_size, pPubkey_n, &new_n_size);

    if (ret != 0)
    {
        printf("Error flattening public key: %d\n", ret);
        return -1;
    }
    else
    {
        printf("New E Buffer %d \n", new_e_size);
        print_buffer(pPubkey_e, new_e_size);
        printf("New N Buffer %d \n", new_n_size);
        print_buffer(pPubkey_n, new_n_size);
        *pPrivkey = (void *)pRsaKey;
    }

    saveKeypair(pPubFileName, pPrivFileName, pRsaKey);
    return 0;

This leads to a successful print statement, that I would expect

Successfully created the RSA key               
New E Buffer 3                                 
Buffer:                                       
        0x01 0x00 0x01                         
New N Buffer 128                               
Buffer:                                       
        0xc3 0x55 0x51 0x0d 0x8d 0xa2 0x6a 0xad
        0x61 0xb6 0xdb 0xe0 0x8e 0x02 0x6e 0xf7...

Is there maybe an issue with having multiple RsaKey's malloc'd at the same time? Perhaps there is an initialization that I need to perform before I can decode the key. I seem to have the same issue when running from an openssl generated keypair as well.

Lastly, there doesn't seem to be a way to encode a private key to a DER or PEM format. There seems to be a way to decode them. Is there a way that the private keys can be saved for future access as well?

Thanks for the help!



EDIT: This seems to work when N is 384 bytes, but not when N is 128 bytes. Also, it only seems to work when I have created a key using openssl and NOT when I write the key as above.

Successfully flattened key                     
New N 384 Buffer:                               
        0xb2 0x3f 0x07 0x0c 0x20 0x24 0x00 0x39
        0xe7 0x04 0xa8 0x95 0x3e 0x63 0x10 0xec
        ...
New E 3 Buffer:
        0x01 0x00 0x01

Code to generate 384 byte key was taken from this website, substituting DER for PEM:
https://rietta.com/blog/2012/01/27/open … m-command/

Share

Re: DER to RSAKey

Hi Colin,

Thanks for the report!  Looking into this and will get back to you shortly.

Best Regards,
Chris