digitalmars.D.learn - Reading .pem files for secured
- Dukc (18/18) May 31 2019 I need to manually sign and verify stuff with asymmetric crypto
- KnightMare (4/10) May 31 2019 PEM is a X.509 certificate (whose structure is defined using
- Dukc (5/16) May 31 2019 Ouch. I quess I have to translate the file into something that
- KnightMare (2/2) May 31 2019 https://lapo.it/asn1js
- Sebastiaan Koppe (6/15) May 31 2019 Just base64 decode the PEM data (without the ====) and feed it to
- Dukc (2/4) Jun 02 2019 That's logic of SSL? Okay, I'll try that first.
- Dukc (3/5) Jun 02 2019 I assume the same should apply with private key and private key
- Dukc (4/9) Jun 06 2019 We were both wrong :-). It turned out that the correct way to
- Sebastiaan Koppe (2/5) Jun 06 2019 Ah, they made it even easier :)
- Dukc (11/17) Jun 03 2019 I think that what I missed was that .pem key files do not only
I need to manually sign and verify stuff with asymmetric crypto keys. I ended up using rsa from secured. The key pair needs to be persistant between, so I made a 4096-bit private key with OpenSSL, stored in .pem file. Then I constructed a public key from the private one, again with OpenSSL. It seemed strange to me that I could generate a public key afterwards with the private key, instead of having to do both at the same time. I just thought that perhaps crypto is somehow cryptic enough to do that. But then came a problem that I need to feed the key from .pem to initialize RSA class at https://github.com/LightBender/SecureD/blob/master/source/secured/rsa.d. Someone at the internet claimed that .pem files are Base64-encoding. "Great, there's a base64 handler in Phobos", was my reaction. It was easy to write a parser, but I think something must have went wrong. The reason is that if I understand the logic of Base64, it's that each character stores 6 bits. My private key .pem has 49 lines of 64 characters worth of Base64, though the sat line isn't full. Anyway, this is data worth of over 18000 bits. The RSA key is supposed to be 4096 bits, so this can't be correct. What am I missing?
May 31 2019
The reason is that if I understand the logic of Base64, it's that each character stores 6 bits. My private key .pem has 49 lines of 64 characters worth of Base64, though the sat line isn't full. Anyway, this is data worth of over 18000 bits. The RSA key is supposed to be 4096 bits, so this can't be correct. What am I missing?PEM is a X.509 certificate (whose structure is defined using ASN.1), encoded using the ASN.1 DER (distinguished encoding rules), then run through Base64 encoding and stuck between plain-text anchor lines (BEGIN CERTIFICATE and END CERTIFICATE).
May 31 2019
On Friday, 31 May 2019 at 11:09:07 UTC, KnightMare wrote:Ouch. I quess I have to translate the file into something that doesn't contain any certification cruft I don't use. Back to reading OpenSSL manual... Thanks for the info.The reason is that if I understand the logic of Base64, it's that each character stores 6 bits. My private key .pem has 49 lines of 64 characters worth of Base64, though the sat line isn't full. Anyway, this is data worth of over 18000 bits. The RSA key is supposed to be 4096 bits, so this can't be correct. What am I missing?PEM is a X.509 certificate (whose structure is defined using ASN.1), encoded using the ASN.1 DER (distinguished encoding rules), then run through Base64 encoding and stuck between plain-text anchor lines (BEGIN CERTIFICATE and END CERTIFICATE).
May 31 2019
https://lapo.it/asn1js but dont insert ur certificate there, generate new one for tests
May 31 2019
On Friday, 31 May 2019 at 10:35:46 UTC, Dukc wrote:The key pair needs to be persistant between, so I made a 4096-bit private key with OpenSSL, stored in .pem file. Then I constructed a public key from the private one, again with OpenSSL. It seemed strange to me that I could generate a public key afterwards with the private key, instead of having to do both at the same time. I just thought that perhaps crypto is somehow cryptic enough to do that.The public key can always be constructed from the private key.But then came a problem that I need to feed the key from .pem to initialize RSA class.Just base64 decode the PEM data (without the ====) and feed it to RSA.this(ubyte[] publicKey). Ought to be that simple. Disclaimer: I have only used openssl directly. No experience with SecureD.
May 31 2019
On Friday, 31 May 2019 at 12:17:14 UTC, Sebastiaan Koppe wrote:Just base64 decode the PEM data (without the ====) and feed it to RSA.this(ubyte[] publicKey). Ought to be that simple.That's logic of SSL? Okay, I'll try that first.
Jun 02 2019
On Friday, 31 May 2019 at 12:17:14 UTC, Sebastiaan Koppe wrote:Just base64 decode the PEM data (without the ====) and feed it to RSA.this(ubyte[] publicKey). Ought to be that simple.I assume the same should apply with private key and private key constructor (along with a random password of course)?
Jun 02 2019
On Friday, 31 May 2019 at 12:17:14 UTC, Sebastiaan Koppe wrote:On Friday, 31 May 2019 at 10:35:46 UTC, Dukc wrote:We were both wrong :-). It turned out that the correct way to initialize a SecureD RSA private key is to feed contents of .pem in without ANY processing.But then came a problem that I need to feed the key from .pem to initialize RSA class.Just base64 decode the PEM data (without the ====) and feed it to RSA.this(ubyte[] publicKey). Ought to be that simple.
Jun 06 2019
On Thursday, 6 June 2019 at 11:08:18 UTC, Dukc wrote:We were both wrong :-). It turned out that the correct way to initialize a SecureD RSA private key is to feed contents of .pem in without ANY processing.Ah, they made it even easier :)
Jun 06 2019
On Friday, 31 May 2019 at 10:35:46 UTC, Dukc wrote:if I understand the logic of Base64, it's that each character stores 6 bits. My private key .pem has 49 lines of 64 characters worth of Base64, though the sat line isn't full. Anyway, this is data worth of over 18000 bits. The RSA key is supposed to be 4096 bits, so this can't be correct. What am I missing?I think that what I missed was that .pem key files do not only contain the key, they also contain the public exponent (even though it's always the same 0x10001), and in case of private key, the root parameters used to generate the key pair (not sure if it contains the public key also). That explains why the private key file is so much larger than the key bit count would dictate. And by looking at members of RSA class at SecureD, I think it also keeps those extra components, implying that everything in .pem should go in (after decoding), not just the public or private key. Like Koppe said.
Jun 03 2019