Problem with TX509CSR and private key

Hello,

I’m trying to use the TX509CSR component and generate a request, exactly as shown in your example. The request (CSR) is generated, but the private key is not saved anywhere, even though I specified a file. In the X509Obj file, the Generate() function includes the following snippet:

...
FRSA.GenerateX509Keys(dp, dq, qinv, prime1, prime2); GenerateKeyFile(information.keySizeBits, FRSA.modulus, FRSA.publicExponent, FRSA.privateExponent, prime1, prime2, dp, dq, qinv, KeyFilePath);
...

However, the GenerateKeyFile() function has the following content:

function TX509CSR.GenerateKeyFile(keySizeBits: integer; modulus, publicExponent, privateExponent, prime1, prime2, dp, dq, qinv: string; KeyFilePathChar: string): integer;
begin
Result := 0;
end;

As a result, I get the CSR, but the associated private key is not saved.

OK, I will have a look at this.

There are 2 GenerateKeyFile methods. The one you extracted is for EC keys and is currently not implemented (that will change soon).

The one for RSA keys is:
function TX509Certificate.GenerateKeyFile(keySizeBits: integer; modulus, publicExponent,
privateExponent, prime1, prime2, dp, dq, qinv: string; KeyFilePathChar: string): integer;
It generates a PKCS#8 file storing all RSA parameters:

// PrivateKeyInfo ::= SEQUENCE {
// version Version,
// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
// privateKey PrivateKey,
// attributes [0] IMPLICIT Attributes OPTIONAL }
//
// Version ::= INTEGER
// PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
// PrivateKey ::= OCTET STRING
// Attributes ::= SET OF Attribute

Using it, the key will look like this:

-----BEGIN RSA PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC1xSwUhDZypOXM6a+GD8dfkHjC+Orlf5/kk52ndyQ3MWVXsl+65Ofte+DZWFEeryjdq0ueSjni7VjMF1nN06eicxwGeiz+zM8EMMFhTqGwBmCDAnSVYBlgNpGEQXgAD5voVFOa4xz3fUWFn6UUGfUXoDm5iMNU2vzxglbapt21uVH7k7RHydSa0KoGsc1oOC3eovvmnAgnnbBi+Soruo/vpI8D0Uekm0uRkDrFXVwCX+7dX12SQxgIoPPoxD6lPPCO93pc/tQ6/JL+ZbYx9jP6S8/Aue2tCQNUFGDUFmiC2iEbBVYgys42uQE5AhZ77fzbKoDVhueZgmicbvq7q+epAgMBAAECggEAXExYi7pu41v0DE8E/6/3bwEvMOGwdQSPLkP+o9CNpTEB4rwCfCZL1n02uWZtGoWa3KRka2YJar9WfZvF0AwPbR/CNU/IlUFuRRR0vXJuC7HRQ/T1OfxoJkDPNzb/Nhi29AwNv/Je/RSxPp7H9iMQHwUPCrT1apsgIYorjC97GRC7Fj1urxKKvrjEm8z4x/JhP2naeagxlvdM7nuh/2OPR/UtmnuLTPLgxcdB6PDGoFlFdX2l1hh5vgT8Gf/8TFXBk6mA2vPWHb4AX9UGsgXmcmryYLQQIceyvxRe26d/QvZOwI+g6ku6Aw+Teer20iB4vZtzlBsXmRtcLme9Lz6f+QKBgQDs3YEXv3ukOGEybIW8JPfIAwSWkumhomu/Zr8zEDHZTgTmQJ0ZU0bujiXplaIkjurzu1uI0q2IptMc9UmX2KqQnVIT7q4iQhy1m5rdjb7WECRCzEBjcHJWOJ8Ajn6nCroHNqf2lztFbLXa2QTR6VzSlCJBvQeKVR9/Gt3ypRiomwKBgQDEdEYdeYqQMijKipMNw1um4Pbk8DlmJGHmG/5EAxMOFiKEQVdOyvNr0xbOi9rKg0I5vwQRJ2s4Z143dP5xGeI59iVPv8a9f8oT9a7Har8n8JMuhW8WNyyWvv+J56lNuGTkX9yN2TD48ZJauG/6DU2N7dNLsynG3zgVknXhF/oLCwKBgFL7hy56tyZhWiwAORohGW3JIOJftdoavQThSjrpgY1P+Adyu5cTxdXtlvquoY+NQmMBUKAurv0g9PVAOfgowBjKBOdWx0rZPpWhXjAgaKs2HH4KcMRlsKjkTVA0m8qJx4Kfc1jAwtMfstZpEXc4+nwLybSeNPYRvGcbUoafsHPhAoGAQzKGfTSCufn+S/GEhXOqWPWgXgTxjUeqmPxAR+FJVksp+VUkWRZAl0Q4C+R4rUaik4AMExYJrdxltNB27Bbvc+YHMzUk9NLOO2+RHjMcObwnjAUmT1IGFXY1kGVGWwhUsm070uVUxAJVjmSCIOUF/yM3YDBjfNwDohVb7ue1pqsCgYAzeVyzqcFB7r0Dc0bf2KHEP4+yx7v4+QZ5qX6jtRh7PfUv4ZpO3lyF/9d1GlnDEvsR74GxmfxejC0oPC6qD5FMpO90mAQH1FasCeGnE/w5Tkki3VYzLfN+sWGx3IMQ1O+N1B7VT1JGv7ncVHzv0vBVqQBCxEp6awhuIPgKMBBCOQ==
-----END RSA PRIVATE KEY-----

You can verify the content of a PEM file with https://cyberchef.io/ or [Making sure you're not a bot!]

• PrivateKeyInfo SEQUENCE (3 elem)
  • version Version INTEGER 0
  • privateKeyAlgorithm AlgorithmIdentifier SEQUENCE (2 elem)
    • algorithm OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
    • parameters ANY NULL
  • privateKey PrivateKey OCTET STRING (1190 byte) * SEQUENCE (9 elem)
    • INTEGER 0 [VERSION]
    • INTEGER (2048 bit) [PRIVATE KEY]
    • INTEGER 65537 [PUBLIC EXPONENT]
    • INTEGER (2047 bit) [PUBLIC KEY]
    • INTEGER (1024 bit)
    • INTEGER (1024 bit)
    • INTEGER (1023 bit)
    • INTEGER (1023 bit)
    • INTEGER (1022 bit)