RSA generated keys

van_der_Linden_Scott · December 12, 2023, 3:44pm

How do I export the private and public keys generated by TRSAEncSign.GenerateKeys?

It generates the modulus, private and public exponents, but they aren't keys. How to I get the key from the TRSAEncSign object, or convert the modulus and exponents to keys?

Bernard · December 13, 2023, 8:04am

The public key is composed of the pair (e, n) and the private key of the pair (d, n). e is the "public exponent" and d is the "private exponent."
You need to extract and package them. This packaging may depend on the app using it.
You may want to use GenerateKeysX509Compatible(var dp, dq, p, q, inverseQ: string), to generate the modulus, the public exponent (fixed value 65537 in this case) and the private exponent, and also the private variables dp, dq, p, q and inverse (for interoperability with other libraries).

van_der_Linden_Scott · December 13, 2023, 9:06am

Thanks Bernard,

What packaging would be required for the public key to be used by the FromPublicKey and FromPrivateKey methods of TRSAEncSign?

A little background: I have been given a public key, and want to know if I am using it correctly to encrypt a message using TRSAEncSign.Encrypt (presumably I call FromPublicKey and pass in the key I have been given, then call Encrypt), so I thought I would test that idea by generating a public key and a private key, then see if I could use the two to successfully encrypt and decrypt a message.

I'm fairly new to encryption, so I don't know what dp, dq, p, q, and inverseQ mean. I also don't know if I am supposed to supply those values, or merely collect them after executing the method.

Bernard · December 13, 2023, 10:54am

In this case, you can directly import the key in base64 format with FromPublicKey(KeyStr: string)
and then perform the cryptographic operations

van_der_Linden_Scott · December 15, 2023, 6:10am

Bernard, what I meant to ask is:

Can you explain the parameters for GenerateKeysX509Compatible? Are any of them the newly generated private or public keys?
How do I use the modulus and private exponent to make a private key that can be consumed by FromPrivateKey?
How do I use the modulus and public exponent to make a public key that can be consumed by FromPublicKey?

I know one step will be changing the key to Base64, but how do I use the modulus and exponent to produce a key?

Alexander_Pastuhov · January 20, 2024, 7:34pm

Remarkable, how this has not been implemented. There are PEM_write_bio_RSAPrivateKey and PEM_write_bio_RSAPublicKey functions in OpenSSL that would do that.

There's also no working way to load these keys from string, i.e.: TRSAEncSign.FromOpenSSLPrivateKeyString is doing a few things wrong: it slaps prefix & suffix on without first checking if they were already there, etc.

And then TRSAEncSign.Sign just hangs indefinitely at 100% CPU, so there's something wrong there as well.

Effectively, you would have to resort to some low-level OpenSSL calls yourself, if you need to get this working.