Search this site

CryptoSys Home > PKI > Importing an RSA key from known parameters

Importing an RSA key from known parameters

[sample key length: 1024 bits]
MODULUS=CE31F9E9DA1C6852E6A90B4A008ADB344F472CD2E41BEE64...
PUBLIC_EXPONENT=03
PRIVATE_EXPONENT=8976A69BE6BD9AE1EF1B5CDC005C9222DF84C88C98129EED...
CRT_PRIME1=F4A6CCC55730A6FCCF0AFD50B4D289C8D27FCE9F644EE950...
CRT_PRIME2=D7C2835BA59A055C9EA1221CE79F288AFFE137F2817D85EC...
CRT_EXPONENT1=A319DDD8E4CB19FDDF5CA8E0788C5BDB36FFDF14ED89F0E0...
CRT_EXPONENT2=8FD7023D191158E869C0C1689A6A1B075540CFF700FE5948...
CRT_COEFFICIENT=32104D228C6B850CCC1F3BEA0748D95FB23C233E4EB1EE48...

Answer:

Use a text editor to cut-and-paste your key data into an XML file "by hand" in the required format then import using the RSA_FromXMLString function. You can use the result in a function like RSA_RawPrivate and you can save in encrypted PKCS-8 format using RSA_SaveEncPrivateKey. You should verify the key pair with RSA_CheckKey before using.

For more information on RSA key formats and how they can be stored and read using CryptoSys PKI, see RSA Key Formats.

Details

1. Create an <RSAKeyPair> XML file using our non-standard attribute EncodingType="hexBinary" to signal that the data is in hexadecimal format instead of the usual XML base64 format. The XML file for the above data should look like userkey.xml. The hexadecimal values can be in upper or lower case or mixed, and white space is ignored. The RSA_FromXMLString function will decode the hex values provided and convert to its own internal private key format.
2. The equivalent XML fields are

   MODULUS=<Modulus>
   PUBLIC_EXPONENT=<Exponent>
   PRIVATE_EXPONENT=<D>
   CRT_PRIME1=<P>
   CRT_PRIME2=<Q>
   CRT_EXPONENT1=<DP>
   CRT_EXPONENT2=<DQ>
   CRT_COEFFICIENT=<InverseQ>
   

   The order of the fields in the XML file are not important but make sure that the value of <P> is greater than <Q>.
3. You must have all the CRT components for the private key.
4. You could use the PKI_XML_EXCLPRIVATE option just to read in the public key instead of the private key. In that case, you could just have the <Modulus> and <Exponent> parameters in your XML file and you should use <RSAKeyValue> instead of <RSAKeyPair> as the outer tag. See userpublickey.xml.

Sample Code in C

This code in C shows how the key pair can be imported into CryptoSys PKI and can be verified, saved as an encrypted PKCS-8 file, and used to carry out a private key signing. It also shows how to read in and save a public key using both the public/private key pair and just the public key data.

Security Considerations

• You should securely destroy the XML file and all other unencrypted files containing the private key data.
• For proper security, the private key should never be saved or written down anywhere in unencrypted form. Note that the RSA_MakeKeys function creates and saves the private key directly to encrypted form.

Contact

For more information or to comment on this page, please send us a message.

This page last updated: 14 July 2019

Copyright © 2005-25 D.I. Management Services Pty Limited ABN 78 083 210 584 Australia. All rights reserved.
<www.di-mgt.com.au>   <www.cryptosys.net>

CryptoSys Home | CryptoSys PKI Home | Purchase | Contact us