3

The main problem is that I'm quite new to C, and the OpenSSL documentation is not clear enough for me, I've tried using Reading and writing rsa keys to a pem file in C, but I don't quite understand it. For example, how does the create_rsa_key() function creates both the private and the public? And where does pCipher come from? And what's the point of the pcszPassphrase?

I'll explain as if it was some sort of pseudocode, this is what I want to do, and the parts in bold are those I don't know how to do it:

  • generate private key and public key as buffers in hex (client)
  • send the public key to the other endpoint safely (client)
  • encrypt some data with a random 256 bit password using AES256 CBC (server)
  • encrypt the password using the public key (server)
  • send the encrypted data to the client (server)
  • decrypt the encrypted 256 bit password using the private key (client)
  • decrypt the file

Basically I know how to handle AES encryption/decryption and the communication protocol, they're already implemented anyway, my issue is RSA, and I need hex format not base64 or pem as I'm working with sockets and sending and storing as binary data.

Community
  • 1
  • 1
Onza
  • 1,710
  • 4
  • 18
  • 31
  • By the way I tried to be simple, I know there are security leaks in my block example, but there's much more behind what I say here. – Onza Jun 20 '15 at 21:39
  • By "hex format" you mean the ASN.1 encoding, right? (of which, all basic PEM really becomes is a header, footer and the base64 encoding of the RSA key ASN). Is that all you're really after? – WhozCraig Jun 20 '15 at 22:04
  • Yes sorry I forgot http://etherhack.co.uk/asymmetric/docs/rsa_key_breakdown.html – Onza Jun 20 '15 at 22:06
  • In that website you can find the structure in hex of what I want... which is in fact, ASN.1 – Onza Jun 20 '15 at 22:07
  • Regarding the ASN.1 representations of the public and private key, both `i2d_RSAPublicKey` and `i2d_RSAPrivateKey` should do what you want. And **decrypt the file** followed immediately thereafter by "Basically, I know how to handle AES encryption/decryption" are direct contradictions. – WhozCraig Jun 21 '15 at 02:42
  • @WhozCraig you're right however i2d_RSAPublicKey is making my buffer basically a bunch of 00 – Onza Jun 21 '15 at 19:49
  • That function doesn't use "your buffer". It allocates one. You send it a pointer-to-pointer and it does the allocation, populates the result, and returns the length of the buffer allocated. – WhozCraig Jun 22 '15 at 00:43
  • See [example here](http://coliru.stacked-crooked.com/a/ae64a70076436165). – WhozCraig Jun 22 '15 at 00:57

1 Answers1

1

As discussed on IRC, the answer to the create_rsa_key question is addressed by https://stackoverflow.com/a/29589818/37923 - it's not meant to work that way.

pcszPassphrase is meant to be the password/phrase to protect the private key. It would be provided by the user, but isn't a requirement.

Community
  • 1
  • 1
Mark
  • 6,269
  • 2
  • 35
  • 34