2

I am trying to decrypt a message using a private key with openssl. My implementation works fine when i use the private key in the following format

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDDEOX/tFJZrgR0dtTN2/jgPAJjWKE68aw8ayYaGn9fo1sJAE3C
uH6Ym3hu775Enfd5DhtJ38g8RCFLzGVP/LW6n4+LsKS5HRZTGcDkpME0sVoLHLZd
w8z4xZe5h+lT0jwkap5BNyHJCSddipxzjQIEtW+w8V6BkKkFw6UYN1Xn5QIDAQAB
AoGAUeS0Ssfvksrl/+crrElfkPRgpEi/V7nCb5Mkae0Z8JLqUzsXalp+e585zolE
PhZ7oQz1E+ypafPIbsQe/JfByx3itUk7J8+bZO4TpE8n5Afz8EdZLIqJU11MoafH
mWYYWsoMdymgxasuu0ygyeswP42/aw1M+qQgoWBSoPtgLrkCQQDsygWQRI868JKJ
OXzeKV6HTKjGXg37Zm050UaPk2a8inGk6F5RqH1+IZ4istrlcJTpJTuQCsVHJ+SQ
nLveL09vAkEA0uRPeSdXbi92AR/5fj2Xh2APerYjRgK11nh4QEiqbmKyNdW7r9zb
tIQiL9f4AXvcwIVnSWVgiTCwWOa9w8lT6wJBAOMlWPjwC8YqiSeCMjqbzMZVz4Gb
MCZ+N0FDdEC+0csDs8jR78i9rMSWUzBOCpYWzYJp6R1gd6auqh/feojFMZkCQQCO
Gkly2Y+QL2rUVzdGWTpBffjwNsqN4kWkvohIyK4Os3Jh1CMj3S4t9NsUYfI7Dbsx
/rIaQrVJvAUX4mL8Ci0BAkEAuAZBSTmd7MQybVlWCP1AVvlMyW1CV/Mts4tLsGO5
NRMuXY0CrQaO69MW4nuHCSmshBcNB7ahGxYYYMaHmem3QQ
-----END RSA PRIVATE KEY-----

When I try with the same key without the encapsullation headers (-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----) it is failing.

Does these headers are mandatory for the keys?

If I want to use the key without headers which API of OpenSSL should i use?

jww
  • 97,681
  • 90
  • 411
  • 885
Mario Super
  • 309
  • 3
  • 14
  • There is no other API which is equally easy to use. Why is this an issue? It should be easy to add or remove the header and footer. – Artjom B. Mar 21 '17 at 18:46
  • This is not an issue.My customer will give the key as input without headers.So i am looking to build the RSA structure with any API. I am able to do strcat() to include the headers and footer. But that looks a bit hardcoded which is the reason for checking the alternates – Mario Super Mar 21 '17 at 19:13
  • 1
    See [How to generate RSA private key using openssl?](http://stackoverflow.com/a/30493975/608639) It provides information on the different encoding formats. The short of it is, if its PEM encoded, then it needs the encapsulation headers. If you don't want the headers, then use ASN.1/DER. You are in a mildly unusal middle ground - you want Base64 encoded ASN.1/BER. Usually you just use PEM. But its OK to forgo the headers, Base64 decode, then use the `d2i_RSAPrivateKey_bio` to read it. – jww Mar 21 '17 at 19:40
  • 1
    Note you can layer BIOs: create a memBIO which reads the unlabelled base64, then a b64BIO which reads that memBIO and returns binary, and have d2i read from that b64BIO. – dave_thompson_085 Mar 21 '17 at 21:27
  • I don't see why this is off topic here, unless the command line usage is implied. Feel free to provide a better answer than mine. – Maarten Bodewes Mar 22 '17 at 22:51

1 Answers1

0

The type of the key format is defined by the header and footer of the PEM encoded key. Internally it is just a PKCS#1 private key. For more information about the format you can look at this Q/A or the ASN.1 decoded key here.

So although all the information is in the base 64 encoding in the middle implementations may not directly be able to parse it, mainly because the type of the structure is not known.

You can however base 64 decode it and use it as a key within OpenSSL. You may need to specify -inform DER or something similar in that case.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263