Importing an RSA key from known parameters

Question:

I already have the component values of an RSA key pair. How can I import these to use with CryptoSys PKI?
My data is in the following format:

[sample key length: 1024 bits]
MODULUS=CE31F9E9DA1C6852E6A90B4A008ADB344F472CD2E41BEE64...
PUBLIC_EXPONENT=03
PRIVATE_EXPONENT=8976A69BE6BD9AE1EF1B5CDC005C9222DF84C88C98129EED...
CRT_PRIME1=F4A6CCC55730A6FCCF0AFD50B4D289C8D27FCE9F644EE950...
CRT_PRIME2=D7C2835BA59A055C9EA1221CE79F288AFFE137F2817D85EC...
CRT_EXPONENT1=A319DDD8E4CB19FDDF5CA8E0788C5BDB36FFDF14ED89F0E0...
CRT_EXPONENT2=8FD7023D191158E869C0C1689A6A1B075540CFF700FE5948...
CRT_COEFFICIENT=32104D228C6B850CCC1F3BEA0748D95FB23C233E4EB1EE48...

Full details in this file.

Answer:

Use a text editor to cut-and-paste your key data into an XML file "by hand" in the required format then import using the RSA_FromXMLString function. You can use the result in a function like RSA_RawPrivate and you can save in encrypted PKCS-8 format using RSA_SaveEncPrivateKey. You should verify the key pair with RSA_CheckKey before using.

For more information on RSA key formats and how they can be stored and read using CryptoSys PKI, see RSA Key Formats.

Details

Create an <RSAKeyPair> XML file using our non-standard attribute EncodingType="hexBinary" to signal that the data is in hexadecimal format instead of the usual XML base64 format. The XML file for the above data should look like userkey.xml. The hexadecimal values can be in upper or lower case or mixed, and white space is ignored. The RSA_FromXMLString function will decode the hex values provided and convert to its own internal private key format.

The equivalent XML fields are

MODULUS=<Modulus>
PUBLIC_EXPONENT=<Exponent>
PRIVATE_EXPONENT=<D>
CRT_PRIME1=<P>
CRT_PRIME2=<Q>
CRT_EXPONENT1=<DP>
CRT_EXPONENT2=<DQ>
CRT_COEFFICIENT=<InverseQ>

The order of the fields in the XML file are not important but make sure that the value of <P> is greater than <Q>.

You must have all the CRT components for the private key.
You could use the PKI_XML_EXCLPRIVATE option just to read in the public key instead of the private key. In that case, you could just have the <Modulus> and <Exponent> parameters in your XML file and you should use <RSAKeyValue> instead of <RSAKeyPair> as the outer tag. See userpublickey.xml.

Sample Code in C

This code in C shows how the key pair can be imported into CryptoSys PKI and can be verified, saved as an encrypted PKCS-8 file, and used to carry out a private key signing. It also shows how to read in and save a public key using both the public/private key pair and just the public key data. Download the MSVC5++ project (45 kB).

Security Considerations

You should securely destroy the XML file and all other unencrypted files containing the private key data.
For proper security, the private key should never be saved or written down anywhere in unencrypted form. Note that the RSA_MakeKeys function creates and saves the private key directly to encrypted form.

This page last updated 13 May 2006

Home | PKI Home | Purchase | Cryptography Software Code | Contact us
Copyright © 2005-6 D.I. Management Services Pty Limited ABN 78 083 210 584, Sydney, Australia. All rights reserved.
<www.di-mgt.com.au> <www.cryptosys.net>