RSA_SaveEncPrivateKey

CryptoSys PKI Pro Manual

RSA_SaveEncPrivateKey

Saves a private key string to a PKCS-8 encrypted private key info file.

VBA/VB6 Syntax


Public Declare Function RSA_SaveEncPrivateKey Lib "diCrPKI.dll" 
    (ByVal strOutputFile As String, ByVal strPrivateKey As String, ByVal nCount As Long, 
    ByVal strPassword As String, ByVal nOptions As Long) As Long

nRet = RSA_SaveEncPrivateKey(strOutputFile, strPrivateKey, nCount, strPassword, nOptions) As Long

C/C++ Syntax


long __stdcall RSA_SaveEncPrivateKey(const char *szFileOut, const char *szKeyString, long nCount, const char *szPassword, long nOptions);

Parameters

szFileOut: [in] specifying the filename of the output file to be created.
szKeyString: [in] containing the private key string
nCount: [in] specifying the number of iterations to carry out
szPassword: [in] containing the password
nOptions: [in] option flags: to specify the PBE algorithm. Select one of:
PKI_PBE_SHA_3DES (0) to use pbeWithSHAAnd3-KeyTripleDES-CBC (default)
PKI_PBE_PBKDF2_DESEDE3 for PBKDF2 using des-EDE3-CBC
PKI_PBE_PBKDF2_AES128 for PBKDF2 using aes128-CBC
PKI_PBE_PBKDF2_AES192 for PBKDF2 using aes192-CBC
PKI_PBE_PBKDF2_AES256 for PBKDF2 using aes256-CBC
(there are more options - see security options for encrypted private keys)
and optionally add
PKI_KEY_FORMAT_PEM to export an ENCRYPTED PRIVATE KEY PEM-format file (default is binary BER-encoded format).

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a nonzero error code.

.NET Equivalent

Rsa.SaveEncPrivateKey Method
Rsa.SaveEncPrivateKey Method

Remarks

The default is to save as a binary BER-encoded PKCS-8 EncryptedPrivateKeyInfo file. If the PKI_KEY_FORMAT_PEM option is added, the file be will in PEM format. The PEM encrypted private key format uses the header and footer lines:

 -----BEGIN ENCRYPTED PRIVATE KEY-----
 -----END ENCRYPTED PRIVATE KEY-----

Example

This example reads Carl's unencrypted private key info file from [SMIME-EX] and saves in encrypted format with the password "password". It then checks that the two keys match by using the RSA_KeyHashCode function.

Dim strPRIFile As String
Dim strEPKFile As String
Dim strPrivateKey As String
Dim strPK1 As String
Dim nChars As String
Dim nRet As Long

strPRIFile = "CarlPrivRSASign.pri"

' Read in Carl's unencrypted PrivateKeyInfo data
nChars = RSA_ReadPrivateKeyInfo("", 0, strPRIFile, 0)
If nChars <= 0 Then
    MsgBox "Failed to read Private Key file"
    Exit Sub
End If
' Dimension the string to receive it - IMPORTANT
strPrivateKey = String(nChars, " ")
' Read in as an "internal" key string
nRet = RSA_ReadPrivateKeyInfo(strPrivateKey, nChars, strPRIFile, 0)
If nRet <= 0 Then
    MsgBox "Failed to read Private Key file"
    Exit Sub
End If
Debug.Print "Private key length is " & RSA_KeyBits(strPrivateKey) & " bits"

' Now save it in PKCS#8 encrypted form with a password
strEPKFile = "CarlPrivRSASign.p8e"
nRet = RSA_SaveEncPrivateKey(strEPKFile, strPrivateKey, 1000, "password", 0)
Debug.Print "RSA_SaveEncPrivateKey returns " & nRet & " (expected 0)"

' Check we can read it (note easier wrapper function)
strPK1 = rsaReadPrivateKey(strEPKFile, "password")
If Len(strPK1) > 0 Then
    Debug.Print "Encrypted private key is " & RSA_KeyBits(strPK1) & " bits"
Else
    MsgBox "Unable to read encrypted private key"
End If

' To compare these strings, use the RSA_KeyHashCode function
Debug.Print "HashCode(original prikeyinfo) =" & Hex(RSA_KeyHashCode(strPrivateKey))
Debug.Print "HashCode(encrypted prikeyinfo)=" & Hex(RSA_KeyHashCode(strPK1))
If RSA_KeyHashCode(strPK1) = RSA_KeyHashCode(strPrivateKey) Then
    Debug.Print "OK, Key string values match."
Else
    Debug.Print "ERROR: key strings do not match."
End If

This should give the output

Private key length is 1024 bits
RSA_SaveEncPrivateKey returns 0 (expected 0)
Encrypted private key is 1024 bits
HashCode(original prikeyinfo) =A937B1B5
HashCode(encrypted prikeyinfo)=A937B1B5
OK, Key string values match.