Skip to content

Latest commit

 

History

History
151 lines (115 loc) · 5.06 KB

example_asymm_key.md

File metadata and controls

151 lines (115 loc) · 5.06 KB
Raw

Asymmetric Key Example

Asymmetric Key Generation

Key Generation with default values

The following code is going to generate an RSA key. A default-spec is an RSASpec with 2048 bit modulus. In this case, the variable to receive the key is rsaKeyPair.

mococrw::AsymmetricKeypair rsaKeyPair = mococrw::AsymmetricKeypair::generateRSA();

The following code is going to generate an ECC key. A default-spec is an ECCspec with a PRIME_256v1 curve (aka NIST P-256 or secp256r1). In this case, the variable to receive the key is eccKeyPair.

mococrw::AsymmetricKeypair eccKeyPair = mococrw::AsymmetricKeypair::generateECC();

Custom Key Generation

It's possible to generate custom keys by providing the generate method with an RSASpec or ECCSpec.

Custom RSA Key

A default RSA key size is set up in case none is specified by the user. In this example, the function receives an RSASpec parameter with a size of 1024. The variable _rsaKeyPair1024 will hold the RSA key generated.

mococrw::AsymmetricKeypair rsaKeyPair1024 = mococrw::AsymmetricKeypair::generate(mococrw::RSASpec{1024});

Custom ECC Key

ECCSpec can be created by setting a custom curve type. List of all supported keys:

PRIME_192v1 = NID_X9_62_prime192v1,
PRIME_256v1 = NID_X9_62_prime256v1,
SECP_224r1 = NID_secp224r1,
SECP_384r1 = NID_secp384r1,
SECP_521r1 = NID_secp521r1,
SECT_283k1 = NID_sect283k1,
SECT_283r1 = NID_sect283r1,
SECT_409k1 = NID_sect409k1,
SECT_409r1 = NID_sect409r1,
SECT_571k1 = NID_sect571k1,
SECT_571r1 = NID_sect571r1,
mococrw::AsymmetricKeypair eccKeyPairSect571r1 = mococrw::AsymmetricKeypair::generate(mococrw::ECCSpec{openssl::ellipticCurveNid::SECT_571r1});

Saving Asymmetric Keys in PEM format

Writing Public key to Pem

Another functionality of the library is writing the key to a Pem string. A default RSA key pair is being written to Pem. The process is the same regardless the key type.

const std::string pemOfKey = rsaKeyPair.publicKeyToPem();

Writing Private key to Pem

When writing a private key to a Pem we must give it a password.

const std::string pemOfPrivateKey = eccPrivKey.privateKeyToPem("password");

Key Reading from PEM

Reading a Public Key from a PEM string

The following variables pemEccPrivKeySect409k1 and pemEccPubKeySect409k1 hold a PEM representation of the public and private key, respectively.

Public Key:

std::string pemEccPubKeySect409k1{R"(-----BEGIN PUBLIC KEY-----
MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAdjoVwkpy9CPA8RU3sd0aXV/XnHw5nE
7HgINd6ApxCaknRebk4Vgbgz04588YqjqQpQTAA+hxkUt1ZInurAHTt/ECQpvt1Y
OTBgNigakbLzq1LsbbyLWJsH5diall6Is+lgy2Mu1EA=
-----END PUBLIC KEY-----)"};
mococrw::AsymmetricPublicKey eccPubKey = mococrw::AsymmetricPublicKey::readPublicKeyFromPEM(KeyHandlingTests::_pemEccPubKeySect409k1);

Reading a Private Key from PEM

The correct password must be provided to get the private key. Private Key:

std::string pemEccPrivKeySect409k1{R"(-----BEGIN PRIVATE KEY-----
MIHCAgEAMBAGByqGSM49AgEGBSuBBAAkBIGqMIGnAgEBBDQAF2zFhKyxJiI7bGvG
Mw9rq7DUvrqTDJMHeRttpsZc0i9tFbvmaT2J5U39/RkseDha2b87oWwDagAEAAdj
oVwkpy9CPA8RU3sd0aXV/XnHw5nE7HgINd6ApxCaknRebk4Vgbgz04588YqjqQpQ
TAA+hxkUt1ZInurAHTt/ECQpvt1YOTBgNigakbLzq1LsbbyLWJsH5diall6Is+lg
y2Mu1EA=
-----END PRIVATE KEY-----)"};
mococrw::AsymmetricKeypair eccPrivKey = mococrw::AsymmetricKeypair::readPrivateKeyFromPEM(KeyHandlingTests::_pemEccPrivKeySect409k1, "correct_password");

Dilithium

As openssl does not support dilithium yet, generating and reading keys is implemented using different classes.

Key Generation

auto spec = DilithiumSpec(DilithiumKeyImpl::DilithiumParameterSet::DILITHIUM2);
auto priv_key = spec.generate();

// ------------ OR ------------------ //
auto priv_key_2 = DilithiumAsymmetricKeypair::generate(DilithiumSpec());

The following dilithium parameter sets are supported:

  • DilithiumKeyImpl::DilithiumParameterSet::DILITHIUM2
  • DilithiumKeyImpl::DilithiumParameterSet::DILITHIUM3
  • DilithiumKeyImpl::DilithiumParameterSet::DILITHIUM5

The default parameter set is DILITHIUM3 as recommended by the authors(see https://www.pq-crystals.org/dilithium/index.shtml).

Reading public key from DER

The DER format for the public key is described here. Sample keys are stored in the tests folder.

// Reading a public key
auto pubKeyData = utility::bytesFromFile<uint8_t>(<PATH_TO_FILE>);
auto pubKey = DilithiumAsymmetricPublicKey::readPublicKeyfromDER(pubKeyData);

Reading private key from DER

The DER format for the private key is described here. Sample keys are stored in the tests folder.

// Reading a private key
auto privKeyData = utility::bytesFromFile<uint8_t>(<PATH_TO_FILE>);
auto privKey = DilithiumAsymmetricPrivateKey::readPrivateKeyfromDER(privKeyData);

Writing keys

Writing keys to disk is not supported.