RE: How to pack RSA structure?

Tue, 09 Jun 2009 17:45:14 -0700 

>       From: owner-openssl-us...@openssl.org On Behalf Of Ashwin Chandra
>       Sent: Monday, 08 June, 2009 19:48
>       I am using the RSA_generate_keys to generate an RSA * structure. 
> I wish to pack or serialize all the information in this structure 
> into an array of bytes and then deserialize it back into an RSA * 
> structure later on. What is the best way to do this?

>       I have a couple of options I have explored:

>       1.        Use BIGNUM conversion to array functions. This doesn't 
> seem like it will work with negative numbers. Also the other members 
> in the RSA structure would take a long time to serialize like the
RSA_METHOD 
> variable and ENGINE variable. 

None of the numbers in RSA (or other asymmetric crypto) is negative.
They often are 'exact bytes' (really octets) i.e. a multiple of 8 bits.
If you want an encoding that supports signed numbers, like ASN.1 DER, 
you must allow for that. (openssl's ASN.1 does so automatically.)

But why do you want fields other than those defined as part of the key 
(public or private)? It appears to me value-copied meth and engine 
won't be valid in a different program, or perhaps even process, and 
if you are using non-default ones, you'll need to re-set them explicitly. 
In that case you may need to define your own format that includes say 
engine name and file to load from (but the internal results of loading) 
in addition to the normal key fields. (Probably easiest to just make it 
SEQUENCE { yourstuff, standardpiece } but anything is possible.)

>       2.        Possibly converting RSA to PEM or some other format 
> and then converting back. However, I do not know if this is a lossless 
> conversion? Ie. Will I get my RSA struct back the way it was? 

The standard RSAPrivateKey format, available either in DER=binary 
or PEM=wrapped, contains all the information needed for a key.
You'll get an RSA struct back that is usable as a key.
That's what it's for, and normally that's all you need.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to