[Autocrypt] How to create the "raw key" part from an RSA key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue May 16 22:57:31 EDT 2017
Hi Bjoern--
On Tue 2017-05-16 13:13:01 +0200, Bjoern wrote:
> I'm just about to add AutoCrypt to Delta Chat.
great!
> I'm creating the key pair using the following code:
>
> // generate key
> BIGNUM* e = BN_new();
> RSA* rsa = RSA_new();
>
> BN_set_word(e, 65537);
> if( RSA_generate_key_ex(rsa, 2024, e, 0) != 1 ) {
> goto cleanup;
> }
>
> // convert RSA key to PUBLIC KEY
> EVP_PKEY* pkey = EVP_PKEY_new();
> EVP_PKEY_set1_RSA(pkey, rsa);
>
> now I can get the keys as `-----BEGIN PUBLIC KEY----- ...` and
> `-----BEGIN RSA PRIVATE KEY----- ...` using
>
> PEM_write_bio_PUBKEY(bio1, pkey);
>
> and
>
> PEM_write_bio_RSAPrivateKey(bio2, rsa, NULL, NULL, 0, NULL, NULL);
these forms are for "raw" public keys or private keys. the autocrypt
type=p (the only defined type) is an OpenPGP certificate, which means:
* it has two keys involved -- a primary and a subkey, which are bound
to one another cryptographically
* it has a user ID associated with (and cryptographically bound to) the
primary key
* it has some structure and framing around it
(all these details are described in detail in RFC 4880).
I don't think that OpenSSL supports any OpenPGP framing natively.
However, i think that Net::PGP is a layer on top of OpenSSL which ought
to be able to build the associated packets. this is what PEP is using,
i think, though i don't really understand their licensing model (i've
asked Hernani from PEP about the interaction between the OpenSSL license
and the GPL license that they intend to use for Net::PGP, and never got
a clear response).
Also, it looks like you're asking for a 2024-bit key -- we recommend
2048-bit or higher!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20170516/439027b8/attachment.sig>
More information about the Autocrypt
mailing list