[Autocrypt] How to create the "raw key" part from an RSA key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 16 22:57:31 EDT 2017 

Hi Bjoern--

On Tue 2017-05-16 13:13:01 +0200, Bjoern wrote:
> I'm just about to add AutoCrypt to Delta Chat.

great!

> I'm creating the key pair using the following code:
>
>     // generate key
>     BIGNUM*       e   = BN_new();
>     RSA*          rsa = RSA_new();
>
>     BN_set_word(e, 65537);
>     if( RSA_generate_key_ex(rsa, 2024, e, 0) != 1 ) {
>         goto cleanup;
>     }
>
>     //  convert RSA key to PUBLIC KEY
>     EVP_PKEY* pkey = EVP_PKEY_new();
>     EVP_PKEY_set1_RSA(pkey, rsa);
>
> now I can get the keys as `-----BEGIN PUBLIC KEY----- ...` and
> `-----BEGIN RSA PRIVATE KEY----- ...` using
>
> PEM_write_bio_PUBKEY(bio1, pkey);
>
> and
>
> PEM_write_bio_RSAPrivateKey(bio2, rsa, NULL, NULL, 0, NULL, NULL);


these forms are for "raw" public keys or private keys.  the autocrypt
type=p (the only defined type) is an OpenPGP certificate, which means:

 * it has two keys involved -- a primary and a subkey, which are bound
   to one another cryptographically
 * it has a user ID associated with (and cryptographically bound to) the
   primary key
 * it has some structure and framing around it

(all these details are described in detail in RFC 4880).

I don't think that OpenSSL supports any OpenPGP framing natively.
However, i think that Net::PGP is a layer on top of OpenSSL which ought
to be able to build the associated packets.  this is what PEP is using,
i think, though i don't really understand their licensing model (i've
asked Hernani from PEP about the interaction between the OpenSSL license
and the GPL license that they intend to use for Net::PGP, and never got
a clear response).

Also, it looks like you're asking for a 2024-bit key -- we recommend
2048-bit or higher!

         --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20170516/439027b8/attachment.sig>

More information about the Autocrypt mailing list