dotnet security: Import RSA parameters from .PEM format -- dotnet security

You're in the

dotnet security

group:

Import RSA parameters from .PEM format

Import RSA parameters from .PEM format

Mauricio Grimberg
7/19/2005 11:33:21 AM

dotnet security:

Hi people: I must load a RSA object from a .PEM file.
It seems not to be trivial.
I suppose I must obtain the RSAParameters from the file but I really don't
know how.

Mauricio Grimberg

Re: Import RSA parameters from .PEM format

Michel Gallant
7/19/2005 5:29:21 PM

Which type of key? public key, private key, encrypted private key?
See here for a start:
http://www.jensign.com/JavaScience/PEM/pemformats.txt

- Mitch Gallant
MVP Security

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Michel Gallant
7/19/2005 7:18:29 PM

The PrivateKeyInfo format is not accessible directly from
..NET 1.1 or 2.
You could P/Invoke using CryptImportPKCS8(..) and similar which is
a bit awkward .. because that imports into a CSP and then you
need to get the parameters from there ..

See also, the PKCS#8 PrivateKeyInfo (unfortunately in Java which has
fairly good support for PKCS#8 :-)
to capi PRIVATEKEYBLOB converter here:
http://www.jensign.com/JavaScience/PvkConvert
- Mitch

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/19/2005 7:54:37 PM

It seems to be [Private Key (Traditional SSLeay RSAPrivateKey format)
Encrypted:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,24A667C253F8A1B9]

Something like -----BEGIN RSA PRIVATE KEY-----
MIIBOwIBLABLATheFollowing==
-----END RSA PRIVATE KEY-----
Thanks in advance.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/20/2005 12:00:00 AM

Is there a .net way to go from the hex in openssl (00:d5:80 ..) and 3 (0x3)
to the b64 in .net?

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Eugene Mayevski
7/20/2005 10:48:51 AM

Hello!
You wrote on Tue, 19 Jul 2005 19:54:37 -0300:

MG> It seems to be [Private Key (Traditional SSLeay RSAPrivateKey format)
MG> Encrypted:

You can use PKIBlackbox (freeware, http://www.eldos.com/sbb/desc-pki.php)
for this. This is done with a couple of calls.

With best regards,
Eugene Mayevski

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/20/2005 11:25:32 AM

Thanks Michel :)
I'll Try.
[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/20/2005 11:26:40 AM

Thanks Eugene, I'm downloading it now. :)
[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Michel Gallant
7/20/2005 12:05:04 PM

The dirst dump (00:d5:80 ..) is a hex dump for a 512 bit key

The .NET <Modulus> 2azk.. dump is a b64 representation of
a different (obviously) 1024 bit RSA modulus.
The exponent, AQAB (in b64) is the most common RSA public exponent,
or in hex 01:00:01 or 65537 decimal.

- Mitch

[quoted text, click to view]
<Modulus>2azkR5n3jzWQzpa/ukMjiVFhehgZyIMfcrgMBsJr260lLcX6Sr7lnWr4tapN8HQAW0HLIM6bn6h0Nk1Do0oiRGMG1Mj0+P5yaIHqYT0tCRem1A4xVfCfTrYzdOz
pudkGrYdtk8MAjqI2JK1QQWW5LDQ21Xj/oqYO06TANeLcmns=</Modulus>
[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/20/2005 12:19:11 PM

I tried with openssl and the library got for me the parameters but the info
in each parameter is not intelligible for me.
As an example:
modulus:
00:d5:80:89:03:33:5f:44:32:25:c6:49:5d:88:83:
5d:f9:28:88:12:2c:bc:26:0d:b9:dc:e1:03:20:cc:
f2:2f:a0:ae:33:d2:f2:ff:69:71:92:03:6f:9d:3e:
ad:55:27:d0:ba:0b:71:10:16:cf:d7:44:1f:73:f8:
b6:41:7f:56:23
publicExponent: 3 (0x3)

I should wait something more like this:

<Modulus>2azkR5n3jzWQzpa/ukMjiVFhehgZyIMfcrgMBsJr260lLcX6Sr7lnWr4tapN8HQAW0HLIM6bn6h0Nk1Do0oiRGMG1Mj0+P5yaIHqYT0tCRem1A4xVfCfTrYzdOzpudkGrYdtk8MAjqI2JK1QQWW5LDQ21Xj/oqYO06TANeLcmns=</Modulus>

<Exponent>AQAB</Exponent>

I'm fightingth, thanks :)

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Joe Kaplan (MVP - ADSI)
7/20/2005 4:54:05 PM

You would need to parse the open SSL hex dump to get it into a byte array.
Once you have a byte array, you just call Convert.ToBase64String.

Looping through the hex string and using Byte.Parse should work fine.

Also, be careful about "endian" issues. One implementation may be expecting
the key in reverse order from the other. :)

Joe K.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/21/2005 12:00:00 AM

I'm near :)
My problem is the Exponent: publicExponent: 3 (0x3)
Using Convert.ToBase64String the number 3 gives me "Aw==", or using 3 (0x3)
"MA=="
Mmmm......

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Michel Gallant
7/21/2005 12:00:00 AM

Yes that is correct. The exponent is a binary number (as is the modulus).
Don't confuse the b64 encoding of the character 3 (which would actually give Mw== )
with the binary byte 3.
- Mitch

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Joe Kaplan (MVP - ADSI)
7/21/2005 11:41:53 AM

If it is a single byte, then a byte array containing that single byte
converted to Base64 would be Aw==, so I don't necessarily see the problem.

Joe K.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/21/2005 8:28:42 PM

Thanks people, you are really helping me.
Let's fight :)

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/26/2005 6:54:08 PM

Step by step:

1)I use openssl to parse the .pem file

2)I open the resulting file and convert the hex dump to byte arrays

3)I load the RSAParameters object with the adecuate byte arrays

Unhappy 4)And when I use ImportParameters to load the key :
"System.Security.Cryptography.CryptographicException: Bad Data.

at
System.Security.Cryptography.RSACryptoServiceProvider._ImportKey(IntPtr
unknown1, Int32 unknown2, RSACspObject unknown3)

at
System.Security.Cryptography.RSACryptoServiceProvider.ImportParameters(RSAParameters
parameters)

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/26/2005 6:56:01 PM

It seems not to be working.
I'm having the same problem that I got parsing the file manually.
[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Joe Kaplan (MVP - ADSI)
7/27/2005 9:12:58 AM

So, what was the difference in the raw data that you used for the import
between what you were getting with OpenSSL and SBB? Was the data totally
different or just in the wrong order or something?

Joe K.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/27/2005 11:02:59 AM

OK, obviously it is not trivial and the reply took some days. I supposed you
couldn't.
I was wrong!!! :)
Really SecureBlackBox gives a good support, really.
It works, this time ImportParameters didn't reply me with "Bad data" and
ToXmlString(True) shows the info.
Let's work. Have a nice day.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Mauricio Grimberg
7/27/2005 11:26:09 AM

I didn't test it and I'n running out of time but I suppose that the problem
is that .Net is waiting an exact length of bytes in each parameter.
Leading zeros should be a solution.
The people in Eldos took time to go to the KB and they talk me about this
problem.
It is virgin earth.

[quoted text, click to view]

Re: Import RSA parameters from .PEM format

Eugene Mayevski
7/27/2005 12:03:47 PM

Hello!
You wrote on Tue, 26 Jul 2005 18:56:01 -0300:

MG> I'm having the same problem that I got parsing the file manually.

Our support has provided you a sample code yesterday (I can see it in our
HelpDesk). If you are getting not what you expect, it is possible, that you
need something special, not just raw data (that you receive).

With best regards,
Eugene Mayevski

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the dotnet security group.

home · blog · groups

Questions? Comments? Contact the dn