Re: [racket-users] How do I (de)serialize PKI keys for storage?
On Tue, Dec 18, 2018 at 7:03 PM Greg Hendershott wrote: > Maybe it is a limitation of libgcrypt? All three return #t for me when > using libcrypto: > > (require crypto crypto/libcrypto) > (crypto-factories libcrypto-factory) > > Although I don't know the pros and cons of each, it seems the > libcrypto pros include this working, as well as it being installed by > default on macOS (at least for me on 10.11.6)? > Yes, that is a substantial pro. :> I went to gcrypt because libcrypto lacked some features I needed, but I should be able to mix'n'match. Thanks for finding this. > On Tue, Dec 18, 2018 at 5:36 PM David Storrs > wrote: > > > > I'm trying to persist public/private keys to our database and having > some trouble: > > > > > > Welcome to Racket v6.11. > > > (require crypto crypto/gcrypt) > > > (crypto-factories gcrypt-factory) > > > (define key (generate-private-key 'rsa)) > > > key > > (object:gcrypt-rsa-key% ...) > > > (define pub (pk-key->public-only-key key)) > > > pub > > (object:gcrypt-rsa-key% ...) > > > (public-key=? key pub) > > #t > > > (public-key=? key (datum->pk-key (pk-key->datum key 'OneAsymmetricKey) > 'OneAsymmetricKey)) > > #f > > > (public-key=? key (datum->pk-key (pk-key->datum key 'RSAPrivateKey) > 'RSAPrivateKey)) > > #f > > > (public-key=? key (datum->pk-key (pk-key->datum key 'rkt-private) > 'rkt-private)) > > #f > > > > The docs state that GCrypt does not have the ability to recompute a > public key component form the data in a 'PrivateKeyInfo format, so that's > no good. > > > > pk-keys are objects, not structs, and there doesn't appear to be any way > to say "here's a private key and a public key, composite them". > > > > This has to be a thing that people do, so what am I missing? > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Racket Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to racket-users+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] How do I (de)serialize PKI keys for storage?
Cool, thanks! You are, as always, fantastic. On Tue, Dec 18, 2018 at 7:47 PM Ryan Culpepper wrote: > On 12/18/18 23:36, David Storrs wrote: > > I'm trying to persist public/private keys to our database and having > > some trouble: > > > > > > Welcome to Racket v6.11. > > > (require crypto crypto/gcrypt) > > > (crypto-factories gcrypt-factory) > > > (define key (generate-private-key 'rsa)) > > > key > > (object:gcrypt-rsa-key% ...) > > > (define pub (pk-key->public-only-key key)) > > > pub > > (object:gcrypt-rsa-key% ...) > > > (public-key=? key pub) > > #t > > > (public-key=? key (datum->pk-key (pk-key->datum key > > 'OneAsymmetricKey) 'OneAsymmetricKey)) > > #f > > > (public-key=? key (datum->pk-key (pk-key->datum key 'RSAPrivateKey) > > 'RSAPrivateKey)) > > #f > > > (public-key=? key (datum->pk-key (pk-key->datum key 'rkt-private) > > 'rkt-private)) > > #f > > > > The docs state that GCrypt does not have the ability to recompute a > > public key component form the data in a 'PrivateKeyInfo format, so > > that's no good. > > > > pk-keys are objects, not structs, and there doesn't appear to be any way > > to say "here's a private key and a public key, composite them". > > > > This has to be a thing that people do, so what am I missing? > > The bug is in public-key=?. The serialization and deserialization are > okay; if you try, you should see that the original and deserialized keys > can verify each other's signatures, for example. > > I've pushed a fix. Thanks for the report! > > Ryan > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] How do I (de)serialize PKI keys for storage?
On 12/18/18 23:36, David Storrs wrote: I'm trying to persist public/private keys to our database and having some trouble: Welcome to Racket v6.11. > (require crypto crypto/gcrypt) > (crypto-factories gcrypt-factory) > (define key (generate-private-key 'rsa)) > key (object:gcrypt-rsa-key% ...) > (define pub (pk-key->public-only-key key)) > pub (object:gcrypt-rsa-key% ...) > (public-key=? key pub) #t > (public-key=? key (datum->pk-key (pk-key->datum key 'OneAsymmetricKey) 'OneAsymmetricKey)) #f > (public-key=? key (datum->pk-key (pk-key->datum key 'RSAPrivateKey) 'RSAPrivateKey)) #f > (public-key=? key (datum->pk-key (pk-key->datum key 'rkt-private) 'rkt-private)) #f The docs state that GCrypt does not have the ability to recompute a public key component form the data in a 'PrivateKeyInfo format, so that's no good. pk-keys are objects, not structs, and there doesn't appear to be any way to say "here's a private key and a public key, composite them". This has to be a thing that people do, so what am I missing? The bug is in public-key=?. The serialization and deserialization are okay; if you try, you should see that the original and deserialized keys can verify each other's signatures, for example. I've pushed a fix. Thanks for the report! Ryan -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] How do I (de)serialize PKI keys for storage?
Maybe it is a limitation of libgcrypt? All three return #t for me when using libcrypto: (require crypto crypto/libcrypto) (crypto-factories libcrypto-factory) Although I don't know the pros and cons of each, it seems the libcrypto pros include this working, as well as it being installed by default on macOS (at least for me on 10.11.6)? On Tue, Dec 18, 2018 at 5:36 PM David Storrs wrote: > > I'm trying to persist public/private keys to our database and having some > trouble: > > > Welcome to Racket v6.11. > > (require crypto crypto/gcrypt) > > (crypto-factories gcrypt-factory) > > (define key (generate-private-key 'rsa)) > > key > (object:gcrypt-rsa-key% ...) > > (define pub (pk-key->public-only-key key)) > > pub > (object:gcrypt-rsa-key% ...) > > (public-key=? key pub) > #t > > (public-key=? key (datum->pk-key (pk-key->datum key 'OneAsymmetricKey) > > 'OneAsymmetricKey)) > #f > > (public-key=? key (datum->pk-key (pk-key->datum key 'RSAPrivateKey) > > 'RSAPrivateKey)) > #f > > (public-key=? key (datum->pk-key (pk-key->datum key 'rkt-private) > > 'rkt-private)) > #f > > The docs state that GCrypt does not have the ability to recompute a public > key component form the data in a 'PrivateKeyInfo format, so that's no good. > > pk-keys are objects, not structs, and there doesn't appear to be any way to > say "here's a private key and a public key, composite them". > > This has to be a thing that people do, so what am I missing? > > > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[racket-users] How do I (de)serialize PKI keys for storage?
I'm trying to persist public/private keys to our database and having some trouble: Welcome to Racket v6.11. > (require crypto crypto/gcrypt) > (crypto-factories gcrypt-factory) > (define key (generate-private-key 'rsa)) > key (object:gcrypt-rsa-key% ...) > (define pub (pk-key->public-only-key key)) > pub (object:gcrypt-rsa-key% ...) > (public-key=? key pub) #t > (public-key=? key (datum->pk-key (pk-key->datum key 'OneAsymmetricKey) 'OneAsymmetricKey)) #f > (public-key=? key (datum->pk-key (pk-key->datum key 'RSAPrivateKey) 'RSAPrivateKey)) #f > (public-key=? key (datum->pk-key (pk-key->datum key 'rkt-private) 'rkt-private)) #f The docs state that GCrypt does not have the ability to recompute a public key component form the data in a 'PrivateKeyInfo format, so that's no good. pk-keys are objects, not structs, and there doesn't appear to be any way to say "here's a private key and a public key, composite them". This has to be a thing that people do, so what am I missing? -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
