Hello,
First of all, and especially Angus, I thank you and I congratulate you
for the
impressive work you have done for the compatibility with OpenSSL 1.1.1 !
It is my first attempt to encrypt and decrypt a short message in a file
with RSA.
I would like to create a private key/public PEM file and to be able to
encrypt with public key and decrypt with the private key.
I started with the OverbyteIcsPemTool project.
(1) Creating a private key without password (for the begining ;)
Equivalent to command :
openssl genpkey ^
-out privater.pem -outform PEM ^
-algorithm RSA ^
-pkeyopt rsa_keygen_bits:3072 ^
-pkeyopt rsa_keygen_primes:2 ^
-pkeyopt rsa_keygen_pubexp:65537
Like in the demo I use a TSslCertTools and DoKeyPair().
It's OK except that I can not specify rsa_keygen_primes and
rsa_keygen_pubexp but the default value of OpenSSL are identical so I
get a good result.
Question 1 : Can I specify these options ?
(2) Extracting public key
Equivalent to command :
openssl rsa -in private.pem -pubout -out public.pem
Like in the demo I use TSslCertTools, PrivateKeyLoadFromPemFile and
PublicKeySaveToPemFile.
All is OK and compatible with OpenSSL !
(3) Using public key file only to encrypt RSA
Equivalent to command :
openssl rsautl ^
-in clear.txt ^
-out encrypted.txt ^
-inkey public.pem ^
-keyform PEM ^
-pubin ^
-encrypt ^
-oaep
The demo load a PEM file including private and public key.
Like the comments suggest it, I would like to encrypt with a public key
PEM file only.
I tried different solutions but I always get the error "No X509 Base64
certificate found" :
TX509Base.LoadFromPemFile, TX509.PublicKeyLoadFromText
So I decided to "reverse" PublicKeySaveToPemFile, like so :
var
vFileName : string;
vFileBio : PBIO;
vPublicKey : PEVP_PKEY;
vLire : TFileStream;
vClair : string;
vEcrire : TFileStream;
vChiffre : string;
begin
vFileName := 'public.pem';
vFileBio := nil;
vPublicKey := nil;
vLire := nil;
vEcrire := nil;
try //-> except
try //-> finally
// Initialization
OverbyteIcsWSocket.LoadSsl();
// Read public key
vFileBio := IcsSslOpenFileBio
(
// const FileName : String;
vFileName,
// Methode: TBioOpenMethode
bomReadOnly
);
vPublicKey := f_PEM_read_bio_PUBKEY(vFileBio, nil, nil, nil);
if not Assigned(vPublicKey) then
begin
Exception.Create
(
'Error reading public key from ' + vFileName
);
end;
// Read clear text
vLire := TFileStream.Create
(
'clear.txt',
fmOpenRead,
fmShareDenyWrite
);
uStream_ReadString(vLire, vLire.Size, vClair);
FreeAndNil(vLire);
// Encrypt RSA
vChiffre := StrEncRsa
(
// PubKey : PEVP_PKEY;
vPublicKey,
// const S : AnsiString;
vClair,
// B64 : Boolean;
False,
// Padding : TRsaPadding = rpPkcs1
rpPkcs1Oaep
);
// Write encrypted text
vEcrire := TFileStream.Create
(
'encrypted.txt',
fmCreate,
fmShareDenyWrite
);
uStream_WriteString(vEcrire, vChiffre);
FreeAndNil(vEcrire);
// Finalization
ShowMessage('Done !');
finally
if Assigned(vFileBio) then f_bio_free(vFileBio);
OverbyteIcsWSocket.UnloadSsl();
end;
except
on vE : Exception do
begin
ShowMessage(vE.Message);
end;
end;
end;
It works and is compatible with OpenSSL decryption.
Question 2 :
Have I missed something ?
It does not seem logical to me that the public key is not loadable with
the standard functions (TX509)?
Do you think my code is OK ?
Thank you very much
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
