Get SecKeyRef from modulus/exponent

1.5k views Asked by At

I have a RSA key (pair) represented as big integeger modulus and exponent and need to encrypt/decrypt with those.

I figured out how to handle keys as needed in iOS using swift.

To my question: Is there any way to convert the modulus/exponent representation to a standard SecKeyRef?

Both is formatted as big int (coming from android), a modulus for example looks like this:

23986589886077318012326064844037831693417390067186403792990846282531380456965701688980194375481519508455379138899060072530724598302129656976140458275478340281694599774176865257462922861492999970413042311221914141827738166785420817621605554859384423695247859963064446809695729281306530681131568503935369097838468173777374667631401317163094053418212485192857751897040859007584244053136110895205839896478287122804119514727484734998762296502939823974188856604771622873660784676915716476754048257418841069214486772931445697194023455179601077893872576165858771367831752886749210944303260745331014786145738511592470796648651

1

There are 1 answers

0
Lubo On

I had exactly the same task - given a modulus and an exponent I had to create a public key and encrypt a message using that key. After a long time spent in reading and trying various libraries, I was able to accomplish this with OpenSSL. I'm posting my way of doing it below. Although it's written in Objective-C, it might be helpful.

NSData* message, modulus, exponent;
BIGNUM* mod = BN_bin2bn((unsigned char *)[modulus bytes], (int)modulus.length, NULL);
if (mod == NULL) {
    NSLog(@"Error creating modulus BIGNUM");
}

BIGNUM* exp = BN_bin2bn((unsigned char *)[exponent bytes], (int)exponent.length, NULL);
if (exp == NULL) {
    NSLog(@"Error creating exponent BIGNUM");
}

RSA* rsa = RSA_new();
rsa->pad = 0;
rsa->e = exp;
rsa->n = mod;

int keylen = RSA_size(rsa);
unsigned char* enc = malloc(keylen);
char* err = malloc(130);
int status = RSA_public_encrypt((int)message.length, (const unsigned char*)[message bytes], enc, rsa, RSA_NO_PADDING);

if (status != -1) {
    NSData* encryptedMessage = [NSData dataWithBytes:enc length:keylen];
    NSLog(@"Encryption SUCCESSFUL: %@", encryptedMessage);
}
else {
    ERR_load_crypto_strings();
    ERR_error_string(ERR_get_error(), err);
    NSLog(@"Encryption failed with error: %s", err);
}

free(enc);
free(err);

So first I'm creating big integers out of my NSData modulus and exponent. You already have them as big integers, but if they're not represented as OpenSSL's BIGNUM type, you'll have to convert them. BIGNUM has other useful functions for creating big integers like BN_hex2bn and BN_dec2bn - these create big integers out of C strings containing hexadecimal or decimal numbers. In my case the modulus and exponent are stored as a byte array in an NSData and BN_bin2bn creates a BIGNUM directly from that.

Moving on, I create an RSA structure which represents a key and holds the modulus and exponent, and the enc buffer, which will hold the raw encrypted bytes. The length of enc is the same as the size of the key, because RSA can not encrypt messages longer that the key.

The main work is done by the RSA_public_encrypt() function. It takes five arguments - the size of the message that you're going to encrypt, the actual message bytes, an output buffer to store the encrypted message in, the RSA key and a padding scheme. I'm using no padding here, because my message is exactly the same size as the key, but in the rsa.h there are macros that represent the most common padding schemes.

Lastly I check the status which holds the number of encrypted bytes and print an error message if something went wrong.

I hope this will help you and somebody else. Tell me if you managed to do it in Swift. Cheers ;-)

P.S. Adding OpenSSL to your iOS project is easy using CocoaPods. Just add

pod 'OpenSSL-Universal', '1.0.1.k'

to your podfile.