I'm a bit new to RSA Encryption. I made an RSA Key Pair using PGPfreeware 6.5.8, and I'm writing a VB.NET code that will encrypt and decrypt a field in an XML file. I made an export to the RSA key that includes both Public and Private Keys and I got the file in .asc extension (For ASCII). and I got the public and private keys in this format:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
lQOfA1Tnk1QAAAEIANl3u0UiHAEShaaHRqqL+5nFsrJSHSsRWnPbYjbT7CeJro6Z
Yiwd897w2UW5e7f9sBE6wQBg5qxPodP/kE+70xOlNcCRoV2NexoO8ldDWsm6Sb8s
nB5Paa3cvjC76NZL8E9lGkaPYICJIzN2LtDsgYtYzNnpL4hJ9lHBjeYFr8PGgkQO
7gnVSCGJvDfo9Ov+mmq94aS8eIfMSkyy58zGU4qifbiNF8vBDYhB03H+sdmEDhGx
WH+oWp5LWOgIytW/ZKRuALU75omyeBhVz+nVxziXl1cQR1cahG3fGpaEZDs3SW2t
GDnL2T/z0ED+HVh86yId2+pFimkWlmMiQqqSOK0ABREBod8mktdzj5IH+PvIArUB
4zUTzhvO9WOW5nE62EWDaOiMvofdTDqNHwNkL8JZvSt09wwT24KOhMQqJOgjI0xF
Wl6abL4gsiQ8f7Dy7Fj5+rgepsd9lrAbDPvk5xsy47YMsoPClADfmzWUdaFrLZYc
ZYDPIYwLuzwhkl7qr14WGBY3OKRP9e/oU2oD2AtF2M0tMvaaaE5qiR1+HtpmNy1s
N/fZzUOUOyjypKXWIBHG6gEfm8MfxkYxECnPkHWWjwWCKe4lFw2hnKKhjjC64kSH
asqkZDQ5OekT+icb5H4J94pcn9L4xbwQGpIenPuCYbU2WiJPKhdt1w9C9EsWavpG
4lDvjPxFC8jlZQQALns8/MdcoX8eoOZvse3Iy++lQGNix6CzaKbet4mBRHMCyUD/
HTt0BQVi7fF4u9/edXuQvN/DIZxhwxYoiZB2P18zhkqyhXPUUQMEeDuf4KazaV/0
TfPJ9PC+9WwL4jfrNw1DywKQB1nhz/P54leQbvXdp4/4hlXQxXIj9Jjriz4EANlD
I/WFS87GZtTKJdIQbu7CtyQIF1Ykob1vgPy+/1wJhJMc/O6S+WHjl7WODNc0qIF/
l1CjM2d6h3xU4m2Ng51tfrb8D9uD05B7vVOGRaEqh8lpayjXn9PAOlmqAXhDZMjr
caxjT3ncdxiJzjBFuaLcIs9d8r5amvtzFMnpB2BGA/20c0+XulFlksPa9lB8frft
r1APvYNaLm5VfqweXl8VS6Zw1KEy19RbhxpOYJ1GfrdptsqG8SvXhfzGLILzHos0
QUCYBr7ymlj5cC3CClhFpTi2E5yQntuOlUtk5JTznaG3RZxUlQy/hsU3Js/q18UH
KDvKMMiW/BPQAdpOJZcVcEt7tCFBbmFzIE4uIE1vdXNhIDxhbW91c2FAbWVkY29y
LmNvbT4=
=pxF6
-----END PGP PRIVATE KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQENA1Tnk1QAAAEIANl3u0UiHAEShaaHRqqL+5nFsrJSHSsRWnPbYjbT7CeJro6Z
Yiwd897w2UW5e7f9sBE6wQBg5qxPodP/kE+70xOlNcCRoV2NexoO8ldDWsm6Sb8s
nB5Paa3cvjC76NZL8E9lGkaPYICJIzN2LtDsgYtYzNnpL4hJ9lHBjeYFr8PGgkQO
7gnVSCGJvDfo9Ov+mmq94aS8eIfMSkyy58zGU4qifbiNF8vBDYhB03H+sdmEDhGx
WH+oWp5LWOgIytW/ZKRuALU75omyeBhVz+nVxziXl1cQR1cahG3fGpaEZDs3SW2t
GDnL2T/z0ED+HVh86yId2+pFimkWlmMiQqqSOK0ABRG0IUFuYXMgTi4gTW91c2Eg
PGFtb3VzYUBtZWRjb3IuY29tPokBFQMFEFTnk1SWYyJCqpI4rQEBZJwH/i+HfaZk
dnhPFNVZu/Noy6z1EMHylQSGODMBWZskPOGmhfnzQT9Ex9qbPfpdD9XTMEYRiR2j
iqkMpZOHlnVuk9dxCFM0q+QvZ6AYFo8OVQSiO4FbQ4evD/qBp4IxiSgKV0+20e4y
XKZbdiIue8wXjzXEv/DB8wmNZLL114gwYrmYPPdBtvqyKuTNjubu3jFX6WYrC4F7
Yi713XwnjS810YIeVo00dUOEnyBzDhLaRDLuWB4cQw3dpD7iRf0xz4yIWsCjRFj1
p7ZDpjfSVi6rDWBWgb2Vlh0jcY3wXuE5EZAAgPzBAmHWFxmegDfeIkpN243BWjrf
w3cqJLJvkMxU4DE=
=ds/P
-----END PGP PUBLIC KEY BLOCK-----
When I tried to pass the public and private keys to my RSACryptoServiceProvider object, I found out that these keys are in a form that is not available for .NET to deal with them; .NET deals with XML Public and Private Keys only. I searched through the internet and found out that the keys in this format are a result of converting the original text using Base64, so I tried converting them back to normal texts instead of Base64 texts so I can -hopefully- import them to my object, but I got a FormatException saying: invalid char in a Base-64 string. What am I doing wrong? and how exactly can I make my files work as the Public and Private Keys for my RSA object?
Thank you.
Related
I am trying to convert my private key to uint8Array format. But I am getting "bad secret key size" error. Why? Here is my code:
const secretKey = bs58.decode("BxAN...RGM"); // secretKey: Uint8Array(32)
console.log(Web3.Keypair.fromSecretKey(secretKey));
It is a devnet phantom wallet address. I tried with different keys, but it still does not work.
I was incorrectly passing the public key as an argument instead of private key. The correct syntax is:
Web3.Keypair.fromSecretKey(secretKey);
Which caused Error: bad secret key size. You should pass the private key(in uint8Array format), not the public key.
I'm using IdentiyServer4 to generate tokens, I'm using the AddDeveloperSigningCredential() method to generate my RSA key with a KeyId.
But, in production, I'm using AddSigningCredential(CreateSigningCredential()), to generate a key like this :
private SigningCredentials CreateSigningCredential()
{
var signinkey = new RsaSecurityKey(RSA.Create());
signinkey.KeyId = "abcdefghijklmnopqrstuvwxyz";//How to generate KeyId ??
var credentials = new SigningCredentials(signinkey,
SecurityAlgorithms.RsaSha256);
return credentials;
}
How can I generate a KeyId? Can I set it to any arbitrary value?
You don't need to set the keyId and also creating the RSA key youself in code, sounds like bad practice. Then you can just as well use the AddDeveloperSigningCredential method.
You can actually look at the source for that method here to see how they do it in code:
https://github.com/DuendeSoftware/IdentityServer/blob/main/src/IdentityServer/Configuration/DependencyInjection/BuilderExtensions/Crypto.cs
But, in production you should generate the key externally and pass it in to IdentityServer, so the key is the same across redeployment/restarts. Otherwise previously issued tokens will not be valid anymore.
You can for example store the key in Azure Key Vault, or using some other configuration/secret system. Or in a database or as a file somewhere.
If you want to create one manually, using OpenSSL, then you can write
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -aes256 -out rsa-private-key.pem
I am trying to demystify how CSR is generated, and role of the public and private key.
Server1:
Generate a public and private key
Now, I want CSR and for that, I will go to a CA for signing.
For creating a CSR request, is it based on server's public key or private key?
I referred to this SO question; in there, it says the server (which is requesting for CSR) itself signs CSR by its private key, before sending it to CA.
I am bit confused, have the following questions:
The end product (the signed certificate by CA): Does it contain server's private key or public key? I understand that the end product should contain the public key of the server requesting CSR.
While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?
Is server's public key part of CSR?
Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?
The end product (the signed certificate by CA): Does it contain server's private key or public key?
The certificate is a public document. It therefore can only contain the public key. If it contained the private key, then that key wouldn't be private any more.
While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?
Yes, it is generally correct. This concept is called Proof of Possession (PoPo) and it used to prove to the CA that you (or the server in this case) have the private key corresponding to the public key which will be signed by the CA (or at least had it at the time just before the CA signed your certificate). If the CA didn't insist on PoPo then you could repudiate any signed future message as follows:
You have your public key signed by the CA to create your certificate. At the time, you sign your request with your private key as you should. Everything is good.
I come along and copy your public key from your certificate. I now present that to the CA as a CSR but without PoPo. The CA signs it and sends me a certificate, which now contains my name and your public key.
At some point, you send a digitally signed (with your private key) message to a third party, say your bank, asking them to donate $1000 to Stack Overflow.
You later decide that the $1000 would be better spent on a vacation, so you dispute the signed message to your bank.
The bank says But you digitally signed the message to authenticate it!!
As you know the CA signs certificates without PoPo, you simply have to say that I must have sent the message instead, using your private key which I've now destroyed in an attempt to hide the evidence.
The bank cannot prove that (6) isn't true as they didn't check I had possession of the private key corresponding to the public key in my request, and therefore your statement of it wasn't me cannot be rejected - the bank has to reimburse you.
If the bank insisted on PoPo when I submitted your public key to the CA, my request would have failed and you could not repudiate your message later. But once a CA signs a request without PoPo - all bets are off for non-repudiation.
Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?
There is no derivation to do - your server's public key is in the request in a construct called a CertificateRequestInfo.
This CertificateRequestInfo contains your (or server's) name and the public key. It can also contain other elements such as requested extensions. The CA takes whatever information it requires from this CertificateRequestInfo (only the public key is mandatory) and uses the info to generate a construct called a tbsCertificate (the 'tbs' stands for To Be Signed). This construct contains your name, your public key and whatever extensions the CA deems fit. It then signs this tbsCertificate to create your certificate.
Currently we use Kleopatra to Sign and Encrypt files sent to a third party. We sign with our private key and encrypt with our public key and the third party's public key...
Using gpg by itself, do I make multiple calls adding each piece as i go? i.e.:
gpg.BinaryPath = (path to GnuPG)
gpg.Recipient = myUserID
gpg.Passphrase = myPassword
gpg.Sign( origfile, signedfile )
gpg.Encrypt( signedFile, signedAndEncryptedFile )
gpg.Recipient = thirdPartyUserID
gpg.Encrypt( signedAndEncryptedFile , thirdPartySignedAndEncryptedFile )
Any help would be appreciated...
I need to encrypt a string like "1111111111" using a public key file (generated using RSA) as this:
-----BEGIN PUBLIC KEY-----
MIXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXo
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXrD0/SN6QTZMhEcDXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXAB
-----END PUBLIC KEY-----
My difficulty is obtain an RSAParameters object starting from the public key file.
I read many questions about this topic but I'm new in cryptography.
Can you provide me an example?
Tell me if you need additional information!