I have a requirement where I need to do Encryption of my Private Key using Public Key(provided by third party) with RSA/ECB/PKCS1 Encryption
The Public Key is already Padded.
I am generating the private key using cl_sec_sxml_writer=>generate_key( cl_sec_sxml_writer=>co_aes256_algorithm_pem ). Is this the correct way to generate a new key or we can have any random string as a private key?
This private key will be used to encrypt a data string using AES/ECB/PKCS7 padding encryption and then convert to BASE64 and send it via API call. For AES/ECB/PKCS7 padding, I am using the classes provided by following https://github.com/Sumu-Ning/AES. pfb implementation below:
CALL METHOD zcl_aes_utility=>encrypt_xstring
EXPORTING
i_key = lv_xstr
i_data = lv_pwd_xstr
* i_initialization_vector =
i_padding_standard = zcl_byte_padding_utility=>MC_PADDING_STANDARD_PKCS_7
i_encryption_mode = zcl_aes_utility=>mc_encryption_mode_ecb
IMPORTING
e_data = lv_encrypt
My query is , how do I encrypt the private key using public key and RSA/ECB/PKCS1 Encryption.
The public key is of length 399 chars and something like this
DfP4hVgyXMSNWJFWakwo44p1PMyRKSmFG+UGq
I have checked other blogs that asks to use standard fm SSF_KRN_ENVELOPE but I am not able to understand how to use it.
Please help. Let me know in case of any further details required.
Related
After goin through an article on how to use node-rsa Public and Private keys for encrypting/decrypting data, although I was able to successfully follow the implementation.
But, there was a dilema regarding how to manage the Private key which is used for decryption.
Most online suggestions mentioned that we should not push Private key to GitHub repos.
How do I add this Private key as a GitHub secret or Environment variable, so that I can use it inside GitHub Actions CI?
Even if I try to use Environment variable in GitHub, I can only specify a key value pair.
But my Private key looks something like this:
const NodeRSA = require('node-rsa')
const key = new NodeRSA()
const privatePem = '---BEGIN RSA PRIVATE KEY---abcD...vbGa---END RSA PRIVATE KEY---'
key.importKey(privatePem, 'pkcs1-pem')
I use the Private key to decrypt data in the following way:
const encryptedData = "abAxksl8jl..."
const decryptedData = key.decrypt(encryptedData, 'utf8')
console.log(decryptedData)
Any help or suggestion would be highly appreciated. Thanks!
How can I find user public address from his private key ?
Already I found a way to convert public to hex Address also private to hex and reverse
but get stuck in this one !
Using TronWeb, you can call this function:
const address = tronWeb.address.fromPrivateKey(newAccount.privateKey);
That code comes from one of TronWeb's tests
for bitcoin you need use this package to find public key => dart_wif
print('hex :::::: ${HEX.encode(index.privateKey!)}');
WIF decoded = WIF(version: 128, privateKey: index.privateKey!, compressed: true);
String key = wif.encode(decoded);
print(key);
If you are using python, the official tronpy document doesn't mentioned this. However, you can find the answer by yourself.
Open ipython from terminal, create a key object from a random key, input the key variable name and press tab twice, you will see all the attributes and functions of the object.
import tronpy
my_random_key = tronpy.keys.PrivateKey.random()
my_key = tronpy.keys.PrivateKey.fromhex(my_random_key)
my_key.public_key.to_base58check_address()
When I create a public/private key using the following code :
// Create the CspParameters object and set the key container
// name used to store the RSA key pair.
CspParameters cp = new CspParameters();
cp.KeyContainerName = ContainerName;
// Create a new instance of RSACryptoServiceProvider that accesses
// the key container MyKeyContainerName.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);
If I then call
rsa.Encrypt (....
OR
rsa.Decrypt(..
how do I know which key is being used. Whether the public or private key is used in each case is dependent on the application. How can I determine which is being used ?
Encrypt is done with the public key, and decrypt is done with the private key .. thus only the holder of the private key can decrypt.
You are not meant to decrypt using a public key, and thus the interface don't provide you with a way to do this.
Signatures utilizes encrypting using the private key, and decryption using the public key + some one way hash logic, but in this case the interface only allows this using specific signature methods (SignData(..) & VerifyData(..)).
I am quite new to using PKCS#11 library so maybe someone with more experience can clear things up.
I want to do the following:
upload to HSM existing RSA public key (which was generated on PC)
and later use this uploaded key to wrap symmetric key that was generated on HSM.
I know how to generate symmetric key, but how to upload existing RSA public key?
Is this even possible using PKCS#11 library?
There seems to be similar question at Wrap a secret key with a public key using PKCS#11 but it uses RSA key pair that is generated on HSM. I need to upload RSA public key to HSM myself.
We can use C_CreateObject function of PKCS#11 to import a public key to HSM.
This can be found from
RSA PKCS#11
Functions -> Object Management Functions -> C_CreateObject
There is also an example of load public key. But it requires the support of token to load the public key from cryptoki library.
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hKey;
CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
CK_KEY_TYPE keyType = CKK_RSA;
CK_BYTE modulus[] = {... };
CK_BYTE exponent[] = {... };
CK_ATTRIBUTE keyTemplate[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass)}
,
{CKA_KEY_TYPE, &keyType, sizeof(keyType)}
,
{CKA_WRAP, &true, sizeof(true)}
,
{CKA_MODULUS, modulus, sizeof(modulus)}
,
{CKA_PUBLIC_EXPONENT, exponent, sizeof(exponent)}
};
CK_RV rv;
/* Create an RSA public key object */
rv = C_CreateObject(hSession, &keyTemplate, 5, &hKey);
if (rv == CKR_OK) {
.
.
}
I am trying to wrap a generated symmetric key using the public key which i want to extract it from the Public Certificate(.der / .cer ) when i am passing the public key for wrapping the symmetric key i am getting an "java.security.InvalidKeyException" exception "Only keys that exist in 'RAW' format are supported"
When i am loading the public certificate using file input stream as
publicCertificate = new X509Certificate(new FileInputStream("src/resources/mydomain.com.der"));
for extracting the publicKey i am using this getPublicKey(); method
publicKey = publicCertificate.getPublicKey();
I am such exception when i extracted the public key and it is in the X.509 format which i need to convert it into RAW format.
Can anyone please help me out here.
Thanks in Advance.