Is there a standard file format for public/private key pairs?
Something similar to x509 for certificates.
Many thanks!
The SSH public key format (also used by their private keys) is fairly standard.
Related
I am playing around with some encryption / blockchain ideas right now that require the use of a public / private key pair. I looked at some of the existing packages and could not find one. https://gitlab.com/braneproject/ECC.jl provides much of the desired functionality but lacks the ability to create a public key.
Any idea how I would go about doing this? In Python, I would use from ecdsa import SigningKey to get this functionality. I also looked at https://github.com/JuliaCrypto/OpenSSH.jl but it seems focused on documenter.
The library you mention depends on OpenSSH being installed on your system, and if it is, you can do the following in the REPL. Hit the ';' key and you can enter ssh-keygen at the prompt, as in:
shell> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (users/yourname/.ssh/id_rsa):
Using Bouncy Castle to encrypt a file, I am having trouble generating the private/public keys. The public key needs to be in the OpenSSH or RFC4716 format the problem is when I use ssh-keygen to create the keys they cannot be used to encrypt the file. Why is this? I even used ssh-keygen to export the keys into the RFC4716 format and still i was unable to use it to encrypt the file.
As Robert commented, these formats are not compatible. For PGP file encryption I will use the normally generated keys. Thanks again Robert.
I am working on a C# app that encrypts/decrypts messages using PGP implemented by the Bouncy Castle (BC) library. I know PKI but the secret key in PGP throws me off a bit. I looked at the BC examples/source code and the PGP RFC but came away with more questions.
Is Secretkey == Session key?
Is Secretkey == Symmetric key?
Is Secretkey == private key (pub/priv key pairs)? At least the following seems to suggest that the secret key is a private key.
internal static PgpPrivateKey FindSecretKey(PgpSecretKeyRingBundle pgpSec, long keyID, char[] pass)
The RFC says the secretkey contains, among others, information about the publickey or may be the public key itself (at least that's my reading).
Also, somewhere I read the Secretkey is basically a password encrypted privatekey.
When/why would I need a secret key in the PGP protocol? Signing or encrypting?
Thanks
Quoting RFC 4880, OpenPGP, 5.5.1.3. Secret-Key Packet:
A Secret-Key packet contains all the information that is found in a
Public-Key packet, including the public-key material, but also
includes the secret-key material after all the public-key fields.
and 11.2. Transferable Secret Keys:
[...] The format of a transferable
secret key is the same as a transferable public key except that
secret-key and secret-subkey packets are used instead of the public
key and public-subkey packets. Implementations SHOULD include self-
signatures on any user IDs and subkeys, [...]
With other words, the secret key contains the public/private key pair (eg., RSA), but should also contain user IDs and self-signatures. 12.1. Key Structures gives more details on how exported keys are constructed. A helpful tool for understanding the composition of OpenPGP packets are gpg --list-packets [file] or pgpdump [file], which dump the packet structure of their input.
In this case the secret key is a private key. The private key can be used for signing or decryption. Encryption and verification is performed using the public key of the other party. A secret key is nowadays mostly thought of to be a symmetric key, but it can also mean private, especially in older protocols.
There is a lot of this kind of confusion in cryptography, the best thing to do is to look at the context. For instance, if there is a public key, the key cannot be symmetric.
I have old p12 certificate. Can I know what encrypted algorithm used: RSA-1024 or RSA-2048?
PKCS#12 is not a certificate and the key size is not an algorithm. The key within the X5.09 certificate in the PKCS#12 has a public modulus though, and the size of the modulus is equal to the key size. If you use an online decoder, don't give it the entire PKCS#12 key store as it probably includes your private key.
You can check it using one of the cert decoders online such as https://certlogik.com/decoder/
Suppose I would like to encrypt a file with my private key for whatever reason so that only people with my public key can have access to the file. How would I do this?
gpg --sign --armor file
does not work because if you omit the --armor and use
gpg --sign --compress-level 0 file
the plaintext appears in the file.gpg.
gpg --encrypt file
will also not work because that uses public keys. Does anybody know how to do this?
You unfortunately have got some fundamental misconceptions about the cryptography you want use. By definition if you want to asymmetrically encrypt some data you need to use the public key and the encrypted data can only be decrypted with the private key.
If you want to encrypt a message so that only a certain group of people can access it you can asymmetrically encrypt it with all the public keys of each individual in the group or encrypt it symmetrically with a random key and share that key with each individual in the group.
You can encrypt your file symmetrically using your public key, so that everybody with access to your public key can decrypt your file.