Chapter 7 Public-Key Operations 225
MultiPrime
is unique to Crypto-C. If the recipient is not using Crypto-C, how do you give that
recipient the information? Suppose your application mails this key to a certification
authority. What information do you send? The BER-encoding standard defines what
the public key consists of and how that information should be formatted. It is defined
in ASN.1, which defines the Basic Encoding Rules (BER) and Distinguished Encoding
Rules (DER). See “BER/DER Encoding” on page123 for more information.
You must put the key into DER format, encode it into ASCII, and e-mail the encoding.
The recipient will decode the DER string and convert the key information into the
format of their choice.
This sounds difficult, but Crypto-C offers a means of doing it simply. In the previous
example, in order to obtain the key, you used B_GetKeyInfo with KI_RSAPublic.
Chapter 3 of the Reference Manual also lists KI_RSAPublicBER, which states:
Crypto-C returns a pointer to where that information resides, not the information.
Another call to Crypto-C might alter or destroy it. Therefore, once you get the pointer
to the information, copy it into your own buffer:
So, to distribute a key, you generate the key pair, get the key
info
in BER format with
B_GetKeyInfo and KI_RSAPublicBER, encode the BER data into ASCII format, and
Format of info returned by B_GetKeyInfo:
pointer to an ITEM structure which gives the address and length of the DER-
encoding. Note that B_GetKeyInfo returns an encoding which contains the object
identifier for rsaEncryption (defined in PKCS V1) as opposed to rsa.
ITEM *cryptocPublicKeyBER;
ITEM myPublicKeyBER;
myPublicKeyBER.data = NULL_PTR;
if ((status = B_GetKeyInfo
((POINTER *)&cryptocPublicKeyBER, publicKey,
KI_RSAPublicBER)) != 0)
break;
myPublicKeyBER.len = cryptocPublicKeyBER->len;
myPublicKeyBER.data = T_malloc (myPublicKeyBER.len);
if ((status = (myPublicKeyBER.data == NULL_PTR)) != 0)
break;
T_memcpy (myPublicKeyBER.data, cryptocPublicKeyBER->data,
myPublicKeyBER.len);