Type of information this allows you to use:

Describes the type and format of key information you can use with the key info type.

Format of info returned by B_GetKeyInfo:

Describes the exact format that B_GetKeyInfo returns for the key value. This is generally a “cleaned up” version of the format supplied to B_SetKeyInfo. For example, B_GetKeyInfo with KI_DES8 returns the DES key with the DES key parity set.

Purpose:

Describes the KI, what it is for, and what it does.

KI_PKCS_RSAPrivate

Purpose:

This KI allows you to specify a private key of the RSA algorithm as defined in PKCS #1. The information consists of the modulus, exponents, two primes and the Chinese Remainder Theorem information that are explained below. See KI_PKCS_RSAPrivateBER for the same key info type with BER encoding.

Type of information this allows you to use:

an RSA private key where all the integers are specified as in PKCS #1: modulus, public and private exponents, and Chinese Remainder Theorem information. Note that KI_RSA_CRT can be used for a private key that has the modulus and Chinese Remainder Theorem information but no public or private exponent.

Format of info supplied to B_SetKeyInfo:

pointer to an A_PKCS_RSA_PRIVATE_KEY structure:

typedef struct {

 

ITEM modulus;

/* modulus */

ITEM publicExponent;

/* exponent for public key */

ITEM privateExponent;

/* exponent for private key */

ITEM prime[2];

/* prime factors */

ITEM primeExponent[2];

/* exponents for prime factors */

ITEM coefficient;

/* CRT coefficient */

}A_PKCS_RSA_PRIVATE_KEY;

Each ITEM supplies an integer in canonical format, where the ITEM’s data points to an unsigned byte array, most significant byte first and the ITEM’s len gives its length. All leading zeros are stripped from each integer before it is copied to the key object.

Format of info returned by B_GetKeyInfo:

pointer to an A_PKCS_RSA_PRIVATE_KEY structure (see above). All leading zeros have been stripped from each integer in the structure.

Can get this info type if key object already has:

KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER or KI_RSA_CRT.

Format of info supplied to B_SetKeyInfo:

Describes the exact format for supplying the key value to B_SetKeyInfo.

Can get this info type if key object already has:

Most keys have multiple representations for the key information. For example, you can specify an 8-byte RC2 key with KI_8Byte or KI_Item. This describes what type of key information a key object must already have if you want to call B_GetKeyInfo using this key info type.

Figure 3-1Sample Key Info Type

2 4 6

R S A B S A F E C r y p t o - C L i b r a r y R e f e r e n c e M a n u a l

Page 255 Page 257
Page 256
Image 256
RSA Security 5 manual 1Sample Key Info Type
Page 255 Page 257
Top Page Image Contents