[Botan-devel] Serializing RSA keys

[Jack Lloyd]

On Sun, May 11, 2008 at 06:06:34PM -0700, Berk Hulagu wrote:
> Hi! 
> 
> I would like to send my public RSA key over the network.
> 
> I create the keys as follows
> 
>    RSA_PrivateKeypriv_rsa(1024);
>    RSA_PublicKey pub_rsa(priv_rsa);
> 
> I want to send these keys over the network (using Raknet library) I
> can create a RSA_PublicKey from 2 BigInt objects. But, what is the
> right way to serialize a BigInt object?

In a lot of ways these are two different questions. The best way by
far to serialize an RSA public key is to encode it as an X.509
subjectPublicKeyInfo, using code like:

RSA_PublicKey pub_key(/*whatever*/);

std::string encoded = X509::PEM_encode(pub_key);

/* send encoded over network, save to file, whatever */

std::string key_str = /* read from network */
Public_Key* pub_key = load_key(key_str);
// Can now dynamic_cast to RSA_PublicKey, etc

There is nothing intrinsically about subjectPublicKeyInfo that is
particularly great, except: because it is a standard format, it's
supported out of the box by not just Botan but also OpenSSL, Java's
JCE, C#'s crypto framework, and many other tools/libraries/protocols.

You can also serialize the private keys (with or without encryption)
using pretty similar code (this is all documented in the manual under
the section "Importing and Exporting PK Keys").

For just serializing plain integer values, there are various things
ranging from the ASN.1 encoder (not well documented, though there are
many examples of it in the library) or just calling BigInt::encode()
as in,
  SecureVector<byte> v = BigInt::encode(a_bigint);
which just encodes it as a big-endian sequence of bytes.

But for keys and suchlike, I would say use X.509/PKCS#8 unless you
have a compelling reason not to (such as compatability with
preexisting software that uses another format).

-Jack