[Botan-devel] Trying to pass a RSA key from memory to RSA Private

Jack Lloyd lloyd at randombit.net
Fri Jun 11 07:47:01 EDT 2010

On Thu, Jun 10, 2010 at 03:22:18PM -0700, Pete Toich wrote:
> Hi,

> I am working on a project that requires storing a RSA key in secure
> memory provided by the hardware.  Once allocated it behaves like
> regular memory for a code execution standpoint.  I am trying to load
> the botan RSA object with that data without storing it to disk.  I
> know that I can easily use the PKCS8::load_key method to bring the
> key in from a file, but I have an requirement to keep the key in
> secure memory.  I tried the code snippet below, which tries to use a
> DataSource_Memory object but this exceptions with " Exception:
> basic_string::_S_construct NULL not valid".  Am I missing it or is
> there no way to load a key from memory?

You can do this. The problem is this line:

>         std::auto_ptr<PKCS8_PrivateKey> key(PKCS8::load_key(key_data, rng, NULL));

This tries to NULL-construct a std::string, which libstdc++
rejects. So the call to PKCS8::load_key never actually even occurs due
to the exception. Just remove the NULL and you should be fine; the
third param defaults to "" which basically means if the key is
encrypted then the load will fail but otherwise it will work [1].

I haven't run your code but it looks OK besides this.


[1]: Actually if the key is encrypted with an empty passphrase this
would also load it; the PKCS #8 functions were designed early on and
are pretty klunky. :/

More information about the botan-devel mailing list