CryptoAPI - how to extract RSA public key from private - rsa

Using windows CryptoAPI, is it possible to get public RSA key from a private key which was imported (not generated)?
If I use CryptGenKey, I can call CryptExportPublicKeyInfo and CryptImportPublicKeyInfo to obtain the public key handle. However, when I try to do the same thing with private key decoded from PEM and imported using:
CryptImportKey(hCSP, pKeyBuf, cbKeyBuf, 0, CRYPT_EXPORTABLE, &hPrivKey)
import of the private key succeeds and I have a valid handle but the subsequent call to CryptExportPublicKeyInfo fails with "Key does not exist" error. It looks like there's another call missing between CryptImportKey and CryptExportPublicKeyInfo, but I can not find that API call.

The problem with exporting/importing the public key was because private key was generated using AT_SIGNATURE, instead of AT_EXCHANGE. See the explanation and the example code

Related

Swift - Signing JWT with private key

I'm trying to do something like https://jwt.io/ does: {header}.{payload}.{privateKey}
I have a header, a payload, and a private key ( ----BEGIN PRIVATE KEY--- CODE ----END PRIVATE KEY---- ).
I know header and payload, we need to encrypt it as base64, like this:
let token = [header.toBase64(), payload.toBase64()].joined(separator: ".")
BUT, what about the private key? How can I generate this last part of this JWT using that BEGIN PRIVATE KEY file/string ?
I want to do that without external libs, can I?

Is my RSA key correctly generated

I use python pycryptodome rto generate my private and public key. This is one example of a public key that I am generating:
(n=0xf56efd1888065abb3ef6e6b1e6e0039ff1fa0b09e1f1ab9869ad933e1f48527c182957f9a767110524c362ac4c460f752d2011ef827ed9680fe58a078f3e8355d9bea6e1285a7a51b3f5022c66f72331a1053fb8a0033b28838026fadfa11da8b0bcb98476ef1c80f53f9814762c1191965733f883ee1d686624123b28140b5b91fcadf33bfe02e196e0f10bdd80cd5babbd6c10179a84d9325424d2b365f7a8274ce6c454b582dba3289c3cea83ae117c5567dba33a1434b9276dc4ab88fbeec68483913fe6c70424aa19165f19d6d7f158eafedbd81046a7bcdd46be0b4ef8f86069a28a98c78e38ff0f413b1cf76aac674f1c04c7b5ff23540f12398c3927, e=0x10001)
I generate it using this piece of code:
keyPair = RSA.generate(bits=2048)
publicKey = f"(n={hex(keyPair.n)}, e={hex(keyPair.e)})"
Somehow, this doesn't look correct to me, because usually, when I create a key using mac os or other method, I have something like
---BEGIN PRIVATE KEY aksdjbvioasv.....(key itself here....) ---END PUBLIC KEY
What am I msising so that my RSA key is generated correctly?
I solved it by doing
pubKey = keyPair.publickey()
pubKeyPEM = pubKey.exportKey()
print("pubKey PEM is:")
print(pubKeyPEM)
Now I get the proper format, that I can now write into a file!

How to get publicKey in RSA_encrypt key-pair generation algorithm in STRING format in flutter

I am currently working on encryption in my flutter app wherein I am using RSA key-pair generator to get public and private key using the following code-
import 'package:rsa_encrypt/rsa_encrypt.dart';
import 'package:pointycastle/api.dart' as crypto;
//Future to hold our KeyPair
Future<crypto.AsymmetricKeyPair> futureKeyPair;
//to store the KeyPair once we get data from our future
crypto.AsymmetricKeyPair keyPair;
Future<crypto.AsymmetricKeyPair<crypto.PublicKey, crypto.PrivateKey>> getKeyPair()
{
var helper = RsaKeyHelper();
return helper.computeRSAKeyPair(helper.getSecureRandom());
}
Now I want to get the keyPair.publicKey in string format but if i print keyPair.publicKey, it shows "Instance of RSA publicKey" . How can I get it in string format??
It is always best to use standardized formats when saving public keys. For RSA public keys you can store them in layers, much like a Matroesjka doll.
Encode the public key in the ASN.1 / DER format specified in the PKCS#1 RSA standard;
Encode that public key in a format called SubjectPublicKeyInfo which is part of the X.509 specifications - it indicates that this is indeed an RSA key;
Apply so called PEM "ASCII armor", which consists of a header & footer line indicating the generic SubjectPublicKeyFormat (just PUBLIC KEY), with a multi-line base 64 encoding of the public key from step 2 in between.
Sounds like a lot of work, but if you look here you'll find handy methods called encodePublicKeyToPem and parsePublicKeyFromPem that do these 3 steps for you (it actually does both 1 and 2 in the same function, which is a bit of a shame but not that important).
These keys are rather portable and are also usable by e.g. OpenSSL or PGP.

Net::SSH2 authenticate using public key

I'm trying to use Net::SSH2 to execute commands on a remote machine. However, I do not know how to authenticate by using a public key. The documentation mentions this method:
auth_publickey ( username, public key, private key [, password ] )
However, it requires both a public key and a private key. Is there anyway that I can authenticate by just using a public key? Thanks!
That makes no sense. "Everyone" has your public key. It can't be used to authenticate you.

Decryption with the public key in iphone

I have a public key and an encrypted string. I could encrypt with the publickey successfully.But when i try to decrypt using the publickey it fails. I mean when i pass the publickey toseckeyDecrypt it fails.
I have Googled and found out that, by default kSecAttrCanDecrypt is false for public keys.So When i import the public key, i have added this particular line ,
[publicKeyAttr setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt];
But there is no improvement it still fails. Please somebody help.
EDIT:
Apple's Certificate,Key and Trust Services Says,
kSecAttrCanEncrypt Default false for private keys, true for public keys.
kSecAttrCanDecrypt Default true for private keys, false for public keys.
Which means, the values can be changed right?. My server does not sign(Convert as a digest) the content. They just encrypt using the private key which is to be decrypted at my(in iphone) end. Is that possible?.
The point of asymmetric cryptography is that you encrypt with the public key and decrypt with the private key.
EDIT: If you're signing and verifying, you should use the associated APIs. For example, you can check this capability with kSecAttrCanSign and kSecAttrCanVerify.