PKI functions handling RSA keys

PKI.load.key loads an RSA key in PKCS#1/8 PEM or DER format.

PKI.save.key creates a PEM or DER representation of a RSA key.

PKI.genRSAkey generates RSA public/private key pair.

PKI.mkRSApubkey creates a RSA public key with the supplied modulus and exponent.

PKI.load.OpenSSH.pubkey loads public key in OpenSSH format (as used in .ssh/authorized_keys file)

PKI.load.key(what, format = c("PEM", "DER"), private, file, password="")
PKI.save.key(key, format = c("PEM", "DER"), private, target)
PKI.genRSAkey(bits = 2048L)
PKI.mkRSApubkey(modulus, exponent=65537L, format = c("DER", "PEM", "key"))
PKI.load.OpenSSH.pubkey(what, first=TRUE, format = c("DER", "PEM", "key"))

Arguments

what

string, raw vector or connection to load the key from

key

RSA key object

format

format - PEM is ASCII (essentially base64-encoded DER with header/footer), DER is binary and key means an acutal key object

private

logical, whether to use the private key (TRUE), public key (FALSE) or whichever is available (NA or missing).

file

filename to load the key from - what and file are mutually exclusive

password

string, used only if what is an encrypted private key as the password to decrypt the key

target

optional connection or a file name to store the result in. If missing, the result is just returned form the function as either a character vector (PEM) or a raw vector (DER).

bits

size of the generated key in bits. Must be 2 ^ n with integer n > 8.

modulus

modulus either as a raw vector (see as.BIGNUMint) or bigz object (from gmp package) or an integer.

exponent

exponent either as a raw vector (see as.BIGNUMint) or bigz object (from gmp package) or an integer.

first

logical, if TRUE only the first key will be used, otherwise the result is a list of keys.

Value

PKI.load.key: private or public key object

PKI.save.key: raw vector (DER format) or character vector (PEM format).

PKI.genRSAkey: private + public key object

PKI.mkRSApubkey, PKI.load.OpenSSH.pubkey: raw vector (DER format) or character vector (PEM format) or a "public.key"

object.

Author

Simon Urbanek

Note

The output format for private keys in PEM is PKCS#1, but for public keys it is X.509 SubjectPublicKeyInfo (certificate public key). This is consistent with OpenSSL RSA command line tool which uses the same convention.

PKI.load.key can auto-detect the contained format based on the header if `PEM` format is used. In that case it supports PKCS#1 (naked RSA key), PKCS#8 (wrapped key with identifier - for public keys X.509 SubjectPublicKeyInfo) and encrypted private key in PKCS#8 (password must be passed to decrypt). `DER` format provides no way to define the type so `private` cannot be `NA` and only the default format (PKCS#1 for private keys and X.509 SubjectPublicKeyInfo for public keys) is supported.

The OpenSSH format is one line beginning with "ssh-rsa ". SSH2 PEM public keys (rfc4716) are supported in PKI.load.key and the binary payload is the same as the OpenSSH, only with different wrapping.

See also

PKI.encrypt, PKI.decrypt, PKI.pubkey

Examples

# generate 2048-bit RSA key
key <- PKI.genRSAkey(bits = 2048L)

# extract private and public parts as PEM
priv.pem <- PKI.save.key(key)
pub.pem <- PKI.save.key(key, private=FALSE)
# load back the public key separately
pub.k <- PKI.load.key(pub.pem)

# encrypt with the public key
x <- PKI.encrypt(charToRaw("Hello, world!"), pub.k)
# decrypt with private key
rawToChar(PKI.decrypt(x, key))
#> [1] "Hello, world!"

# compute SHA1 hash (fingerprint) of the public key
PKI.digest(PKI.save.key(key, "DER", private=FALSE))
#>  [1] c8 80 4d 3d 37 46 53 bc 4c 93 dc ee 15 5d ca 32 e5 77 bb 0d

# convert OpenSSH public key to PEM format
# (the example is split into multiple lines just
#  so it is readable in the documentation, in reality you can
#  simply use the full line from is_rsa.pub without gsub)
PKI.load.OpenSSH.pubkey(gsub("\n","",
  "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuvOXqfZ3pJeWeqyQOIXZwmg
M1RBqPUmVx3XgntpA+YtOZjKfuoJSpg3LhBuI/wXx8L2QZXNFibvX4qX2qoYsb
Hvkz2uonA3F7HRhCR/BJURR5nT135znVqALZo328v86HDsVWYR2/JzY1X8GI2R
2iKUMGXF0hVuRphdwLB735CU= foo@mycomputer"), format="PEM")
#> [1] "-----BEGIN PUBLIC KEY-----"                                      
#> [2] "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC685ep9nekl5Z6rJA4hdnCaAzV"
#> [3] "EGo9SZXHdeCe2kD5i05mMp+6glKmDcuEG4j/BfHwvZBlc0WJu9fipfaqhixse+TP"
#> [4] "a6icDcXsdGEJH8ElRFHmdPXfnOdWoAtmjfby/zocOxVZhHb8nNjVfwYjZHaIpQwZ"
#> [5] "cXSFW5GmF3AsHvfkJQIBIw=="                                        
#> [6] "-----END PUBLIC KEY-----"