Search code examples
c++encryptionopensslcertificatersa

RSA public encryption using public key from X509 certificate c++

The task is to encrypt some message with RSA public key which lies in .crt file - X509 certificate file.

With issue below I succesfully get sertificate information, but can not find any issue how to use public key from x to encrypt message using RSA algorythm.

When I trying to create BIO buffer with key data and to use PEM_read_bio_RSA_PUBKEY function to write key into RSA struct it returns an error "error:0906D06C:PEM routines:PEM_read_bio:no start line" which is clear why appear but not clear how to correctly solve. Are any issue how I can do encryption without creating another buffer and adding manualy lines with "-----BEGIN RSA PUBLIC KEY-----" and "-----END RSA PUBLIC KEY-----"?

Here are my code for this job:

unsigned char message[] = "Hello cryptographic world!";
unsigned char *encrypted_text;

int CyferWithHostKeyPub()
{
    ERR_load_crypto_strings();

    int res_length = 0;

    RSA *public_key;
    X509 *x;
    BIO *fp = BIO_new_file("cert.crt", "r");

    if (!fp)
    {
        printf("\nCan't open file.\n");
        return -1;
    }

    x = PEM_read_bio_X509(fp, 0, 0, NULL);

    if (!x) {
        printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
        return 1;
    }

    BIO *membuf = BIO_new_mem_buf((void*)x->cert_info->key->public_key->data, x->cert_info->key->public_key->length);

    public_key = PEM_read_bio_RSA_PUBKEY(membuf, &public_key, NULL, NULL);
    if (!public_key) {
        printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
        return 1;
    }

    int encrypted_length = RSA_size(public_key);
    encrypted_text = new unsigned char[ encrypted_length ];
    RSA_public_encrypt(sizeof(message), message, encrypted_text, public_key, RSA_PKCS1_PADDING);

    RSA_free(public_key);
    X509_free(x);
    BIO_free(membuf);
    BIO_free(fp);

    return encrypted_length;
}

So, how can I do this correctly? Thanks!

Solution

  • Use the X509_get_pubkey() function to obtain a reference to the EVP_PKEY structure contained within the X509 structure. Then you can use EVP_PKEY_get1_RSA() to get a reference to the RSA structure.

    See these man pages for further info:

    https://www.openssl.org/docs/man1.1.1/man3/X509_get_pubkey.html

    https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get1_RSA.html