AsymmetricKeyPair with already owned keys

Question

AsymmetricKeyPair with already owned keys

dima91 opened this issue 4 years ago · comments

Hi,
I need to create an ECIESEncryptionCtx (and an ECIESDecryption context) using already owned encryption keys, so I should create an AsymmetricKeyPair object containing those keys.
How can I do that?

Martin Lang (Garwin) · Answer 1 · Wed Jul 01 2020 17:11:20 GMT+0800 (China Standard Time)

Hi,

sorry I am not sure I understand your question correctly.
Here you can find a simple usage example:
https://github.com/bmwcarit/MoCOCrW/blob/openssl1.1/tests/unit/test_ecies.cpp#L218

If this does not answer your question, please be a bit more precise on what you actually want to do.

Luca · Answer 2 · Wed Jul 01 2020 19:02:30 GMT+0800 (China Standard Time)

I have an openssl EC_KEY structure which contains private key and the associated public key.
How can I generate an AsymmetricKeyPair starting from those structure?
I see the tests of ECIES and Key objects but I didn't found any useful information.

Martin Lang (Garwin) · Answer 3 · Thu Jul 02 2020 00:04:49 GMT+0800 (China Standard Time)

The library allows you to load keys with the AsymmetricKeyPair from PEM files. If you have a different way of loading, you can use the lower-level interface but you need to work around the openssl details on your own.

AsymmetricKeyPair objects can be initialized with a shared_ptr to an EVP_PKEY-openssl data structure. So you need to convert the key you have into such an EVP_PKEY data structure, wrap it into a shared_ptr and use this to initialize the AsymmetricKeyPair. You can use this then to use the ECIES functionality in the library.

Luca · Answer 4 · Thu Jul 02 2020 04:36:15 GMT+0800 (China Standard Time)

I can convert EC_KEY to EVP_PKEY, but how can I wrap it into a shared_ptr using the library?

Luca · Answer 5 · Thu Jul 02 2020 04:49:54 GMT+0800 (China Standard Time)

Sorry, I just solved my problem!
I have another question for you: to decrypt a message I need also the MAC of the message previously encrypted.
If, at the receiver, I cannot obtain that how can I decrypt the message? The protocol I'm using to exchange those messages doesn't support the inclusion of MAC.

Clemens Lang · Answer 6 · Thu Jul 02 2020 14:51:58 GMT+0800 (China Standard Time)

You must determine a serialization and include the MAC in the ciphertext, and then de-serialize to obtain the MAC on the receiver side. This can be as simple as concatenating the MAC with the ciphertext if you already know the expected MAC length.

Not using a MAC is not supported by MoCOCrW, and is a bad idea from a security perspective.

Luca · Answer 7 · Thu Jul 02 2020 18:40:36 GMT+0800 (China Standard Time)

Ok, no problem. I found a solution.

Thank you!