IBM Crypto Education Community

  • 1.  Looking to import a clear private RSA key

    Posted Fri May 06, 2022 05:33 PM

    I'm looking to import a clear RSA private key.  I'm thinking the hardest part is to use the Token Build.  So how do I get the clear key into a token using this API? 

    Prior to this effort, I've been able to use the Token Build prior to generating my own RSA key pair.  But this is different.

    It makes sense to me that I provide a template key value structure and the RSA private key in DER format and make an API call.  But that is not what I'm seeing in the Token Build API.

    The only area I think I can do the actual build, is through the key value structure.  I'm just not sure how to get the data out of my clear RSA key into the KVS and build the required structure.

    Is the right way to go about this?  Or should I build a template here and then use the Import function to merge the clear key with the new token?  I could use some help with getting me going in the right direction to get this accomplished.

    Any help or insight to allow me to make some progress would be appreciated.

    Thanks,
    Mark

    ------------------------------
    Mark Vollmer
    ------------------------------


  • 2.  RE: Looking to import a clear private RSA key

    Posted Mon May 09, 2022 08:13 AM
    You're definitely on the right track as far as building the key value structure and supplying that to CSNDPKB to build the clear key token. Without knowing more about the RSA key you want to import, it's difficult to provide specific guidance (e.g. CRT vs ME form), but if you look at the description of CSNDPKB in the ICSF Application Programmer's Guide, it gives descriptions for the KVS for the various different kinds of private keys. You need to know the lengths and offsets for the RSA key parts in the clear key you are trying to import to build the KVS.

    ------------------------------
    Bob Petti
    ------------------------------



  • 3.  RE: Looking to import a clear private RSA key

    Posted Tue May 10, 2022 10:57 AM
    Bob,

    Thanks very much.  It seems I now need to figure out how to parse the private key that I have in PEM form.  I can convert to DER and figure out the ASN1 parsing data.

    I may be back with some follow up questions.  I appreciate the help.

    -Mark

    ------------------------------
    Mark Vollmer
    ------------------------------



  • 4.  RE: Looking to import a clear private RSA key

    Posted Tue May 10, 2022 12:59 PM
    I've parsed my private key, and I'm left with a question that I hope someone can confirm.  (2048 bit key, CRT).

    The spec for the RSA private key has fields version, modulus, pub exponent, priv exponent, prime 1, prime 2, exponent 1, exponent 2, coefficient, otherPrimeInfos.

    My parse of my key might have a second modulus field where the priv exponent field is noted in the ordered list above. 

    Is that 257 byte field with a low value prefix a modulus field or would the priv exponent field be 257 bytes in length like the modulus field?

    I believe that the ICSF KVS UUU field is the coefficient field.   True?

    The KVS does not need the otherPrimeInfos data field.  True?

    Feedback would be very much appreciated.

    Thanks,
    Mark

    ------------------------------
    Mark Vollmer
    ------------------------------



  • 5.  RE: Looking to import a clear private RSA key

    Posted Tue May 10, 2022 05:25 PM
    I have a zero return code on my ICSF calls and a new record in my PKDS file.   Hopefully that means I've been successful.

    I appreciate the help very much.

    Sincerely,
    Mark


    ------------------------------
    Mark Vollmer
    ------------------------------