7.7. Disentangling the Public and Private Keys in OpenSSL
Problem
You are using OpenSSL
and have a filled RSA
object. You wish to remove
the private parts of the key, leaving only the public key, so that
you can serialize the data structure and send it off to a party who
should not have the private information.
Solution
Remove all elements of the structure except for n
and e
.
Discussion
OpenSSL lumps the private key and the public key into a single
RSA
structure. They do this because the
information in the public key is useful to anyone with the private
key. If an entity needs only the public key, you’re
supposed to clear out the rest of the
data.
#include <openssl/rsa.h> void remove_private_key(RSA *r) { r->d = r->p = r->q = r->dmp1 = r->dmq1 = r->iqmp = 0; }
Be sure to deallocate the BIGNUM
objects if
you’re erasing the last reference to them.
Any party that has the private key should also hold on to the public key.
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.