Erlang › Erlang Questions

Crypto and public_key usage....

Classic

List

Threaded

6 messages Options

Peter W. Morreale

Crypto and public_key usage....

Hi all,

I'm attempting to use the crypto and public key modules to decrypt an
encrypted response I get in a server.

I found this
http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html

example on the web, however in my case, I already have the public key as
a string.

How do I manipulate the key string to decrypt the msg?

I'm quite confused since the above (and some other) examples I have
found refer to exports (pem_to_der() and decode_private_key()) that are
not documented in the public key online manual.

Thanks,
-PWM

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

Seth Falcon-3

Re: Crypto and public_key usage....

Hi Peter,

On Thu, Apr 14, 2011 at 7:55 AM, Peter W. Morreale <[hidden email]> wrote:
> I'm attempting to use the crypto and public key modules to decrypt
> an encrypted response I get in a server.
>
> I found this
> http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html
>
> example on the web, however in my case, I already have the public key as
> a string.

If your string represents an RSA public key in SubjectPublicKeyInfo
PEM format and you are using the latest Erlang release, I think you
can obtain the key record that you can use in the encrypt/decrpyt
functions in the public_key module as follows:

{ok, RSAPubPem} = file:read_file("rsa_pub.pem"),
PemEntries = public_key:pem_decode(RSAPubPem),
RSAPubKey = public_key:pem_entry_decode(hd(PemEntries)),
% now use RSAPubKey to decrypt/encrypt

You will have a few more hoops to jump through for older versions of
Erlang. Here's one way:

read_rsa_public_key(Key) ->
Bin = erlang:iolist_to_binary(public_key_lines(re:split(Key,
"\n"), [])),
Spki = public_key:der_decode('SubjectPublicKeyInfo',
base64:mime_decode(Bin)),
{_, _, {0, KeyDer}} = Spki,
public_key:der_decode('RSAPublicKey', KeyDer).

public_key_lines([<<"-----BEGIN PUBLIC KEY-----">>|Rest], Acc) ->
public_key_lines(Rest, Acc);
public_key_lines([<<"-----END PUBLIC KEY-----">>|_Rest], Acc) ->
lists:reverse(Acc);
public_key_lines([Line|Rest], Acc) ->
public_key_lines(Rest, [Line|Acc]).

If this isn't what you are looking for, it would be helpful to provide
more detail on the type of key you have and what you want to do with
it.

+ seth

--
Seth Falcon | @sfalcon | http://userprimary.net/
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

Peter W. Morreale

Re: Crypto and public_key usage....

On Thu, 2011-04-14 at 08:49 -0700, Seth Falcon wrote:

> Hi Peter,
>
> On Thu, Apr 14, 2011 at 7:55 AM, Peter W. Morreale <[hidden email]> wrote:
> > I'm attempting to use the crypto and public key modules to decrypt
> > an encrypted response I get in a server.
> >
> > I found this
> > http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html
> >
> > example on the web, however in my case, I already have the public key as
> > a string.
>
> If your string represents an RSA public key in SubjectPublicKeyInfo
> PEM format and you are using the latest Erlang release, I think you
> can obtain the key record that you can use in the encrypt/decrpyt
> functions in the public_key module as follows:
>
> {ok, RSAPubPem} = file:read_file("rsa_pub.pem"),
> PemEntries = public_key:pem_decode(RSAPubPem),
> RSAPubKey = public_key:pem_entry_decode(hd(PemEntries)),
> % now use RSAPubKey to decrypt/encrypt
>

I *think* this is what I need. I'm new to dealing with encryption from
a programmatic sense. Almost as new as I am to Erlang. :-)

I will try and see how far I can get.

This is for decrypting a SAML response obtained from a SAML IdP. I have
the key from the IdP metadata.

Thank you for this insight.

Best,
-PWM

> You will have a few more hoops to jump through for older versions of
> Erlang. Here's one way:
>
> read_rsa_public_key(Key) ->
> Bin = erlang:iolist_to_binary(public_key_lines(re:split(Key,
> "\n"), [])),
> Spki = public_key:der_decode('SubjectPublicKeyInfo',
> base64:mime_decode(Bin)),
> {_, _, {0, KeyDer}} = Spki,
> public_key:der_decode('RSAPublicKey', KeyDer).
>
> public_key_lines([<<"-----BEGIN PUBLIC KEY-----">>|Rest], Acc) ->
> public_key_lines(Rest, Acc);
> public_key_lines([<<"-----END PUBLIC KEY-----">>|_Rest], Acc) ->
> lists:reverse(Acc);
> public_key_lines([Line|Rest], Acc) ->
> public_key_lines(Rest, [Line|Acc]).
>
> If this isn't what you are looking for, it would be helpful to provide
> more detail on the type of key you have and what you want to do with
> it.
>
> + seth
>
>
>

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

Ingela Andin

Re: Crypto and public_key usage....

In reply to this post by Peter W. Morreale

Hi!

The functions pem_to_der and decode_private_key have been deprecated,
they where part of our original API design for the
public_key-application but we then decided that approach would not
work out to make a small general and flexible API so we changed it.
Peter did a good job of explaining how to use the new API, it is
fairly straight forward if you know a little about the public_key
infrastructure. We will strive to make some examples for the user
guide.

Regards Ingela - Erlang/OTP team - Ericsson AB

2011/4/14 Peter W. Morreale <[hidden email]>:

> Hi all,
>
> I'm attempting to use the crypto and public key modules to decrypt an
> encrypted response I get in a server.
>
> I found this
> http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html
>
> example on the web, however in my case, I already have the public key as
> a string.
>
> How do I manipulate the key string to decrypt the msg?
>
> I'm quite confused since the above (and some other) examples I have
> found refer to exports (pem_to_der() and decode_private_key()) that are
> not documented in the public key online manual.
>
> Thanks,
> -PWM
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

Ingela Andin-2

Re: Crypto and public_key usage....

Oh, sorry mixed up names here, it should have been Seth that did the good
job explaining ;)

Regards Ingela

2011/4/15 Ingela Andin <[hidden email]>:

> Hi!
>
> The functions pem_to_der and decode_private_key have been deprecated,
> they where part of our original API design for the
> public_key-application but we then decided that approach would not
> work out to make a small general and flexible API so we changed it.
> Peter did a good job of explaining how to use the new API, it is
> fairly straight forward if you know a little about the public_key
> infrastructure. We will strive to make some examples for the user
> guide.
>
> Regards Ingela - Erlang/OTP team - Ericsson AB
>
>
> 2011/4/14 Peter W. Morreale <[hidden email]>:
>> Hi all,
>>
>> I'm attempting to use the crypto and public key modules to decrypt an
>> encrypted response I get in a server.
>>
>> I found this
>> http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html
>>
>> example on the web, however in my case, I already have the public key as
>> a string.
>>
>> How do I manipulate the key string to decrypt the msg?
>>
>> I'm quite confused since the above (and some other) examples I have
>> found refer to exports (pem_to_der() and decode_private_key()) that are
>> not documented in the public key online manual.
>>
>> Thanks,
>> -PWM
>>
>> _______________________________________________
>> erlang-questions mailing list
>> [hidden email]
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

Peter W. Morreale

Re: Crypto and public_key usage....

In reply to this post by Ingela Andin

On Fri, 2011-04-15 at 09:35 +0200, Ingela Andin wrote:

Hi Ingela,

Adding examples for the user guide(s) would be most welcome. As an
experienced programmer very new to Erlang, seeing example code is
crucial to the learning process.

This is especially true when programming objectives span multiple Erlang
modules of code. It can be near impossible to decipher reference-only
documentation for dependencies between parts of any system.

This work would be most welcome indeed.

Best Regards,
-PWM

>
> 2011/4/14 Peter W. Morreale <[hidden email]>:
> > Hi all,
> >
> > I'm attempting to use the crypto and public key modules to decrypt an
> > encrypted response I get in a server.
> >
> > I found this
> > http://erlang.2086793.n4.nabble.com/rsa-encryption-decryption-example-code-doesn-t-work-td2114965.html
> >
> > example on the web, however in my case, I already have the public key as
> > a string.
> >
> > How do I manipulate the key string to decrypt the msg?
> >
> > I'm quite confused since the above (and some other) examples I have
> > found refer to exports (pem_to_der() and decode_private_key()) that are
> > not documented in the public key online manual.
> >
> > Thanks,
> > -PWM
> >
> > _______________________________________________
> > erlang-questions mailing list
> > [hidden email]
> > http://erlang.org/mailman/listinfo/erlang-questions
> >

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions