CS 231: Computer Security

Create a private key with 2048-bit modulus (n) like this. See below for information about the PEM file format.

openssl genrsa -out private.pem 2048

Create a public key file from the private key you made above.

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Let's say you have a message in plaintext.txt. You can encrypt it using your public key from above like so:

openssl rsautl -encrypt -pubin -inkey public.pem < plaintext.txt > ciphertext.txt

Decrypt your ciphertext from above using your private key like so:

openssl rsautl -decrypt -inkey private.pem < ciphertext.txt

Extract the information stored in public.pem:

openssl rsa -pubin -inform PEM -text -noout < public.pem

Extract the information stored in private.pem:

openssl rsa -inform PEM -text -noout < private.pem

What are those extra items stored in private.pem?

Take a look at the public and private key files:

cat private.pem

cat public.pem

These files are in a format known as privacy-enhanced electronic email form. They consist of:

• a header (e.g. "-----BEGIN CERTIFICATE-----" or "-----BEGIN RSA PRIVATE KEY-----")
• binary data represented in base64 form
• a footer (e.g. "-----END CERTIFICATE-----" or "-----END RSA PRIVATE KEY-----")

Extract the DER data from public.pem:

openssl rsa -outform der -in public.pem -pubin -inform PEM -out public.der

(Question: could you pull off the same conversion using Python?)

...[not done yet]...

1. Copy the body of the cs231_rsa_private.pem file (the base64 lines between the header and footer lines) into the input box here: http://holtstrom.com/michael/tools/asn1decoder.php. Select "BASE64/PEM to ASN.1" from the drop-down list, and hit Convert. Compare the output to the "RSAPrivateKey" record shown here, and also to the output you got from the "Remain calm" question above. Can you see the integers?
2. Now that you have a convenient hex version of n, p, q, e, and d, use a quick Python program (or just the python >>> interactive interface) to verify that this n = p*q and e*d mod (p-1)*(q-1) = 1. Those are the properties that make RSA encryption and decryption work.
3. Great, but what magic was going on in the conversion from the PEM file to ASN.1? Step one, let's look at the bytes that are represented by your base64. So go select and copy the body of your private key file (the usual Command-C operation in whatever program you're using to look at your .pem file). Then do this: "pbpaste | base64 -D > cs231_rsa_private.der". You can take a look at the bytes via "hexdump cs231_rsa_private.der". This file, not suprisingly given the file name I specified, is in DER format. (Do you understand the roles of pbpaste, base64, and hexdump here?)
4. Copy your base64 key body again, and paste it into the input box of this different converter and hit the "decode" button. You'll see the decoded bytes listed on the right. Compare them to your DER file. You'll also see the DER structure of the file illuminated in the upper left of the web page. Hover your mouse over the pieces of data in the upper left, and see how they're reflected in the raw bytes display on the right.
5. Can you figure out the structure of this file by studying the Wikipedia description of the DER format? This requires a careful reading of the file format description. Most of the relevant information is in the "BER encoding" portion of the Wikipedia page.
6. Finally, step back and think at a higher level of abstraction. The RSA private/public key pair involves five essential numbers: (n, p, q, e, d). All but one of these numbers is typically very long--in the hundreds or thousands of bits long. When you store the key pair in a file, then, you need a reproducible and parseable way of storing these large numbers. Talk to your partners to see if you can explain to each other how PEM, base64, and DER are used to create a relatively convenient way to store RSA keys. Practice explaining this to other people, too--it's pretty easy in the RSA context, and you're going to need to understand it when we take a look at the significantly more complex Public Key Infrastructure certificates in a day or two.