In order to generate an RSA key, an EVP_PKEY
must first be allocated with EVP_PKEY_new
:
EVP_PKEY *pkey;
pkey = EVP_PKEY_new();
An exponent for the key is also needed, which will require allocating a BIGNUM
with BN_new
and then assigning with BN_set_word
:
BIGNUM *bn;
bn = BN_new();
BN_set_word(bn, RSA_F4);
To generate the key, create a new RSA
with RSA_new
and call RSA_generate_key_ex
:
RSA *rsa;
rsa = RSA_new();
RSA_generate_key_ex(
rsa, /* pointer to the RSA structure */
2048, /* number of bits for the key - 2048 is a good value */
bn, /* exponent allocated earlier */
NULL, /* callback - can be NULL if progress isn't needed */
);
To assign the newly generated key to the EVP_PKEY
structure, call EVP_PKEY_assign_RSA
:
EVP_PKEY_assign_RSA(pkey, rsa);
The RSA
structure will be automatically freed when the EVP_PKEY
structure is freed. This is done with EVP_PKEY_free
:
EVP_PKEY_free(pkey);
An EVP_PKEY
can be saved directly to disk in a several formats. PEM_write_PrivateKey
is used to save EVP_PKEY
in a PEM format:
FILE *f;
f = fopen("key.pem", "wb");
PEM_write_PrivateKey(
f, /* use the FILE* that was opened */
pkey, /* EVP_PKEY structure */
EVP_des_ede3_cbc(), /* default cipher for encrypting the key on disk */
"replace_me", /* passphrase required for decrypting the key on disk */
10, /* length of the passphrase string */
NULL, /* callback for requesting a password */
NULL /* data to pass to the callback */
);
To save a private key to a BIO
, use PEM_write_bio_PrivateKey
:
BIO *bio;
bio = BIO_new(BIO_s_mem());
PEM_write_bio_PrivateKey(
bio, /* BIO to write the private key to */
pkey, /* EVP_PKEY structure */
EVP_des_ede3_cbc(), /* default cipher for encrypting the key on disk */
"replace_me", /* passphrase required for decrypting the key on disk */
10, /* length of the passphrase string */
NULL, /* callback for requesting a password */
NULL /* data to pass to the callback */
);
To load a private key directly from disk, use the PEM_read_PrivateKey
function:
FILE *f;
EVP_PKEY *pkey;
f = fopen("key.pem", "rb");
PEM_read_PrivateKey(
f, /* use the FILE* that was opened */
&pkey, /* pointer to EVP_PKEY structure */
NULL, /* password callback - can be NULL */
NULL /* parameter passed to callback or password if callback is NULL */
);
To load a private key from a BIO
, use PEM_read_bio_PrivateKey
:
BIO *bio;
bio = BIO_new_mem_buf((void *)input, input_len);
PEM_read_bio_PrivateKey(
bio, /* BIO to read the private key from */
&pkey, /* pointer to EVP_PKEY structure */
NULL, /* password callback - can be NULL */
NULL /* parameter passed to callback or password if callback is NULL */
);