7.7. Disentangling the Public and Private Keys in OpenSSL

Problem

You are using OpenSSL and have a filled RSA object. You wish to remove the private parts of the key, leaving only the public key, so that you can serialize the data structure and send it off to a party who should not have the private information.

Solution

Remove all elements of the structure except for n and e.

Discussion

OpenSSL lumps the private key and the public key into a single RSA structure. They do this because the information in the public key is useful to anyone with the private key. If an entity needs only the public key, you’re supposed to clear out the rest of the data.

#include <openssl/rsa.h>
   
void remove_private_key(RSA *r) {
  r->d = r->p = r->q = r->dmp1 = r->dmq1 = r->iqmp = 0;
}

Be sure to deallocate the BIGNUM objects if you’re erasing the last reference to them.

Any party that has the private key should also hold on to the public key.

Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Programming Cookbook for C and C++ by John Viega, Matt Messier

7.7. Disentangling the Public and Private Keys in OpenSSL

Problem

Solution

Discussion

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly