I'm trying to use cryptlib for a course that won't allow me to use the encapsulation functions.

My Steps

Program 1
Create Context - RSA
Set Context Label
Generate Keys
Open Keyset file (create)
AddPrivateKey
- no errors at runtime -

Program 2
Open Keyset file (read only)
GetPublicKey from key set file
Encrypt
- permission error

Are there some attributes I can use to allow this to work? I've email Peter but his answers havn't helped me to find the problem.

Thanks

If you're doing RSA & you can't use high level stuff, then you're much better off with a simple big integer library.Don't email Peter directly, email the support mailing list.

If you still want help with your code, you'll have to post it. I suggest you first look at http://www.woodmann.net/forum/showpost.php?p=30122&postcount=3 for an example of how to create the keyset properly.

Thanks, Mike. I looked at your post, and I suppose I should have asked about certificates before I posted. Is it imperative to use certificates? I'm trying to keep this simple (and the project requires that I create my own certificate class, so it'll just be more confusing that way.)

Once I've created the RSA keys in certificates, can I then use the cryptEncrypt function with the certificate? I've used the cryptEncrypt function with RSA keys with no problems, it's writing them out and reading them in that cause the permission error.

I'll try to post the code, if you don't mind helping.

Thanks!

http://home.earthlink.net/~rhamann/key.c
http://home.earthlink.net/~rhamann/test.c

key.c creates the key and saves it to a keyset file
test.c reads the key then tries to encrypt with it.

Should these stubs work, or do I have to use a certificate?

Um, what project? If it's homework and you're expected to understand the math of RSA, then cryptlib is the WRONG way to go about it. If it's paying work, why would they require you to write your own cert class?

First let's talk about the system you need to build, then we can talk about how crypto comes into it, and then decide if cryptlib has anything to offer.

It's homework, but not at the level of RSA internals, just at the implementation level.

We're recreating a SET system piecemeal, so I'm allowed to link in other encryption protocols, but not to used the encapsulated objects (signature functions, envelopes, etc.)

I'm just trying to get access to the encrypt and decrypt functions of AES and RSA. We're using onetime keys for AES, then encrypting that key with RSA, so all I have to do is export the AES in a method that can be imported, which cryptlib should provide to me. As far as RSA goes, I need to be able to save and share public keys.
He specifically wants us to build our own envelopes and certificates according to his specification.

Thanks, and if my comment about Peter's email not helping was offensive, I truly apologize. I looked at it again after posting and I think it looks rude and I should have used different wording

OK. Cryptlib purposely makes it hard to work with key material directly. You cannot ever get a handle to the bytes in the RSA private key, for instance. You don't seem to need that, though, so look at page 118 "Encryption and Decryption" for details about the low-level interface.

Looking at your code, you're doing some wierd stuff: why are you calling cryptEncrypt and cryptDecrypt in the middle of your key generation?

If I were in your place, I'd get a different crypto library that was designed at a lower level, like one of the early versions of Wei Dai's Crypto++ library. It's hard enough to learn cryptography without having to learn cryptlib's object model.

No, I didn't think it rude, it's just that Peter ignores most of those requests and you'll have better luck on the mailinglist.