Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
7.7.1 Problem
You are using OpenSSL and have a filled RSA object. You wish to remove the private parts of the key, leaving only the public key, so that you can serialize the data structure and send it off to a party who should not have the private information. 7.7.2 Solution
Remove all elements of the structure except for n and e. 7.7.3 Discussion
OpenSSL lumps the private key and the public key into a single RSA structure. They do this because the information in the public key is useful to anyone with the private key. If an entity needs only the public key, you're supposed to clear out the rest of the data. #include <openssl/rsa.h> void remove_private_key(RSA *r) { r->d = r->p = r->q = r->dmp1 = r->dmq1 = r->iqmp = 0; } Be sure to deallocate the BIGNUM objects if you're erasing the last reference to them. Any party that has the private key should also hold on to the public key. |