Add PKCS8::BER_encode for encrypted keys

author: lloyd <[email protected]> 2010-06-15 03:14:39 +0000
committer: lloyd <[email protected]> 2010-06-15 03:14:39 +0000
commit: 5ada424c1389f55f68ea5eba5f7c854616e9fb53 (patch)
tree: 6d657f3243752361067bc7141ce941ac6147d63e /src/pubkey/pk_codecs
parent: bda5b5b2a7e14946f4654ce2cc08fb2796c65daa (diff)
2 files changed, 53 insertions, 38 deletions
diff --git a/src/pubkey/pk_codecs/pkcs8.cpp b/src/pubkey/pk_codecs/pkcs8.cpp
index d23e2e7d7..9ac890328 100644
--- a/src/pubkey/pk_codecs/pkcs8.cpp
+++ b/src/pubkey/pk_codecs/pkcs8.cpp
@@ -163,32 +163,15 @@ std::string PEM_encode(const Private_Key& key)
    }
 
 /*
-* DER or PEM encode a PKCS #8 private key
-*/
-void encode(const Private_Key& key, Pipe& pipe, X509_Encoding encoding)
-   {
-   if(encoding == PEM)
-      pipe.write(PKCS8::PEM_encode(key));
-   else
-      pipe.write(PKCS8::BER_encode(key));
-   }
-
-/*
-* Encode and encrypt a PKCS #8 private key
+* Encrypt a PKCS #8 private key and return as BER
 */
-void encrypt_key(const Private_Key& key,
-                 Pipe& pipe,
-                 RandomNumberGenerator& rng,
-                 const std::string& pass, const std::string& pbe_algo,
-                 X509_Encoding encoding)
+SecureVector<byte> BER_encode(const Private_Key& key,
+                              RandomNumberGenerator& rng,
+                              const std::string& pass,
+                              const std::string& pbe_algo)
    {
    const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,TripleDES/CBC)";
 
-   Pipe raw_key;
-   raw_key.start_msg();
-   encode(key, raw_key, RAW_BER);
-   raw_key.end_msg();
-
    std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)));
 
    pbe->new_params(rng);
@@ -197,20 +180,14 @@ void encrypt_key(const Private_Key& key,
    AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params());
 
    Pipe key_encrytor(pbe.release());
-   key_encrytor.process_msg(raw_key);
+   key_encrytor.process_msg(PKCS8::BER_encode(key));
 
-   SecureVector<byte> enc_key =
-      DER_Encoder()
+   return DER_Encoder()
          .start_cons(SEQUENCE)
             .encode(pbe_algid)
             .encode(key_encrytor.read_all(), OCTET_STRING)
          .end_cons()
       .get_contents();
-
-   if(encoding == PEM)
-      pipe.write(PEM_Code::encode(enc_key, "ENCRYPTED PRIVATE KEY"));
-   else
-      pipe.write(enc_key);
    }
 
 /*
@@ -224,11 +201,35 @@ std::string PEM_encode(const Private_Key& key,
    if(pass == "")
       return PEM_encode(key);
 
-   Pipe pem;
-   pem.start_msg();
-   encrypt_key(key, pem, rng, pass, pbe_algo, PEM);
-   pem.end_msg();
-   return pem.read_all_as_string();
+   return PEM_Code::encode(PKCS8::BER_encode(key, rng, pass, pbe_algo),
+                           "ENCRYPTED PRIVATE KEY");
+   }
+
+/*
+* DER or PEM encode a PKCS #8 private key
+*/
+void encode(const Private_Key& key, Pipe& pipe, X509_Encoding encoding)
+   {
+   if(encoding == PEM)
+      pipe.write(PKCS8::PEM_encode(key));
+   else
+      pipe.write(PKCS8::BER_encode(key));
+   }
+
+/*
+* Encode and encrypt a PKCS #8 private key
+*/
+void encrypt_key(const Private_Key& key,
+                 Pipe& pipe,
+                 RandomNumberGenerator& rng,
+                 const std::string& pass,
+                 const std::string& pbe_algo,
+                 X509_Encoding encoding)
+   {
+   if(encoding == PEM)
+      pipe.write(PKCS8::PEM_encode(key, rng, pass, pbe_algo));
+   else
+      pipe.write(PKCS8::BER_encode(key, rng, pass, pbe_algo));
    }
 
 /*
diff --git a/src/pubkey/pk_codecs/pkcs8.h b/src/pubkey/pk_codecs/pkcs8.h
index ed0fddc97..d73e517bd 100644
--- a/src/pubkey/pk_codecs/pkcs8.h
+++ b/src/pubkey/pk_codecs/pkcs8.h
@@ -88,9 +88,23 @@ BOTAN_DLL std::string PEM_encode(const Private_Key& key);
 * @param key the key to encode
 * @param rng the rng to use
 * @param pass the password to use for encryption
-* @param pbe_algo the name of the desired password-based encryption algorithm.
-* Provide an empty string to use the default PBE defined in the configuration
-* under base/default_pbe.
+* @param pbe_algo the name of the desired password-based encryption algorithm,
+                  or use "" for a sane default.
+* @return BER encrypted key
+*/
+BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key,
+                                        RandomNumberGenerator& rng,
+                                        const std::string& pass,
+                                        const std::string& pbe_algo = "");
+
+/**
+* Encode and encrypt a PKCS #8 key as a binary structure
+* @param key the key to encode
+* @param rng the rng to use
+* @param pass the password to use for encryption
+* @param pbe_algo the name of the desired password-based encryption algorithm,
+                  or use "" for a sane default.
+* @return PEM encrypted key
 */
 BOTAN_DLL std::string PEM_encode(const Private_Key& key,
                                  RandomNumberGenerator& rng,
author	lloyd <[email protected]>	2010-06-15 03:14:39 +0000
committer	lloyd <[email protected]>	2010-06-15 03:14:39 +0000
commit	5ada424c1389f55f68ea5eba5f7c854616e9fb53 (patch)
tree	6d657f3243752361067bc7141ce941ac6147d63e /src/pubkey/pk_codecs
parent	bda5b5b2a7e14946f4654ce2cc08fb2796c65daa (diff)