(MFC) Generate RSA Key and Export to PKCS1 / PKCS8

MFC example code showing how to generate an RSA public/private key and save to PKCS1 and PKCS8 format files. In a PKCS1 or PKCS8 formatted file, the key is stored in binary ASN.1 format (and ASN.1 is itself written according to DER -- Distinguished Encoding Rules). A PEM file simply contains the binary ASN.1 base64 encoded and delimited by BEGIN/END lines. PKCS1 format files are never encrypted. PKCS8 can be encrypted or unencrypted. Public keys are never encrypted (there is no need). Private keys *should* always be encrypted - unless perhaps the unencrypted private key is obtained and itself stored in some sort of secure place.

Chilkat C/C++ Library Downloads MS Visual C/C++ Libs

See Also: Using MFC CString in Chilkat

#include <CkRsa.h>
#include <CkPublicKey.h>
#include <CkPrivateKey.h>

void ChilkatSample(void)
    {
    CkString strOut;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkRsa rsa;

    // Generate a 2048-bit key.  Chilkat RSA supports
    // key sizes ranging from 512 bits to 8192 bits.
    bool success = rsa.GenerateKey(2048);
    if (success != true) {
        strOut.append(rsa.lastErrorText());
        strOut.append("\r\n");
        SetDlgItemText(IDC_EDIT1,strOut.getUnicode());
        return;
    }

    // Get the public and private key parts:
    CkPublicKey *pubKey = rsa.ExportPublicKeyObj();
    CkPrivateKey *privKey = rsa.ExportPrivateKeyObj();

    // Get the public key as a PKCS8 PEM string
    const char *pubKeyPem = pubKey->getOpenSslPem();
    strOut.append(pubKeyPem);
    strOut.append("\r\n");

    // Get the public key in PKCS8 format, in a Base64 encoded string.
    const char *pubKeyPkcs8Base64 = pubKey->getPkcs8ENC("base64");
    strOut.append(pubKeyPkcs8Base64);
    strOut.append("\r\n");

    // Get the public key in PKCS1 format, in a Base64 encoded string.
    const char *pubKeyPkcs1Base64 = pubKey->getPkcs1ENC("base64");
    strOut.append(pubKeyPkcs1Base64);
    strOut.append("\r\n");

    // Get the private key in a PKCS8 PEM string.
    const char *privKeyPem = privKey->getPkcs8Pem();
    strOut.append(privKeyPem);
    strOut.append("\r\n");

    // Get the private key in a PKCS8 encrypted PEM string.
    const char *privKeyEncPem = privKey->getPkcs8EncryptedPem("myPassword");
    strOut.append(privKeyEncPem);
    strOut.append("\r\n");

    // Get the private key in PKCS1 Base64 format
    const char *privKeyPkcs1Base64 = privKey->getPkcs1ENC("base64");
    strOut.append(privKeyPkcs1Base64);
    strOut.append("\r\n");

    // Get the private key in PKCS8 Base64 format
    const char *privKeyPkcs8Base64 = privKey->getPkcs8ENC("base64");
    strOut.append(privKeyPkcs8Base64);
    strOut.append("\r\n");

    // Save to PKCS1 / PKCS8 / PEM files...

    // Save the public key to PKCS8 binary DER
    // Note: Chilkat is confusingly using the substring "OpenSsl" in the method name.
    // A better choice would've been "SavePkcs8DerFile". When you see "OpenSsl" referring to
    // a key format in a Chilkat method name, assume "PKCS8".
    success = pubKey->SaveOpenSslDerFile("pubKey_pkcs8.der");

    // Save the public key to PKCS1 binary DER
    success = pubKey->SaveRsaDerFile("pubKey_pkcs1.der");

    // Save the private key to unencrypted binary PKCS1 DER.
    // Note: PKCS1 is never found in an encrypted format. 
    success = privKey->SaveRsaDerFile("privKey_pkcs1.der");

    // Save the private key to unencrypted binary PKCS8
    success = privKey->SavePkcs8File("privKey_pkcs8.der");

    // Save the private key to encrypted binary PKCS8
    success = privKey->SavePkcs8EncryptedFile("myPassword","privKey_enc_pkcs8.der");

    // Save the private key to unencrypted PKCS8 PEM
    success = privKey->SavePkcs8PemFile("privKey.pem");

    // Save the private key to encrypted PKCS8 PEM
    success = privKey->SavePkcs8EncryptedPemFile("myPassword","privKey_enc.pem");

    delete pubKey;
    delete privKey;


    SetDlgItemText(IDC_EDIT1,strOut.getUnicode());

    }