Asymmetric Keys

OpenSSL works with asymmetric keys based on the cryptography algorithms RSA, Diffie-Hellman (DH), DSA, Elliptic Curves (ECDH, ECDSA).

An asymmetric key is composed of public and private key and both combined are called key pair represented by DidiSoft.OpenSsl.KeyPair.

class DidiSoft.OpenSsl.KeyPair
+--------------------------------------+
|+Public (DidiSoft.OpenSsl.PublicKey)  |
|+Private (DidiSoft.OpenSsl.PrivateKey)|
+--------------------------------------+

Table of Contents

Create a Key Pair

A new key pair can be created with the static method GenerateKeyPair:

DidiSoft.OpenSsl.KeyPair kp = DidiSoft.OpenSsl.KeyPair.GenerateKeyPair(KeyAlgorithm.Rsa, KeyLength.Length2048);
DidiSoft.OpenSsl.PublicKey publicKey = kp.Public;
DidiSoft.OpenSsl.PrivateKey privateKey = kp.Private;

Public keys

Public keys are represented by the base class DidiSoft.OpenSsl.PublicKey. Sub classes exist for each supported asymmetric algorithm RSA, DSA, Diffie-Hellman (DH), Elliptic Curve Diffie-Hellman (ECDH).
Public keys are used as part of X.509 certificates and for the asymmetric operations encryption and signature verification (follow the links for each algorithm mentioned above).

Load a public key

A public key can be loaded from a file, stream or byte array containing the key in PEM, DER or Base-64 encoded format:

DidiSoft.OpenSsl.PublicKey pubKey = DidiSoft.OpenSsl.PublicKey.Load("mykey.pem");

Save public key

A public key can be saved in PEM or DER format, which is specified as a second parameter of the Save method. The example below converts from PEM to DER format:

DidiSoft.OpenSsl.PublicKey pubKey = DidiSoft.OpenSsl.PublicKey.Load("mykey.pem");
bool pemFormat = false;
pubKey.Save("mykey.der", pemFormat);

A public key can also be exported in Base-64 encoded format :

DidiSoft.OpenSsl.PublicKey pubKey = DidiSoft.OpenSsl.PublicKey.Load("mykey.pem");
bool withNewLines = false;
string keyInBase64 = pubKey.ToBase64String(withNewLines);

Private keys

Private keys are represented by the base class DidiSoft.OpenSsl.PrivateKey. Sub classes exist for each supported asymmetric algorithm RSA, DSA, Diffie-Hellman (DH), Elliptic Curve Diffie-Hellman

Private keys are used for the asymmetric cryptography operations decryption and digital signing (follow the links for each algorithm mentioned above) and can be stored in PKCS12 (.pfx) key containers.

Load a private key

A private key can be loaded from a file, stream or byte array containing the key in PEM, DER or Base-64 encoded format:

DidiSoft.OpenSsl.PrivateKey privKey = DidiSoft.OpenSsl.PrivateKey.Load("key.der");

Save private key

A private key can be saved in PEM or DER format. The format is is specified in the second parameter of the Save method. The example below converts from DER to PEM format:

DidiSoft.OpenSsl.PrivateKey privKey = DidiSoft.OpenSsl.PrivateKey.Load("key.der");
bool pemFormat = true;
pubKey.Save("key.pem", pemFormat);

A private key can also be exported in Base-64 encoded format (this is actually a Base-64 encoding of the key in DER format) :

DidiSoft.OpenSsl.PrivateKey privKey = DidiSoft.OpenSsl.PrivateKey.Load("key.der");
bool withNewLines = false;
string keyInBase64 = privKey.ToBase64String(withNewLines);

Summary

This was an introductory chapter for working with asymmetric keys with DidiSoft OpenSSL Library for .NET. Asymmetric keys are used for each OpenSSL operation that involves asymmetric cryptography like CMS/PKCS7 and S/MIME and they are the foundation of X.509 certificates.