The RSA_PRIVATE_KEY function generates a private key using the RSA asymmetric cryptosystem, which requires a public key to encrypt and a private key to decrypt. As denoted by their names, the public key is shared with others, while the private key should be kept secret. The public key may be generated from the private key using the RSA_PUBLIC_KEY function. IDL strings may be encrypted and decrypted using the IDL_String::Decrypt/Encrypt methods.

The key size determines the maximum string length that may be encrypted using the associated public key. Specifically, one character may be encrypted for every eight bits in the key. Additionally, IDL uses secure PKCS#1 OAEP padding, which further reduces the maximum string length by 42 characters. Typical key sizes and corresponding string lengths are listed below:

Key Size (bits)

Maximum String Length (bytes)

512 22
1024 86
2048 214
4096 470
8192 982

The maximum string length that may be encrypted by the associated public key is given by (key size / 8) – 42.

Note: The National Institute of Standards and Technology (NIST) recommends a minimum RSA key size of 2048 bits.

Examples


Generate a public/private key pair, and use them to encrypt and decrypt an IDL string.

privateKey = RSA_PRIVATE_KEY(2048)
publicKey = RSA_PUBLIC_KEY(privateKey)
 
mystring = "IDL is awesome!"
wellkeptsecret = mystring.Encrypt(publicKey)
print, wellkeptsecret
print, wellkeptsecret.Decrypt(privateKey)

IDL prints:

hmXf4Y1cr/60ofSooRvSTPtite7bS6mJsI9lgfgUOz328vndELb8z9L3htVfWRxEYW...
 
IDL is awesome!

Note: Because of the built-in randomness of RSA, calling the Encrypt method again on the same string will give a different result for each call.

Syntax


Result = RSA_PRIVATE_KEY( Keysize )

Return Value


The result is a scalar string containing the private key in PEM PKCS8 format. This format begins with the characters "-----BEGIN PRIVATE KEY-----" and contains the private key as a scalar string with lines separated by newline (\n) characters.

Arguments


Keysize

An integer giving the key size in bits. The minimum key size is 512. A larger bit size will take longer to generate, but will provide stronger security and allow you to encrypt longer strings. See the table above for the relationship between key size and string length.

Keywords


None

Version History


8.8.3

Introduced

9.0

Change private key format from PKCS1 to PKCS8

See Also


IDL_String::Decrypt/Encrypt, RSA_PUBLIC_KEY