The RSA_PRIVATE_KEY function generates a private key using the RSA asymmetric cryptosystem, which requires a public key to encrypt and a private key to decrypt. As denoted by their names, the public key is shared with others, while the private key should be kept secret. The public key may be generated from the private key using the RSA_PUBLIC_KEY function. IDL strings may be encrypted and decrypted using the IDL_String::Decrypt/Encrypt methods.
The key size determines the maximum string length that may be encrypted using the associated public key. Specifically, one character may be encrypted for every eight bits in the key. Additionally, IDL uses secure PKCS#1 OAEP padding, which further reduces the maximum string length by 42 characters. Typical key sizes and corresponding string lengths are listed below:
Key Size (bits) |
Maximum String Length (bytes)
|
512 |
22 |
1024 |
86 |
2048 |
214 |
4096 |
470 |
8192 |
982 |
The maximum string length that may be encrypted by the associated public key is given by (key size / 8) – 42.
Note: The National Institute of Standards and Technology (NIST) recommends a minimum RSA key size of 2048 bits.
Examples
Generate a public/private key pair, and use them to encrypt and decrypt an IDL string.
privateKey = RSA_PRIVATE_KEY(2048)
publicKey = RSA_PUBLIC_KEY(privateKey)
mystring = "IDL is awesome!"
wellkeptsecret = mystring.Encrypt(publicKey)
print, wellkeptsecret
print, wellkeptsecret.Decrypt(privateKey)
IDL prints:
hmXf4Y1cr/60ofSooRvSTPtite7bS6mJsI9lgfgUOz328vndELb8z9L3htVfWRxEYW...
IDL is awesome!
Note: Because of the built-in randomness of RSA, calling the Encrypt method again on the same string will give a different result for each call.
Syntax
Result = RSA_PRIVATE_KEY( Keysize )
Return Value
The result is a scalar string containing the private key in PEM PKCS8 format. This format begins with the characters "-----BEGIN PRIVATE KEY-----" and contains the private key as a scalar string with lines separated by newline (\n) characters.
Arguments
Keysize
An integer giving the key size in bits. The minimum key size is 512. A larger bit size will take longer to generate, but will provide stronger security and allow you to encrypt longer strings. See the table above for the relationship between key size and string length.
Keywords
None
Version History
8.8.3 |
Introduced |
9.0 |
Change private key format from PKCS1 to PKCS8
|
See Also
IDL_String::Decrypt/Encrypt, RSA_PUBLIC_KEY