This tutorial assumes you have no background in cryptography and very little background in Erlang. The purpose this tutorial serves is to create a simple example of how to encode/decode simple strings inside of Erlang. Up front this is the source material I am drawing from:
- http://erlang.org/doc/man/crypto.html
- http://www.erlang.org/doc/apps/public_key/using_public_key.html
- http://www.openssl.org/docs/HOWTO/keys.txt
- http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line
I'm creating this using Linux, in a terminal window:
> openssl genrsa -des3 -out private_key.pem 2048
This will generate a key file. It will prompt you for a password (unless you omit -des3). To verify that it worked, just simply:
> cat private_key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2FFDE296A2F2FE08
Kjw01WesO4BUfs4GM31LH/DCTzlyaulsRwmGaPdoc6kyaB8TC2KGa4BxEYyKxDin
UBB2Oo/qKX4uccGQwiAfK1IY3UFA7m4HbD2RjpHOY5nru/dBhBvYisnepFNEahbg
L1vyfp8UdH4DO9el1utCBznSnCJuwGK1u9bBCZoWyaFxv09Zidc1WxtGXfZjyg/w
Z0R5PEOTrYl6vHsstFeEqDtBRAzZGjmBdgTzOYKo9VAFsHqgdGImdcf5GsXIhXl1
C55UjjLYs88/qa0snMG2qR74vZDNboFcRi8IgXwNJjx2os4GV9q2gWjLjhAcudZ2
hfU1XIo74F4tg7qGmogqkV1FRNJASnGPdITqs9Q+Ll19Qy8a8zOS1bZURZyM7gwd
nWGQU0NAYb0v0Q8VsbzIUjFba00xdRD8wxU0vE+uNHJa9foT8fhCEGwavbvbuktZ
+1JY8hqvELaWNBdSbibhe0gNGO/n2bS/oIVeGGyPzbl9ahXk+rwllFfk0tGaZIm0
S385RyqnLwS/Dy0xmBvC/88bsulqCpePrsEzkD08nVlAlxj+IltEx9447gb/0q+8
n5xX6Azk+EHMkqTfPHjUD6vu1HWqCmPMC5+VqtTPF0T9bIWnqGNjbINL9B4GbV31
YGWXM5oGknme/57Vdg2F2vmJPAhLs48oLKvnUEPl5z+W1HTWdLSUvuw2UYcTCLwx
c3U6qnqRGk6XqVQy+VYtndnWUZCQzhmTbP05GCiFyhFpAch0jGI2dIyaT+con107
rskaLkBfzaUBD2aZrpUQpMapKVe3JrA4kyMOm6jY2VOnloUrxUlnIKHtIPPCjLoC
EYVY2djVgcdMGWAvfE6YGQ6KrQfwa7JkT2lg+yJKYoA54U2yDMN5z6+5lK7LwO8S
rV0XbQcqAuo4dN10gGi0poUgK32a5GxiOAy4LJ4bcg87iFkJQhgiopEgmq7gU1F8
-----END RSA PRIVATE KEY-----
When you create RSA private keys this way, it also contains a public key. The public key should also be in its own file too:
> openssl rsa -in private_key.pem -pubout > public_key.pem
You'll be prompted for the password to the private key.
Basic Encoding
Open up your Erlang shell now and do the following (I'm not going to pretend I know what is going on):
> {ok, PemBin } = file:read_file("private_key.pem").
> [ RSAEntry ] = public_key:pem_decode(PemBin).
> PrivateKey = public_key:pem_entry_decode( RSAEntry, "yourpassword").
These were three of the most difficult lines to figure out from their documentation. It's the simplest way to obtain the RSA Private Key without fuss. Now that we have the key, you can perform an encryption operation on some plain text:
> Encrypted = public_key:encrypt_private( <<"Hello World!">>, PrivateKey ).
This will return back some encrypted data now stored in Encrypted. Please note: The first argument to encrypt_private MUST BE A BINARY! This cannot be a string. It will give you an error that is not helpful!
Basic Decoding
To decode this message you'll once again need to load a key; this time the public key. That's the point of asymmetric cryptography: two keys. We encrypted using the private key, now we have to use the public key to decrypt:
> { ok, PemBin2 } = file:read_file("public_key.pem").
> [ RSAEntry2 ] = public_key:pem_decode(PemBin2).
> PublicKey = public_key:pem_entry_decode( RSAEntry2 ).
Now we have the public key. Let's decode our original message:
> Decrypted = public_key:decrypt_public(Encrypted, PublicKey).
You should get <<"Hello World">> back.
Public Key Encode, Private Key Decode
The above example shows how to encode using a private key and decoding using a public key. If you want to encode using a public key and then decode using a private key just do the following:
> A1 = public_key:encrypt_public(<<"Isn't this fun">>, PublicKey).
> A2 = public_key:decrypt_private(A1, PrivateKey).
That's all!
No comments:
Post a Comment