000023138 - How to use Crypto-C to convert keys stored in PKCS 8 format to a format readable by SSL-C

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023138
PKCS #8 encoded private key
IssueHow to use Crypto-C to convert keys stored in PKCS 8 format to a format readable by SSL-C
CauseSSL-C does not read RSA private keys in any standard format.  Instead it reads them in an internal SSL-C format.  Crypto-C can convert RSA Private Keys from standard encodings such as PKCS #8 into SSL-C compatible format.  The attached sample code demonstrates this.
ResolutionCrypto-C can convert a standard RSA private key into SSL-C's internal format with the following steps:
  1. Load or generate the private key into a B_KEY_OBJ object.
  2. "Wrap" the B_KEY_OBJ with code similar to ConvertToSSLC (...), defined below.
  3. Transfer the SSL-C encoded key into SSL-C.  You can write the private key to a file or, if your application has linked in SSL-C, pass the memory into SSL-C.

/* Converts a Crypto-C RSA key object to an SSL-C key
 * Arguments:
 *   pRsaKey        [In] Crypto-C object containing an RSA key
 *   pData            [Out] Buffer to be filled with SSL-C key
 *   pDataLen      [Out] Number of bytes in pData
 *   dataMax        [In] Size of pData
 * Return:
 *     0 on success, nonzero on failure
int ConvertToSSLC (B_KEY_OBJ* pRsaKey, unsigned char *pData, int *pDataLen, int dataMax)

    B_ALGORITHM_OBJ wrapper;
    unsigned char iv[8];

    int status;

    do {
        if ((status = B_CreateAlgorithmObject (&wrapper)) != 0)

        /* Initialize the decrypter object */
        params.encryptAlgorithm = (B_INFO_TYPE) NULL_PTR;
        T_memset (iv, 0, 8);
        params.iv = iv;
        params.pemEncode = 0;
        if ((status = B_SetAlgorithmInfo (wrapper, AI_SSLC_KeyWrap, (POINTER) &params)) != 0)

        /* Wrap the key */
        if ((status = B_WrapKeyInit(wrapper, (B_KEY_OBJ)NULL_PTR,
                                    (B_ALGORITHM_CHOOSER) NULL_PTR, NO_SURRENDER)) != 0)
        if ((status = B_WrapKey(wrapper, pData, pDataLen, dataMax, *pRsaKey, KEY_WRAP_CHOOSER,
                                (B_ALGORITHM_OBJ) NULL_PTR, NO_SURRENDER)) != 0)
    while (0);

    B_DestroyAlgorithmObject (&wrapper);

    return status;
Legacy Article IDa33755