For example, the code listing below creates a PKCS #10 PDU by calling cdk::Key::asn1sign() and that method requires a random cdk::num input (for non-deterministic signature schemes). To obtain this input, it is simplest to apply the convenient cast to the output of cdk::getrand2():
// generate a new RSA key pair cdk::Key k; k.hashtype = hSHA1; k.RSAkeygen(cdk::getrand2(80)); // extract the algorithm ID and public key cdk::str algID = k.asn1parameters(1,0); cdk::str pubkey = k.asn1public(); // create an unsigned PKCS #10 certificate request cdk::DName dn; dn.cname = "John Doe"; cdk::str tbsP10 = makep10raw(dn.toasn1(), algID, pubkey, ""); // sign the PKCS #10 request cdk::str p10; int i = k.asn1sign(tbsP10, num(cdk::getrand2(80)), p10); // i > 0 indicates an error
Conversely, to convert a cdk::num object into one of type cdk::str, one can simply apply the cdk::num::tostr() method.
cdk::str hexStr = binStr.tohex(1);
To hex-encode a binary string (without a leading '0x'):
To decode (or parse) a hex-encoded string to binary:
To decode a base64-encoded string to binary
To base64-encode an octet string according to RFC 1113 and RFC 1421:
b64Str = binStr.tobase64(1);
This method, known as "PEM encoding" or "printable encoding," is the most popular form of encapsulating a base64-encoded octet string and is recommended for most applications.
To base64-encode an octet string without the RFC 1113 padding:
b64Str = binStr.tobase64(0);
To instantiate and operate on elements of a finite field, first encode the irreducible polynomial with respect to which field elements are to be represented. For example, let f = x^128 + x^7 + x^2 + x + 1 be the irreducble polynomial over GF(2) used to represent elements of GF(2^128) in the specification of the GHASH function used in AES-GCM. We encode f into an object of class num (for use as the class FParms parameters of field elements) as follows:
static num f(hex("0100000000000000000000000000000087"));
Two 16-byte/128-bit octet strings A and B presented as in NIST SP-800-38D can then be made into field elements (after a careful bit-reversal) in this way:
num a = num(str(16,A)).mod(R,128), b = num(str(16,B)).mod(R,128);
To multply A by B and store the product in a 16-byte octet string C, we use the following code:
a = a * b;
char C; memcpy(C,a.tostr(16).rawptr(),16);
The next topic is Processing X.509v3 Certificates and CRLs.
|ISC Cryptographic Development Kit - User's Guide|
|Questions? E-mail ISC technical support|
|Copyright© 2002-2006 Information Security Corp. All rights reserved.|