Reputation: 75
I'm using CryptoPP to generate an RSA key pair to allow authentication for a game server. I need to base64URL encode my public exponent and modulus to include in a JWK but am having some problems. The code shows how I generate the RSA keys, extract the exponent and encode it:
typedef InvertibleRSAFunction RSAPrivateKey;
typedef RSAFunction RSAPublicKey;
RSAPrivateKey privateKey;
privateKey.Initialize( rng, 1024);
RSAPublicKey publicKey( privateKey );
const Integer& e = privateKey.GetPublicExponent();
Base64Encoder exponentSink(new StringSink(exponentString));
e.DEREncode(exponentSink);
exponentSink.MessageEnd();
base64URL(exponentString);
cout << "exponentString: " << exponentString << endl;
The base64URL function just filters the string for the =,+,\n and / characters to make it base64URL.
I know that CryptoPP uses an exponent of 17, and the code above encodes this as "AgER". I've read from numerous sources that 65537 encodes as "AQAB" and I tried this as a test by manually setting e to this. When I do this the output is "AgMBAAE", not "AQAB".
When I use an online converter such as https://www.base64encode.org/ the output is instead "NjU1Mzc".
Can someone explain where all these differences come from and what the correct encoding of 17 is? Thanks!
Upvotes: 7
Views: 4477
Reputation: 94058
The output of CryptoPP seems to include the ASN.1 DER encoded representation. In hexadecimals the string AgMBAAE
translates to 0203010001
.
Now in ASN.1 / DER this reads as:
02 a signed INTEGER
03 the length of the value
010001 the value, a big endian signed integer (i.e. 65537)
The value of the base64encode.org seems to output the base 64 encoding of the ASCII string "65537"
: 3635353337
in hexadecimals.
There is no single correct encoding of the value 17, it depends what you use it for.
EQ==
AgER
MTc=
you can of course use the same strings without =
padding characters as well (to comply with the base64url encoding instead of the more common base 64 encoding).
Upvotes: 6