How to Generate both Private and Public Keys

[dcornelius]

I'm a little confused about generating keys for communicating between the SFTP client I'm writing and an SFTP server. I understand there needs to be both a private key and a public key. Using WinSCP and PuTTY, I've been able to generate the keys and import them with the SecureBridge components so I have that part figured out. But my application needs to be able to generate keys on its own to make it simple for my customers.

While developing and testing, I've been able to generate a key and as I step through the code, the IsPrivate flag is True. So I know I've generated the Private key. How do I also generate the Public Key? Do I call Generate again? I tried that and IsPrivate is once again True.

Thanks,

David Cornelius
Retail Dimensions, Inc.

[dcornelius]

I loaded the SFTPClient demo and stepped through it line by line and discovered the call to Generate, if the Key is associated with a ScFileStorage, actually exports what looks like a private key. Then calling ExportTo with True for the PublicKeyOnly parameter exports what looks like a public key.

Is this correct? It seems like a rather strange way of doing it.

In this case, when would I pass False for PublicKeyOnly when calling ExportTo?

I just tried that in my code and it exported a file with the first line that reads:
-----BEGIN RSA PRIVATE KEY-----
But it's different than the new private key file just generated and there's no public part in it.

So what does the boolean parameter, PublicKeyOnly, actually accomplish other than toggling the export between a Private and Public key? Why does the Generate procedure also export a file?

[Dimon]

In asymmetric encryption, (RSA or DSA types) two keys are used. The private key is used for data decryption and signing, the public key is used for data encrypting. The private key contains both parts - private and public!

The key can be saved in different formats that are used by different applications. It is possible to store the key in the encrypted form to protect it from illegal access, but you can store the public keys in the open form only. The PublicKeyOnly parameter determines whether only the public key or both public and private keys will be exported.

The Generate procedure exports the public key, because it should be passed to the server side. And you should not pass the private key, because it breaks security principles. If a violator obtains the public key, he will not be able to read or change any data transferred through an SSH channel. But if the violator obtains the private key, it will have access to all transferred data.

[dcornelius]

Thank you for this explanation. I had considered the private and public keys separate but now that I understand the by "private key" it means both the private and public parts, this will make a lot more sense.

I will work with this today and hopefully make good progress!

[Dimon]

If any questions come up, please contact me.