
Can not read private key from a string rather than a file in crypto++

I need to use an openssl generated key to sign messages via cryptopp lib.

The key generated with: openssl genrsa -out privatKey.pem 2048

and to get rid of the error CryptoPP::BERDecodeErr when loading this key into RSA::PrivateKey, the key was converted from PEM to DER as stated here Load PEM encoded private RSA key in Crypto++ : openssl pkcs8 -in privatKey.pem -out privatKey.der -topk8 -nocrypt -outform der

The code for loading the converted key from the file works successfully:

ByteQueue queue;
FileSource file("privatKey.der", true);

RSA::PrivateKey rsaPrivate;

Now I want to hardcode this key directly into the program text. I read its contents through the xxd -p privatKey.der and copied it into the code:

std::string privKeyStr = "308204bd020100300d06092a864886f70d0101010500048204a7308204a3"

I'm trying to load this hardcoded key from the string via CryptoPP::StringSource:

ByteQueue queue;
StringSource str(privKeyStr, true);

RSA::PrivateKey rsaPrivate;

but I'm getting the exception CryptoPP::BERDecodeErr

How to do it correctly?


  • privKeyStr is a hex encoded private ASN.1/DER encoded key in PKCS#8 format. To hex decode, Crypto++ provides the HexDecoder class. The hex encoded key can be imported e.g. with the following code:

    #include <cryptopp/hex.h>
    #include <cryptopp/rsa.h>
    std::string privKeyStr = "...";
    ByteQueue queue;
    HexDecoder decoder;
    decoder.Attach(new Redirector(queue));
    decoder.Put((byte*)privKeyStr.data(), privKeyStr.size());
    RSA::PrivateKey rsaPrivate;

    For those who are interested in importing PEM encoded keys: Crypto++ does not directly support PEM encoded keys, but there is a library add-on (PEM Pack).
    Alternatively, the documentation contains an example of a manual import of a PEM encoded key. The above code snippet is based on this example.
    The example also describes the direct import of a PKCS#1 key (so that no detour via a PKCS#8 conversion is required), for which only rsaPrivate.BERDecodePrivateKey() must be used instead of rsaPrivate.Load().