jmking has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to store a private key generated with Crypt::RSA into a MySQL database. However, when I retrieve it from the database as a string I have no way of getting Crypt::RSA to use it to decrypt the data. For example:
my $private_key = $sth->fetchrow(); #Stored as a string #I need to put $private_key in a format readable by the function below my $plaintext = $rsa->decrypt ( Cyphertext => $cyphertext, Key => $private_key, Armour => 1, ) || die $rsa->errstr();
The only way I've been able to get this to work is to store the private key in a file and have Crypt::RSA read it back in like this:
$private_key = new Crypt::RSA::Key::Private ( Filename => 'private_key_file' );
But obviously writing a private key to a file is not a good idea, so I've also tried using IO::Scalar and IO::String to see if I could give the string a filehandle, with no luck. Any help would be appreciated.

Replies are listed 'Best First'.
Re: Private keys in Crypt::RSA
by traveler (Parson) on Mar 07, 2007 at 20:45 UTC
    You should probably store the key as a BLOB or convert it to a string using some algorithm like BASE64, store it in the db, retrieve it, and then convert it back yourself.

    You could store it in a file using Crypt::RSA::Private and using a key to encrypt it (see the doc). If it is unencrypted in the MySQL db, it may still be vulnerable to discovery.

      Thanks for the reply. The key is being returned from the database correctly, so I'm not sure if storing it as a BLOB or converting it will help. And I'm using AES_ENCRYPT in MySQL, so the key is being stored securely. But if I pass the string directly to the decryption function like I show in the example, it gives me this error:
      Can't call method "check" without a package or object reference at /us +r/local/lib/perl5/site_perl/5.6.2/Crypt/ line 133.
      My guess is that it needs to be stored in a hash (which I've tried) or I'm just missing something. If I can't get this to work I'll just go ahead and encrypt it like you suggested but I would prefer to store it in the database. Any suggestions?
        The key is not a scalar. It is an object. The private key is an object of type Crypt::RSA::Key::Private. When you store it do you serialize the object and then unserialize it on retrieval? If not, you are probably not saving and restoring the object itself.

        From the error (and checking the code) it seems that you are trying to treat the key as though it were just the raw key value iteslf (a scalar), which it is not.

        I was able to solve the problem. I needed to return the result as an array reference and use the deserialize() function to convert it to the perl object it was looking for. Thanks for the help!