New API Proposal: RSA Key Support

[0xTim]

New API Proposal: RSA Key Support

Motivation:

RSA is a widely used and popular public key system used for key exchange and popular with JWTs and older TLS versions among other uses. Although relatively old and slow, it is still widely supported and heavily used, justifying its inclusion in Swift Crypto. BoringSSL has the code in it required, so those APIs would need to be exposed.

Importance:

A lot of systems still use RSA to public key encryption and validation. Apple's own Sign in With Apple service provides a JWT that is signed using an RSA key, provided as a JWK. Without RSA support in Swift Crypto, we are unable to use that library to verify JWTs from Apple on the server-side.

[Lukasa]

Thanks for this feature request! We'll circulate it with the team and get back to you.

[FranzBusch]

Would be really great to see the support of RSA inside swift-crypto. It is such a common use-case and we had to fall back to the Security framework on iOS to generate RSA keys now.

[tonyarnold]

I've hit the lack of RSA support in this project today - adding my voice: it'd be great to see RSA key support ❤️

[fabianfett]

I guess the requested feature has been implemented here:
https://github.com/apple/swift-crypto/blob/main/Sources/_CryptoExtras/RSA/RSA.swift

Does that solve your problem?

[0xTim]

Ooh it could well do

[FredericJacobs]

@0xTim : Can you confirm this addresses your request?

[0xTim]

@FredericJacobs sure, give me a few days to see if it offers everything we need for JWTKit

[JaapWijnen]

Would it be possible to include a way to extract the data representations of the modulus, exponent and private exponent for the public and private keys? an initialiser using those would be amazing as well!

[Lukasa]

What's the intended use-case?

[JaapWijnen]

@FredericJacobs I was taking a look at the JWTKit API in order to see what was needed to move to swift-crypto's RSA implementation. There's this initializer that's part of the public API https://github.com/vapor/jwt-kit/blob/449850f0db4769c630d90ff09ee1be2a5a382bd8/Sources/JWTKit/RSA/RSAKey.swift#L145,
Secondly there's also an initializer using a certificate string to create an RSAKey, https://github.com/vapor/jwt-kit/blob/449850f0db4769c630d90ff09ee1be2a5a382bd8/Sources/JWTKit/RSA/RSAKey.swift#L65.
I'm not well versed enough in these to know if it's trivial to convert between these representations of certificate strings and pemkey formats to the n, e, d formats ourselves but couldn't find anything conclusive on that while doing some reading. So those would be the main missing features regarding RSA keys.

@Lukasa I'm working on an OpenSSH private key parser currently used along with swift-nio-ssh where I'm reading the modulus etc from the openssh format itself to then create an RSAKey with (using BoringSSL currently). I would like to move to swift-crypto's RSA implementation instead (if possible).

[Lukasa]

I think we can probably add a "from numbers" interface to RSA.