../svn-commit.tmp

5 files changed, 1444 insertions, 0 deletions

diff --git a/Source/lib/crypto/rsa/Makefile.rsa b/Source/lib/crypto/rsa/Makefile.rsa
new file mode 100644
index 000000000..1a0204c83
--- /dev/null
+++ b/Source/lib/crypto/rsa/Makefile.rsa
@@ -0,0 +1,23 @@
+# Copyright (C) 2005 Jan Hutter, Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+#
+
+RSA_DIR= $(CRYPTO_DIR)rsa/
+
+LIB_OBJS+= $(BUILD_DIR)rsa_private_key.o
+$(BUILD_DIR)rsa_private_key.o :			$(RSA_DIR)rsa_private_key.c $(RSA_DIR)rsa_private_key.h
+										$(CC) $(CFLAGS) -c -o $@ $<
+										
+LIB_OBJS+= $(BUILD_DIR)rsa_public_key.o
+$(BUILD_DIR)rsa_public_key.o :			$(RSA_DIR)rsa_public_key.c $(RSA_DIR)rsa_public_key.h
+										$(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/Source/lib/crypto/rsa/rsa_private_key.c b/Source/lib/crypto/rsa/rsa_private_key.c
new file mode 100644
index 000000000..0afadd179
--- /dev/null
+++ b/Source/lib/crypto/rsa/rsa_private_key.c
@@ -0,0 +1,615 @@
+/**
+ * @file rsa_private_key.c
+ * 
+ * @brief Implementation of rsa_private_key_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "rsa_private_key.h"
+
+#include <daemon.h>
+#include <utils/allocator.h>
+#include <asn1/der_decoder.h>
+
+
+/* 
+ * Oids for hash algorithms are defined in
+ * rsa_public_key.c.
+ */
+extern u_int8_t md2_oid[18];
+extern u_int8_t md5_oid[18];
+extern u_int8_t sha1_oid[15];
+extern u_int8_t sha256_oid[19];
+extern u_int8_t sha384_oid[19];
+extern u_int8_t sha512_oid[19];
+
+
+/**
+ *  Public exponent to use for key generation.
+ */
+#define PUBLIC_EXPONENT 0x10001
+
+
+typedef struct private_rsa_private_key_t private_rsa_private_key_t;
+
+/**
+ * Private data of a rsa_private_key_t object.
+ */
+struct private_rsa_private_key_t {
+	/**
+	 * Public interface for this signer.
+	 */
+	rsa_private_key_t public;
+	
+	/**
+	 * Version of key, as encoded in PKCS#1
+	 */
+	u_int version;
+	
+	/**
+	 * Public modulus.
+	 */
+	mpz_t n;
+	
+	/**
+	 * Public exponent.
+	 */
+	mpz_t e;
+	
+	/**
+	 * Private prime 1.
+	 */
+	mpz_t p;
+	
+	/**
+	 * Private Prime 2.
+	 */
+	mpz_t q;
+	
+	/**
+	 * Private exponent.
+	 */
+	mpz_t d;
+	
+	/**
+	 * Private exponent 1.
+	 */
+	mpz_t exp1;
+	
+	/**
+	 * Private exponent 2.
+	 */
+	mpz_t exp2;
+	
+	/**
+	 * Private coefficient.
+	 */
+	mpz_t coeff;
+	
+	/**
+	 * Keysize in bytes.
+	 */
+	size_t k;
+	
+	/**
+	 * @brief Implements the RSADP algorithm specified in PKCS#1.
+	 * 
+	 * @param this		calling object
+	 * @param data		data to process
+	 * @return			processed data
+	 */
+	chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data);
+		
+	/**
+	 * @brief Implements the RSASP1 algorithm specified in PKCS#1.
+	 * @param this		calling object
+	 * @param data		data to process
+	 * @return			processed data
+	 */
+	chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data);
+	
+	/**
+	 * @brief Generate a prime value.
+	 * 
+	 * @param this		calling object
+	 * @param prime_size size of the prime, in bytes
+	 * @param[out] prime uninitialized mpz
+	 */
+	status_t (*compute_prime) (private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime);
+	
+};
+
+/**
+ * Rules for de-/encoding of a private key from/in ASN1 
+ */
+static asn1_rule_t rsa_private_key_rules[] = {
+	{ASN1_SEQUENCE, 0, 0, 0},
+	{	ASN1_INTEGER, 0, 		offsetof(private_rsa_private_key_t, version), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
+	{ASN1_END, 0, 0, 0},
+};
+
+static private_rsa_private_key_t *rsa_private_key_create_empty();
+
+/**
+ * Implementation of private_rsa_private_key_t.compute_prime.
+ */
+static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
+{
+	randomizer_t *randomizer;
+	chunk_t random_bytes;
+	status_t status;
+	
+	randomizer = randomizer_create();
+	mpz_init(*prime);
+	
+	do
+	{
+		status = randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
+		if (status != SUCCESS)
+		{
+			randomizer->destroy(randomizer);
+			mpz_clear(*prime);
+			return FAILED;
+		}
+		
+		/* make sure most significant bit is set */
+		random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
+		
+		/* convert chunk to mpz value */
+		mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
+		
+		/* get next prime */
+		mpz_nextprime (*prime, *prime);
+		
+		allocator_free(random_bytes.ptr);
+	}
+	/* check if it isnt too large */
+	while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
+	
+	randomizer->destroy(randomizer);
+	return SUCCESS;
+}
+
+/**
+ * Implementation of private_rsa_private_key_t.rsadp and private_rsa_private_key_t.rsasp1.
+ */
+static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
+{
+	mpz_t t1, t2;
+	chunk_t decrypted;
+	
+	mpz_init(t1);
+	mpz_init(t2);
+	
+	mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
+	
+	mpz_powm(t2, t1, this->exp1, this->p);	/* m1 = c^dP mod p */
+	mpz_powm(t1, t1, this->exp2, this->q);	/* m2 = c^dQ mod Q */
+	mpz_sub(t2, t2, t1);					/* h = qInv (m1 - m2) mod p */
+	mpz_mod(t2, t2, this->p);
+	mpz_mul(t2, t2, this->coeff);
+	mpz_mod(t2, t2, this->p);
+	
+	mpz_mul(t2, t2, this->q);				/* m = m2 + h q */
+	mpz_add(t1, t1, t2);
+	
+	decrypted.len = this->k;
+	decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
+	
+	mpz_clear(t1);
+	mpz_clear(t2);
+	
+	return decrypted;
+}
+
+/**
+ * Implementation of rsa_private_key.build_emsa_signature.
+ */
+static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
+{
+	hasher_t *hasher;
+	chunk_t hash;
+	chunk_t oid;
+	chunk_t em;
+	
+	/* get oid string prepended to hash */
+	switch (hash_algorithm)
+	{	
+		case HASH_MD2:
+		{
+			oid.ptr = md2_oid;
+			oid.len = sizeof(md2_oid);
+			break;
+		}
+		case HASH_MD5:
+		{
+			oid.ptr = md5_oid;
+			oid.len = sizeof(md5_oid);
+			break;
+		}
+		case HASH_SHA1:
+		{
+			oid.ptr = sha1_oid;
+			oid.len = sizeof(sha1_oid);
+			break;
+		}
+		case HASH_SHA256:
+		{
+			oid.ptr = sha256_oid;
+			oid.len = sizeof(sha256_oid);
+			break;
+		}
+		case HASH_SHA384:
+		{
+			oid.ptr = sha384_oid;
+			oid.len = sizeof(sha384_oid);
+			break;
+		}
+		case HASH_SHA512:
+		{
+			oid.ptr = sha512_oid;
+			oid.len = sizeof(sha512_oid);
+			break;
+		}
+		default:
+		{
+			return NOT_SUPPORTED;	
+		}
+	}
+	
+	/* get hasher */
+	hasher = hasher_create(hash_algorithm);
+	if (hasher == NULL)
+	{
+		return NOT_SUPPORTED;	
+	}
+	
+	/* build hash */
+	hasher->allocate_hash(hasher, data, &hash);
+	hasher->destroy(hasher);
+	
+	/* build chunk to rsa-decrypt:
+	 * EM = 0x00 || 0x01 || PS || 0x00 || T. 
+	 * PS = 0xFF padding, with length to fill em
+	 * T = oid || hash
+	 */
+	em.len = this->k;
+	em.ptr = allocator_alloc(em.len);
+	
+	/* fill em with padding */
+	memset(em.ptr, 0xFF, em.len);
+	/* set magic bytes */
+	*(em.ptr) = 0x00;
+	*(em.ptr+1) = 0x01;
+	*(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
+	/* set hash */
+	memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
+	/* set oid */
+	memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
+
+	
+	/* build signature */
+	*signature = this->rsasp1(this, em);
+	
+	allocator_free(hash.ptr);
+	allocator_free(em.ptr);
+	
+	return SUCCESS;	
+}
+
+/**
+ * Implementation of rsa_private_key.get_key.
+ */
+static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
+{	
+	chunk_t n, e, p, q, d, exp1, exp2, coeff;
+
+	n.len = this->k;
+	n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+	e.len = this->k;
+	e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+	p.len = this->k;
+	p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
+	q.len = this->k;
+	q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
+	d.len = this->k;
+	d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
+	exp1.len = this->k;
+	exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
+	exp2.len = this->k;
+	exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
+	coeff.len = this->k;
+	coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
+	
+	key->len = this->k * 8;
+	key->ptr = allocator_alloc(key->len);
+	memcpy(key->ptr + this->k * 0, n.ptr , n.len);
+	memcpy(key->ptr + this->k * 1, e.ptr, e.len);
+	memcpy(key->ptr + this->k * 2, p.ptr, p.len);
+	memcpy(key->ptr + this->k * 3, q.ptr, q.len);
+	memcpy(key->ptr + this->k * 4, d.ptr, d.len);
+	memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
+	memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
+	memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
+	
+	allocator_free(n.ptr);
+	allocator_free(e.ptr);
+	allocator_free(p.ptr);
+	allocator_free(q.ptr);
+	allocator_free(d.ptr);
+	allocator_free(exp1.ptr);
+	allocator_free(exp2.ptr);
+	allocator_free(coeff.ptr);
+	
+	return SUCCESS;
+}
+
+/**
+ * Implementation of rsa_private_key.save_key.
+ */
+static status_t save_key(private_rsa_private_key_t *this, char *file)
+{
+	return NOT_SUPPORTED;
+}
+
+/**
+ * Implementation of rsa_private_key.get_public_key.
+ */
+rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
+{
+	return NULL;
+}
+
+/**
+ * Implementation of rsa_private_key.belongs_to.
+ */
+static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public)
+{
+	if (mpz_cmp(this->n, *public->get_modulus(public)) == 0)
+	{
+		return TRUE;
+	}
+	return FALSE;
+}
+
+/**
+ * Implementation of rsa_private_key.clone.
+ */
+static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
+{
+	private_rsa_private_key_t *clone = rsa_private_key_create_empty();
+	
+	mpz_init_set(clone->n, this->n);
+	mpz_init_set(clone->e, this->e);
+	mpz_init_set(clone->p, this->p);
+	mpz_init_set(clone->q, this->q);
+	mpz_init_set(clone->d, this->d);
+	mpz_init_set(clone->exp1, this->exp1);
+	mpz_init_set(clone->exp2, this->exp2);
+	mpz_init_set(clone->coeff, this->coeff);
+	clone->k = this->k;
+	
+	return &clone->public;
+}
+
+/**
+ * Implementation of rsa_private_key.destroy.
+ */
+static void destroy(private_rsa_private_key_t *this)
+{
+	mpz_clear(this->n);
+	mpz_clear(this->e);
+	mpz_clear(this->p);
+	mpz_clear(this->q);
+	mpz_clear(this->d);
+	mpz_clear(this->exp1);
+	mpz_clear(this->exp2);
+	mpz_clear(this->coeff);
+	allocator_free(this);
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_rsa_private_key_t *rsa_private_key_create_empty()
+{
+	private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t);
+	
+	/* public functions */
+	this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
+	this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
+	this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
+	this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
+	this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to;
+	this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone;
+	this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
+	
+	/* private functions */
+	this->rsadp = rsadp;
+	this->rsasp1 = rsadp; /* same algorithm */
+	this->compute_prime = compute_prime;
+	
+	return this;
+}
+
+/*
+ * See header
+ */
+rsa_private_key_t *rsa_private_key_create(size_t key_size)
+{
+	mpz_t p, q, n, e, d, exp1, exp2, coeff;
+	mpz_t m, q1, t;
+	private_rsa_private_key_t *this;
+	
+	this = rsa_private_key_create_empty();
+	key_size = key_size / 8;
+	
+	/* Get values of primes p and q  */
+	if (this->compute_prime(this, key_size/2, &p) != SUCCESS)
+	{
+		allocator_free(this);
+		return NULL;
+	}	
+	if (this->compute_prime(this, key_size/2, &q) != SUCCESS)
+	{
+		mpz_clear(p);
+		allocator_free(this);
+		return NULL;
+	}
+	
+	
+	mpz_init(t);	
+	mpz_init(n);
+	mpz_init(d);
+	mpz_init(exp1);
+	mpz_init(exp2);
+	mpz_init(coeff);
+	
+
+	/* Swapping Primes so p is larger then q */
+	if (mpz_cmp(p, q) < 0)
+	{
+		mpz_set(t, p);
+		mpz_set(p, q);
+		mpz_set(q, t);
+	}
+	
+	mpz_mul(n, p, q);						/* n = p*q */
+	mpz_init_set_ui(e, PUBLIC_EXPONENT);	/* assign public exponent */
+	mpz_init_set(m, p); 					/* m = p */
+	mpz_sub_ui(m, m, 1);					/* m = m -1 */
+	mpz_init_set(q1, q);					/* q1 = q */
+	mpz_sub_ui(q1, q1, 1);					/* q1 = q1 -1 */
+	mpz_gcd(t, m, q1);						/* t = gcd(p-1, q-1) */
+	mpz_mul(m, m, q1);						/* m = (p-1)*(q-1) */
+	mpz_divexact(m, m, t);					/* m = m / t */
+	mpz_gcd(t, m, e);						/* t = gcd(m, e) (greatest common divisor) */
+
+	mpz_invert(d, e, m);					/* e has an inverse mod m */
+	if (mpz_cmp_ui(d, 0) < 0)				/* make sure d is positive */
+	{
+		mpz_add(d, d, m);
+	}
+	mpz_sub_ui(t, p, 1);					/* t = p-1 */
+	mpz_mod(exp1, d, t);					/* exp1 = d mod p-1 */
+	mpz_sub_ui(t, q, 1);					/* t = q-1 */
+	mpz_mod(exp2, d, t);					/* exp2 = d mod q-1 */
+	
+	mpz_invert(coeff, q, p);				/* coeff = q^-1 mod p */
+	if (mpz_cmp_ui(coeff, 0) < 0)			/* make coeff d is positive */
+	{
+		mpz_add(coeff, coeff, p);
+	}
+
+	mpz_clear(q1);
+	mpz_clear(m);
+	mpz_clear(t);
+
+	/* apply values */
+	*(this->p) = *p;
+	*(this->q) = *q;
+	*(this->n) = *n;
+	*(this->e) = *e;
+	*(this->d) = *d;
+	*(this->exp1) = *exp1;
+	*(this->exp2) = *exp2;
+	*(this->coeff) = *coeff;
+	
+	/* set key size in bytes */
+	this->k = key_size;
+	
+	return &this->public;
+}
+
+/*
+ * see header
+ */
+rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk)
+{
+	private_rsa_private_key_t *this;
+	der_decoder_t *dd;
+	status_t status;
+	
+	this = rsa_private_key_create_empty();
+	
+	mpz_init(this->n);
+	mpz_init(this->e);
+	mpz_init(this->p);
+	mpz_init(this->q);
+	mpz_init(this->d);
+	mpz_init(this->exp1);
+	mpz_init(this->exp2);
+	mpz_init(this->coeff);
+	
+	dd = der_decoder_create(rsa_private_key_rules);
+	status = dd->decode(dd, chunk, this);
+	dd->destroy(dd);
+	if (status != SUCCESS)
+	{
+		destroy(this);
+		return NULL;
+	}
+	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+	return &this->public;
+}
+
+/*
+ * see header
+ */
+rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase)
+{
+	chunk_t chunk;
+	struct stat stb;
+	FILE *file;
+	char *buffer;
+	
+	if (stat(filename, &stb) == -1)
+	{
+		return NULL;
+	}
+	
+	buffer = alloca(stb.st_size);
+	
+	file = fopen(filename, "r");
+	if (file == NULL)
+	{
+		return NULL;
+	}
+	
+	if (fread(buffer, stb.st_size, 1, file) != 1)
+	{
+		return NULL;
+	}
+	
+	chunk.ptr = buffer;
+	chunk.len = stb.st_size;
+	
+	return rsa_private_key_create_from_chunk(chunk);
+}
diff --git a/Source/lib/crypto/rsa/rsa_private_key.h b/Source/lib/crypto/rsa/rsa_private_key.h
new file mode 100644
index 000000000..b3b8ae87f
--- /dev/null
+++ b/Source/lib/crypto/rsa/rsa_private_key.h
@@ -0,0 +1,185 @@
+/**
+ * @file rsa_private_key.h
+ * 
+ * @brief Interface of rsa_private_key_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef RSA_PRIVATE_KEY_H_
+#define RSA_PRIVATE_KEY_H_
+
+#include <types.h>
+#include <definitions.h>
+#include <crypto/rsa/rsa_public_key.h>
+#include <crypto/hashers/hasher.h>
+
+
+typedef struct rsa_private_key_t rsa_private_key_t;
+
+/**
+ * @brief RSA private key with associated functions.
+ * 
+ * Currently only supports signing using EMSA encoding.
+ * 
+ * @b Constructors:
+ *  - rsa_private_key_create()
+ *  - rsa_private_key_create_from_chunk()
+ *  - rsa_private_key_create_from_file()
+ * 
+ * @see rsa_public_key_t
+ * 
+ * @todo Implement get_key(), save_key(), get_public_key()
+ *
+ * @ingroup rsa
+ */
+struct rsa_private_key_t {
+
+	/**
+	 * @brief Build a signature over a chunk using EMSA-PKCS1 encoding.
+	 * 
+	 * This signature creates a hash using the specified hash algorithm, concatenates
+	 * it with an ASN1-OID of the hash algorithm and runs the RSASP1 function
+	 * on it.
+	 * 
+	 * @param this				calling object
+	 * @param hash_algorithm	hash algorithm to use for hashing
+	 * @param data				data to sign
+	 * @param[out] signature	allocated signature
+	 * @return
+	 * 							- SUCCESS
+	 * 							- INVALID_STATE, if key not set
+	 * 							- NOT_SUPPORTED, if hash algorithm not supported
+	 */
+	status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature);
+	
+	/**
+	 * @brief Gets the key.
+	 * 
+	 * UNIMPLEMENTED!
+	 * 
+	 * @param this				calling object
+	 * @param key				key (in a propriarity format)
+	 * @return					
+	 * 							- SUCCESS
+	 * 							- INVALID_STATE, if key not set
+	 */
+	status_t (*get_key) (rsa_private_key_t *this, chunk_t *key);
+	
+	/**
+	 * @brief Saves a key to a file.
+	 * 
+	 * Not implemented!
+	 * 
+	 * @param this				calling object
+	 * @param file				file to which the key should be written.
+	 * @return					NOT_SUPPORTED
+	 */
+	status_t (*save_key) (rsa_private_key_t *this, char *file);
+	
+	/**
+	 * @brief Generate a new key.
+	 * 
+	 * Generates a new private_key with specified key size
+	 * 
+	 * @param this				calling object
+	 * @param key_size			size of the key in bits
+	 * @return					
+	 * 							- SUCCESS
+	 * 							- INVALID_ARG if key_size invalid
+	 */
+	status_t (*generate_key) (rsa_private_key_t *this, size_t key_size);
+	
+	/**
+	 * @brief Create a rsa_public_key_t with the public
+	 * parts of the key.
+	 * 
+	 * @param this				calling object
+	 * @return					public_key
+	 */
+	rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this);
+	
+	/**
+	 * @brief Check if a private key belongs to a public key.
+	 * 
+	 * Compares the public part of the private key with the
+	 * public key, return TRUE if it equals.
+	 * 
+	 * @param this				private key
+	 * @param public			public key
+	 * @return					TRUE, if keys belong together
+	 */
+	bool (*belongs_to) (rsa_private_key_t *this, rsa_public_key_t *public);
+	
+	/**
+	 * @brief Clone the private key.
+	 * 
+	 * @param this				private key to clone
+	 * @return					clone of this
+	 */
+	rsa_private_key_t *(*clone) (rsa_private_key_t *this);
+	
+	/**
+	 * @brief Destroys the private key.
+	 * 
+	 * @param this				private key to destroy
+	 */
+	void (*destroy) (rsa_private_key_t *this);
+};
+
+/**
+ * @brief Generate a new RSA key with specified key lenght.
+ * 
+ * @param key_size			size of the key in bits
+ * @return 					generated rsa_private_key_t.
+ * 
+ * @ingroup rsa
+ */
+rsa_private_key_t *rsa_private_key_create(size_t key_size);
+
+/**
+ * @brief Load an RSA private key from a chunk.
+ * 
+ * Load a key from a chunk, encoded as described in PKCS#1
+ * (ASN1 DER encoded).
+ * 
+ * @param chunk				chunk containing the DER encoded key
+ * @return 					loaded rsa_private_key_t, or NULL
+ * 
+ * @ingroup rsa
+ */
+rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk);
+
+/**
+ * @brief Load an RSA private key from a file.
+ * 
+ * Load a key from a file, which is either in a unencrypted binary
+ * format (DER), or in a (encrypted) PEM format. The supplied 
+ * passphrase is used to decrypt an ecrypted key.
+ * 
+ * @param filename			filename which holds the key
+ * @param passphrase		optional passphase for decryption
+ * @return 					loaded rsa_private_key_t, or NULL
+ * 
+ * @todo Implement PEM file loading
+ * @todo Implement key decryption
+ * 
+ * @ingroup rsa
+ */
+rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase);
+
+#endif /*RSA_PRIVATE_KEY_H_*/
diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c
new file mode 100644
index 000000000..57ad10128
--- /dev/null
+++ b/Source/lib/crypto/rsa/rsa_public_key.c
@@ -0,0 +1,468 @@
+/**
+ * @file rsa_public_key.c
+ * 
+ * @brief Implementation of rsa_public_key_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+ 
+#include <gmp.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "rsa_public_key.h"
+
+#include <daemon.h>
+#include <utils/allocator.h>
+#include <crypto/hashers/hasher.h>
+#include <asn1/der_decoder.h>
+
+/* 
+ * For simplicity,
+ * we use these predefined values for
+ * hash algorithm OIDs. These also contain
+ * the length of the following hash.
+ * These values are also used in rsa_private_key.c.
+ */
+
+u_int8_t md2_oid[] = {
+	0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
+	0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
+	0x04,0x10
+};
+
+u_int8_t md5_oid[] = {
+	0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
+	0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,
+	0x04,0x10
+};
+
+u_int8_t sha1_oid[] = {
+	0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,
+	0x03,0x02,0x1a,0x05,0x00,0x04,0x14
+};
+
+u_int8_t sha256_oid[] = {
+	0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
+	0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
+	0x00,0x04,0x20
+};
+
+u_int8_t sha384_oid[] = {
+	0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
+	0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
+	0x00,0x04,0x30
+};
+
+u_int8_t sha512_oid[] = {
+	0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
+	0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
+	0x00,0x04,0x40
+};
+
+
+typedef struct private_rsa_public_key_t private_rsa_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_rsa_public_key_t {
+	/**
+	 * Public interface for this signer.
+	 */
+	rsa_public_key_t public;
+	
+	/**
+	 * Public modulus.
+	 */
+	mpz_t n;
+	
+	/**
+	 * Public exponent.
+	 */
+	mpz_t e;
+	
+	/**
+	 * Keysize in bytes.
+	 */
+	size_t k;
+	
+	/**
+	 * @brief Implements the RSAEP algorithm specified in PKCS#1.
+	 * 
+	 * @param this		calling object
+	 * @param data		data to process
+	 * @return			processed data
+	 */
+	chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data);
+		
+	/**
+	 * @brief Implements the RSASVP1 algorithm specified in PKCS#1.
+	 * 
+	 * @param this		calling object
+	 * @param data		data to process
+	 * @return			processed data
+	 */
+	chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
+};
+
+
+typedef struct rsa_public_key_info_t rsa_public_key_info_t;
+
+/**
+ * KeyInfo, as it appears in a public key file
+ */
+struct rsa_public_key_info_t {
+	/**
+	 * Algorithm for this key
+	 */
+	chunk_t algorithm_oid;
+	
+	/**
+	 * Public key, parseable with rsa_public_key_rules
+	 */
+	chunk_t public_key;
+};
+
+/**
+ * Rules for de-/encoding of a public key from/in ASN1 
+ */
+static asn1_rule_t rsa_public_key_rules[] = {
+	{ASN1_SEQUENCE, 0, 0, 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
+	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
+	{ASN1_END, 0, 0, 0},
+};
+
+/**
+ * Rules for de-/encoding of a PublicKeyInfo from/in ASN1 
+ */
+static asn1_rule_t rsa_public_key_info_rules[] = {
+	{ASN1_SEQUENCE, 0, 0, 0},
+	{	ASN1_SEQUENCE, 0, 0, 0},
+	{		ASN1_OID, 0, offsetof(rsa_public_key_info_t, algorithm_oid), 0},
+	{		ASN1_NULL, 0, 0, 0},
+	{	ASN1_END, 0, 0, 0},
+	{	ASN1_BITSTRING, 0, offsetof(rsa_public_key_info_t, public_key), 0},
+	{ASN1_END, 0, 0, 0},
+};
+
+private_rsa_public_key_t *rsa_public_key_create_empty();
+
+/**
+ * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
+ */
+static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
+{
+	mpz_t m, c;
+	chunk_t encrypted;
+	
+	mpz_init(c);
+	mpz_init(m);
+	
+	mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
+	
+	mpz_powm(c, m, this->e, this->n);
+
+    encrypted.len = this->k;
+    encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
+	
+	mpz_clear(c);
+	mpz_clear(m);	
+	
+	return encrypted;
+}
+
+/**
+ * Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
+ */
+static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
+{
+	hasher_t *hasher = NULL;
+	chunk_t hash;
+	chunk_t em;
+	u_int8_t *pos;
+	
+	if (signature.len > this->k)
+	{
+		return INVALID_ARG;	
+	}
+	
+	/* unpack signature */
+	em = this->rsavp1(this, signature);
+	
+	/* result should look like this:
+	 * EM = 0x00 || 0x01 || PS || 0x00 || T. 
+	 * PS = 0xFF padding, with length to fill em
+	 * T = oid || hash
+	 */	
+	
+	/* check magic bytes */
+	if ((*(em.ptr) != 0x00) ||
+		(*(em.ptr+1) != 0x01))
+	{
+		allocator_free(em.ptr);
+		return FAILED;
+	}
+	
+	/* find magic 0x00 */
+	pos = em.ptr + 2;
+	while (pos <= em.ptr + em.len)
+	{
+		if (*pos == 0x00)
+		{
+			/* found magic byte, stop */
+			pos++;
+			break;
+		}
+		else if (*pos != 0xFF)
+		{
+			/* bad padding, decryption failed ?!*/
+			allocator_free(em.ptr);
+			return FAILED;	
+		}
+		pos++;
+	}
+
+	if (pos + 20 > em.ptr + em.len)
+	{
+		/* not enought room for oid compare */
+		allocator_free(em.ptr);
+		return FAILED;	
+	}
+	
+	if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_MD2);
+		pos += sizeof(md2_oid);
+	}
+	else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_MD5);
+		pos += sizeof(md5_oid);
+	}
+	else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_SHA1);
+		pos += sizeof(sha1_oid);
+	}
+	else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_SHA256);
+		pos += sizeof(sha256_oid);
+	}
+	else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_SHA384);
+		pos += sizeof(sha384_oid);
+	}
+	else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
+	{
+		hasher = hasher_create(HASH_SHA512);
+		pos += sizeof(sha512_oid);
+	}
+	
+	if (hasher == NULL)
+	{
+		/* not supported hash algorithm */
+		allocator_free(em.ptr);
+		return NOT_SUPPORTED;	
+	}
+	
+	if (pos + hasher->get_block_size(hasher) != em.ptr + em.len)
+	{
+		/* bad length */
+		allocator_free(em.ptr);
+		hasher->destroy(hasher);
+		return FAILED;	
+	}
+	
+	/* build own hash for a compare */
+	hasher->allocate_hash(hasher, data, &hash);
+	hasher->destroy(hasher);
+	
+	if (memcmp(hash.ptr, pos, hash.len) != 0)
+	{
+		/* hash does not equal */
+		allocator_free(hash.ptr);
+		allocator_free(em.ptr);
+		return FAILED;	
+			
+	}
+	
+	/* seems good */
+	allocator_free(hash.ptr);
+	allocator_free(em.ptr);
+	return SUCCESS;	
+}
+	
+/**
+ * Implementation of rsa_public_key.get_key.
+ */
+static status_t get_key(private_rsa_public_key_t *this, chunk_t *key)
+{	
+	chunk_t n, e;
+
+	n.len = this->k;
+	n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+	e.len = this->k;
+	e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+	
+	key->len = this->k * 2;
+	key->ptr = allocator_alloc(key->len);
+	memcpy(key->ptr, n.ptr, n.len);
+	memcpy(key->ptr + n.len, e.ptr, e.len);
+	allocator_free(n.ptr);
+	allocator_free(e.ptr);
+	
+	return SUCCESS;
+}
+
+/**
+ * Implementation of rsa_public_key.save_key.
+ */
+static status_t save_key(private_rsa_public_key_t *this, char *file)
+{
+	return NOT_SUPPORTED;
+}
+
+/**
+ * Implementation of rsa_public_key.get_modulus.
+ */
+static mpz_t *get_modulus(private_rsa_public_key_t *this)
+{
+	return &this->n;
+}
+
+/**
+ * Implementation of rsa_public_key.clone.
+ */
+static rsa_public_key_t* _clone(private_rsa_public_key_t *this)
+{
+	private_rsa_public_key_t *clone = rsa_public_key_create_empty();
+	
+	mpz_init_set(clone->n, this->n);
+	mpz_init_set(clone->e, this->e);
+	clone->k = this->k;
+	
+	return &clone->public;
+}
+
+/**
+ * Implementation of rsa_public_key.destroy.
+ */
+static void destroy(private_rsa_public_key_t *this)
+{
+	mpz_clear(this->n);
+	mpz_clear(this->e);
+	allocator_free(this);
+}
+
+/**
+ * Generic private constructor
+ */
+private_rsa_public_key_t *rsa_public_key_create_empty()
+{
+	private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t);
+	
+	/* public functions */
+	this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
+	this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key;
+	this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
+	this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus;
+	this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone;
+	this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
+	
+	/* private functions */
+	this->rsaep = rsaep;
+	this->rsavp1 = rsaep; /* same algorithm */
+	
+	return this;
+}
+	
+/*
+ * See header
+ */
+rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk)
+{
+	der_decoder_t *dd;
+	status_t status;
+	private_rsa_public_key_t *this;
+	
+	this = rsa_public_key_create_empty();
+	mpz_init(this->n);
+	mpz_init(this->e);
+	
+	dd = der_decoder_create(rsa_public_key_rules);
+	status = dd->decode(dd, chunk, this);
+	dd->destroy(dd);
+	if (status != SUCCESS)
+	{
+		destroy(this);
+		return NULL;
+	}
+	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+	return &this->public;
+}
+
+/*
+ * See header
+ */
+rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
+{
+	struct stat stb;
+	FILE *file;
+	char *buffer;
+	chunk_t chunk;
+	rsa_public_key_info_t key_info = {CHUNK_INITIALIZER, CHUNK_INITIALIZER};
+	der_decoder_t *dd;
+	status_t status;
+	rsa_public_key_t *public_key = NULL;
+	
+	if (stat(filename, &stb) == -1)
+	{
+		return NULL;
+	}
+	
+	buffer = alloca(stb.st_size);
+	
+	file = fopen(filename, "r");
+	if (file == NULL)
+	{
+		return NULL;
+	}
+	
+	if (fread(buffer, stb.st_size, 1, file) != 1)
+	{
+		return NULL;
+	}
+	
+	chunk.ptr = buffer;
+	chunk.len = stb.st_size;
+	
+	/* parse public key info first */
+	dd = der_decoder_create(rsa_public_key_info_rules);
+	status = dd->decode(dd, chunk, &key_info);
+	dd->destroy(dd);
+	allocator_free_chunk(&key_info.algorithm_oid);
+	if (status == SUCCESS)
+	{
+		public_key = rsa_public_key_create_from_chunk(chunk);
+	}
+	allocator_free_chunk(&key_info.public_key);
+	return public_key;
+}
diff --git a/Source/lib/crypto/rsa/rsa_public_key.h b/Source/lib/crypto/rsa/rsa_public_key.h
new file mode 100644
index 000000000..ef79153d6
--- /dev/null
+++ b/Source/lib/crypto/rsa/rsa_public_key.h
@@ -0,0 +1,153 @@
+/**
+ * @file rsa_public_key.h
+ * 
+ * @brief Interface of rsa_public_key_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef RSA_PUBLIC_KEY_H_
+#define RSA_PUBLIC_KEY_H_
+
+#include <gmp.h>
+
+#include <types.h>
+#include <definitions.h>
+
+
+typedef struct rsa_public_key_t rsa_public_key_t;
+
+/**
+ * @brief RSA public key with associated functions.
+ * 
+ * Currently only supports signature verification using
+ * the EMSA encoding (see PKCS1)
+ * 
+ * @b Constructors:
+ * - rsa_public_key_create_from_chunk()
+ * - rsa_public_key_create_from_file()
+ * - rsa_private_key_t.get_public_key()
+ * 
+ * @see rsa_private_key_t
+ * 
+ * @todo Implement getkey() and savekey()
+ * 
+ * @ingroup rsa
+ */
+struct rsa_public_key_t {
+
+	/**
+	 * @brief Verify a EMSA-PKCS1 encodined signature.
+	 * 
+	 * Processes the supplied signature with the RSAVP1 function,
+	 * selects the hash algorithm form the resultign ASN1-OID and
+	 * verifies the hash against the supplied data.
+	 * 
+	 * @param this				rsa_public_key to use
+	 * @param data				data to sign
+	 * @param signature			signature to verify
+	 * @return
+	 * 							- SUCCESS, if signature ok
+	 * 							- INVALID_STATE, if key not set
+	 * 							- NOT_SUPPORTED, if hash algorithm not supported
+	 * 							- INVALID_ARG, if signature is not a signature
+	 * 							- FAILED if signature invalid or unable to verify
+	 */
+	status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature);
+	
+	/**
+	 * @brief Gets the key.
+	 * 
+	 * Currently uses a proprietary format which is only inteded
+	 * for testing. This should be replaced with a proper
+	 * ASN1 encoded key format, when charon gets the ASN1 
+	 * capabilities.
+	 * 
+	 * @param this				calling object
+	 * @param key				key (in a propriarity format)
+	 * @return					
+	 * 							- SUCCESS
+	 * 							- INVALID_STATE, if key not set
+	 */
+	status_t (*get_key) (rsa_public_key_t *this, chunk_t *key);
+	
+	/**
+	 * @brief Saves a key to a file.
+	 * 
+	 * Not implemented!
+	 * 
+	 * @param this				calling object
+	 * @param file				file to which the key should be written.
+	 * @return					NOT_SUPPORTED
+	 */
+	status_t (*save_key) (rsa_public_key_t *this, char *file);
+	
+	/**
+	 * @brief Get the modulus of the key.
+	 * 
+	 * @param this				calling object
+	 * @return					modulus (n) of the key
+	 */
+	mpz_t *(*get_modulus) (rsa_public_key_t *this);
+	
+	/**
+	 * @brief Clone the public key.
+	 * 
+	 * @param this				public key to clone
+	 * @return					clone of this
+	 */
+	rsa_public_key_t *(*clone) (rsa_public_key_t *this);
+	
+	/**
+	 * @brief Destroys the public key.
+	 * 
+	 * @param this				public key to destroy
+	 */
+	void (*destroy) (rsa_public_key_t *this);
+};
+
+/**
+ * @brief Load an RSA public key from a chunk.
+ * 
+ * Load a key from a chunk, encoded in the more frequently
+ * used PublicKeyInfo struct (ASN1 DER encoded).
+ * 
+ * @param chunk				chunk containing the DER encoded key
+ * @return 					loaded rsa_public_key_t, or NULL
+ * 
+ * @todo Check OID in PublicKeyInfo
+ * 
+ * @ingroup rsa
+ */
+rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);
+
+/**
+ * @brief Load an RSA public key from a file.
+ * 
+ * Load a key from a file, which is either in binary
+ * format (DER), or in PEM format. 
+ * 
+ * @param filename			filename which holds the key
+ * @return 					loaded rsa_public_key_t, or NULL
+ * 
+ * @todo Implement PEM file loading
+ * 
+ * @ingroup rsa
+ */
+rsa_public_key_t *rsa_public_key_create_from_file(char *filename);
+
+#endif /*RSA_PUBLIC_KEY_H_*/