Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

command line tool to export RSA private key to RSAPublicKey

Tags:

openssl

rsa

Today I discover that there are 2 public key formats with PEM format headers, eg

X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)

which correspond to the short header form;

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN
cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY
qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF
/8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah
EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1
hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h
pwIDAQAB
-----END PUBLIC KEY-----

and

PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)

which correspond to the longer form;

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn
+7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId
LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85
fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o
+P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW
3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB
-----END RSA PUBLIC KEY-----

I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;

#openssl rsa -pubin -in rsa.pub -modulus -noout

unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY

Any suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?

like image 258
Tom Avatar asked Jan 09 '12 07:01

Tom


1 Answers

I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".

like image 80
Sivachandran Avatar answered Sep 28 '22 01:09

Sivachandran