Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

command line tool to export RSA private key to RSAPublicKey

Tags:

openssl

rsa

Today I discover that there are 2 public key formats with PEM format headers, eg

X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)

which correspond to the short header form;

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN
cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY
qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF
/8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah
EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1
hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h
pwIDAQAB
-----END PUBLIC KEY-----

and 

PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)

which correspond to the longer form;

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn
+7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId
LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85
fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o
+P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW
3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB
-----END RSA PUBLIC KEY-----

I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;

#openssl rsa -pubin -in rsa.pub -modulus -noout

unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY

Any suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?

like image 258
Tom Avatar asked Jan 09 '12 07:01

Tom

1 Answers

I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".

like image 80
Sivachandran Avatar answered Sep 28 '22 01:09

Sivachandran
Sign in to Comment

Related questions

random string generated by openssl is not so random.
How do I edit a self signed certificate created using openssl xampp?
nginx critical error with SSL handshaking
SSL certificate verify result: unable to get local issuer certificate (20)
Crypto/X509 certificate parsing libraries for Python
AES equivalent in Ruby openssl?
Who reads the value of ENV['SSL_CERT_FILE']?
Ruby OpenSSL asymmetric encryption - using two key pairs
Serving multiple domains in one box with SNI
How to see what attributes are signed inside pkcs#7?
javax.crypto.Cipher working differently since Android 6 Marshmallow
How to change only the subject(CN) in existing csr
How to compile OpenSSL on Windows?
OpenSSL not creating a key file from a RSA private key
Do I need to use CRYPTO locking functions for thread safety in OpenSSL 1.1.0+?
OpenSSL verify certificate from own CA
openssl versus windows capi
Convert DSA asymmetric key in .NET XML format to PEM format
Should I get Apache with no ssl or with open ssl? Can someone tell me what ssl is exactly?
Ruby Error reading in Certificate File with OpenSSL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!