I have two XML files, structured as follows: My Key <pre class="prettyprint"><code><RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> ... <Q> ... </Q> <DP> ... </DP> <DQ> ... </DQ> <InverseQ> ... </InverseQ> <D> ... </D> </RSAKeyValue> </code></pre> A Public Key <pre class="prettyprint"><code><RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> </RSAKeyValue> </code></pre> I am using the <code>xmlseclibs</code> library by Robert Richards which requires a .PEM representation of the key in order to encrypt and decrypt things. As an encryption novice, I'm not sure where to begin, and a cursory Google search did not reveal anything particularly obvious... Thanks!

For those who want the resulting PEM to be readable by BouncyCastle: <ol> <li>use XMLSec2PEM tool to get a pem file</li> <li>convert pem to pkcs8 and back (!)</li> </ol> The final solution I am happy with: <ol> <li><code>java XMLSec2PEM my.xml > my.pem</code></li> <li>edit <code>my.pem</code> manually a bit</li> <li> <code>org.bouncycastle.openssl.PEMReader.readObject()</code> returns <code>null</code> :-(</li> <li><code>openssl pkcs8 -topk8 -inform pem -in my.pem -outform pem -nocrypt -out my.pkcs8</code></li> <li><code>openssl pkcs8 -inform pem -nocrypt -in my.pkcs8 -out my.pkcs8.pem</code></li> <li>now <code>my.pkcs8.pem</code> is readable with the <code>PEMReader</code> </li> </ol>

my solution in python works like this: <ol> <li>extract modulus and exponent from xml <pre class="prettyprint lang-py prettyprint-override"><code>xml = etree.fromstring(key_bin) modulus = xml.find('Modulus').text exponent = xml.find('Exponent').text </code></pre> </li> <li>decode them in base64 and iterate the result to save it as a character string of length 2: <pre class="prettyprint lang-py prettyprint-override"><code>mod_b64 = b64decode(modulus.encode()) exp_b64 = b64decode(exponent.encode()) exp = ''.join(['{:02x}'.format(x) for x in exp_b64]) mod = ''.join(['{:02x}'.format(x) for x in mod_b64]) </code></pre> </li> <li>Convert the hexadecimal string to integer and generate the rsa public key with the rsa library: <pre class="prettyprint lang-py prettyprint-override"><code>exp_num = int(exp, 16) mod_num = int(mod, 16) rsa_key = rsa.PublicKey(mod_num, exp_num) </code></pre> </li> <li>Finally any text can be encrypted: <pre class="prettyprint lang-py prettyprint-override"><code>msg_cryp = rsa.encrypt(msg.encode('ascii'), rsa_key) msg_cryp_str = b64encode(msg_cryp).decode('ascii') </code></pre> </li> </ol> I did this development to consume a web service which requires that an encrypted password be sent from a public key in XML format. In this way I managed to encrypt the password and consume the web service without problems.

How do I convert an XML RSA key to a PEM file?

Tags:

security

xml

rsa

pem

xmlseclibs

I have two XML files, structured as follows:

My Key

<RSAKeyValue>
  <Modulus> ... </Modulus>
  <Exponent> ... </Exponent>
  <P> ... </P>
  <Q> ... </Q>
  <DP> ... </DP>
  <DQ> ... </DQ>
  <InverseQ> ... </InverseQ>
  <D> ... </D>
</RSAKeyValue>

A Public Key

<RSAKeyValue>
   <Modulus> ... </Modulus>
   <Exponent> ... </Exponent>
</RSAKeyValue>

I am using the xmlseclibs library by Robert Richards which requires a .PEM representation of the key in order to encrypt and decrypt things.

As an encryption novice, I'm not sure where to begin, and a cursory Google search did not reveal anything particularly obvious...

Thanks!

439

asked Jun 22 '10 14:06

Philip

2 Answers

For those who want the resulting PEM to be readable by BouncyCastle:

use XMLSec2PEM tool to get a pem file
convert pem to pkcs8 and back (!)

The final solution I am happy with:

java XMLSec2PEM my.xml > my.pem
edit my.pem manually a bit
org.bouncycastle.openssl.PEMReader.readObject() returns null :-(
openssl pkcs8 -topk8 -inform pem -in my.pem -outform pem -nocrypt -out my.pkcs8
openssl pkcs8 -inform pem -nocrypt -in my.pkcs8 -out my.pkcs8.pem
now my.pkcs8.pem is readable with the PEMReader

answered Oct 25 '22 17:10

Pavel Vlasov

my solution in python works like this:

extract modulus and exponent from xml

xml = etree.fromstring(key_bin)
modulus = xml.find('Modulus').text
exponent = xml.find('Exponent').text

decode them in base64 and iterate the result to save it as a character string of length 2:

mod_b64 = b64decode(modulus.encode())
exp_b64 = b64decode(exponent.encode())
exp = ''.join(['{:02x}'.format(x) for x in exp_b64])
mod = ''.join(['{:02x}'.format(x) for x in mod_b64])

Convert the hexadecimal string to integer and generate the rsa public key with the rsa library:
```
exp_num = int(exp, 16)
mod_num = int(mod, 16)
rsa_key = rsa.PublicKey(mod_num, exp_num)
```

Finally any text can be encrypted:

msg_cryp = rsa.encrypt(msg.encode('ascii'), rsa_key)
msg_cryp_str = b64encode(msg_cryp).decode('ascii')

I did this development to consume a web service which requires that an encrypted password be sent from a public key in XML format. In this way I managed to encrypt the password and consume the web service without problems.

answered Oct 25 '22 16:10

BDLG

Related questions
                            
                                How do I get TestDriven.net to generate a useful code coverage XML file with NCover?
                            
                                Why are s-expressions not used compared to JSON and XML?
                            
                                ActionLayout for navigationview items displays on right side
                            
                                Autocomplete of xml tags in VSCode based on xml schema
                            
                                Any XML binding frameworks for Objective-C?
                            
                                is it possible to install AFNetworking 2.0 with Restkit
                            
                                Android menu item with both icon and text together when showAsAction is never
                            
                                Is there a glossary of Word .docx XML tags?
                            
                                @XmlElementRefs & @XmlElementRef annotations in Java
                            
                                How to force java xml dom to produce newline after <?xml version="1.0" encoding="UTF-8"?>?
                            
                                Trying to build a correct SOAP Request
                            
                                How to transform xml data using datafactory pipeline
                            
                                Parse an XML file in chunks without waiting for complete download in Swift
                            
                                Java check if a string is valid JSON or valid XML or neither
                            
                                Fixing bad XML file (eg. unescaped & etc.) [duplicate]
                            
                                How to Override Xsd element inside of parent/extended element
                            
                                Android AutoCompleteTextView popup moving after displaying
                            
                                Is it possible to open the Translation Editor using a different xml instead of strings.xml?
                            
                                Interpreting newlines with xsl:text?
                            
                                Python xml minidom. generate <text>Some text</text> element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With