I have two XML files, structured as follows: My Key <pre class="prettyprint"><code><RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> ... <Q> ... </Q> <DP> ... </DP> <DQ> ... </DQ> <InverseQ> ... </InverseQ> <D> ... </D> </RSAKeyValue> </code></pre> A Public Key <pre class="prettyprint"><code><RSAKeyValue> <Modulus> ... </Modulus> <Exponent> ... </Exponent> </RSAKeyValue> </code></pre> I am using the <code>xmlseclibs</code> library by Robert Richards which requires a .PEM representation of the key in order to encrypt and decrypt things. As an encryption novice, I'm not sure where to begin, and a cursory Google search did not reveal anything particularly obvious... Thanks!

For those who want the resulting PEM to be readable by BouncyCastle: <ol> <li>use XMLSec2PEM tool to get a pem file</li> <li>convert pem to pkcs8 and back (!)</li> </ol> The final solution I am happy with: <ol> <li><code>java XMLSec2PEM my.xml > my.pem</code></li> <li>edit <code>my.pem</code> manually a bit</li> <li> <code>org.bouncycastle.openssl.PEMReader.readObject()</code> returns <code>null</code> :-(</li> <li><code>openssl pkcs8 -topk8 -inform pem -in my.pem -outform pem -nocrypt -out my.pkcs8</code></li> <li><code>openssl pkcs8 -inform pem -nocrypt -in my.pkcs8 -out my.pkcs8.pem</code></li> <li>now <code>my.pkcs8.pem</code> is readable with the <code>PEMReader</code> </li> </ol>

my solution in python works like this: <ol> <li>extract modulus and exponent from xml <pre class="prettyprint lang-py prettyprint-override"><code>xml = etree.fromstring(key_bin) modulus = xml.find('Modulus').text exponent = xml.find('Exponent').text </code></pre> </li> <li>decode them in base64 and iterate the result to save it as a character string of length 2: <pre class="prettyprint lang-py prettyprint-override"><code>mod_b64 = b64decode(modulus.encode()) exp_b64 = b64decode(exponent.encode()) exp = ''.join(['{:02x}'.format(x) for x in exp_b64]) mod = ''.join(['{:02x}'.format(x) for x in mod_b64]) </code></pre> </li> <li>Convert the hexadecimal string to integer and generate the rsa public key with the rsa library: <pre class="prettyprint lang-py prettyprint-override"><code>exp_num = int(exp, 16) mod_num = int(mod, 16) rsa_key = rsa.PublicKey(mod_num, exp_num) </code></pre> </li> <li>Finally any text can be encrypted: <pre class="prettyprint lang-py prettyprint-override"><code>msg_cryp = rsa.encrypt(msg.encode('ascii'), rsa_key) msg_cryp_str = b64encode(msg_cryp).decode('ascii') </code></pre> </li> </ol> I did this development to consume a web service which requires that an encrypted password be sent from a public key in XML format. In this way I managed to encrypt the password and consume the web service without problems.

How do I convert an XML RSA key to a PEM file?

I have two XML files, structured as follows:

My Key

<RSAKeyValue>
  <Modulus> ... </Modulus>
  <Exponent> ... </Exponent>
  <P> ... </P>
  <Q> ... </Q>
  <DP> ... </DP>
  <DQ> ... </DQ>
  <InverseQ> ... </InverseQ>
  <D> ... </D>
</RSAKeyValue>

A Public Key

<RSAKeyValue>
   <Modulus> ... </Modulus>
   <Exponent> ... </Exponent>
</RSAKeyValue>

I am using the xmlseclibs library by Robert Richards which requires a .PEM representation of the key in order to encrypt and decrypt things.

As an encryption novice, I'm not sure where to begin, and a cursory Google search did not reveal anything particularly obvious...

Thanks!

What is PEM format RSA?

PEM encoded RSA private key is a format that stores an RSA private key, for use with cryptographic systems such as SSL. A public key can be derived from the private key, and the public key may be associated with one or more certificate files.

For those who want the resulting PEM to be readable by BouncyCastle:

use XMLSec2PEM tool to get a pem file
convert pem to pkcs8 and back (!)

The final solution I am happy with:

java XMLSec2PEM my.xml > my.pem
edit my.pem manually a bit
org.bouncycastle.openssl.PEMReader.readObject() returns null :-(
openssl pkcs8 -topk8 -inform pem -in my.pem -outform pem -nocrypt -out my.pkcs8
openssl pkcs8 -inform pem -nocrypt -in my.pkcs8 -out my.pkcs8.pem
now my.pkcs8.pem is readable with the PEMReader

my solution in python works like this:

extract modulus and exponent from xml

xml = etree.fromstring(key_bin)
modulus = xml.find('Modulus').text
exponent = xml.find('Exponent').text

decode them in base64 and iterate the result to save it as a character string of length 2:

mod_b64 = b64decode(modulus.encode())
exp_b64 = b64decode(exponent.encode())
exp = ''.join(['{:02x}'.format(x) for x in exp_b64])
mod = ''.join(['{:02x}'.format(x) for x in mod_b64])

Convert the hexadecimal string to integer and generate the rsa public key with the rsa library:
```
exp_num = int(exp, 16)
mod_num = int(mod, 16)
rsa_key = rsa.PublicKey(mod_num, exp_num)
```

Finally any text can be encrypted:

msg_cryp = rsa.encrypt(msg.encode('ascii'), rsa_key)
msg_cryp_str = b64encode(msg_cryp).decode('ascii')

I did this development to consume a web service which requires that an encrypted password be sent from a public key in XML format. In this way I managed to encrypt the password and consume the web service without problems.

How do I convert an XML RSA key to a PEM file?

Tags:

security

xml

rsa

pem

xmlseclibs

Philip

People also ask

2 Answers

Pavel Vlasov

BDLG

Recent Activity

Donate For Us

How do I convert an XML RSA key to a PEM file?

Tags:

security

xml

rsa

pem

xmlseclibs

Philip

People also ask

2 Answers

Pavel Vlasov

BDLG

Related questions

Recent Activity

Donate For Us