Geoff Thorpe wrote:
>
> Hi there,
>
> I think I follow your question. An RSA private key implicitly contains the
> public key already[1]. So if you have generated a key-pair and saved them
> to disk - you're already most of the way there. If you don't still have
> the private key in memory, load the private key back up. Either way, find
> your private key (an (RSA*) pointer) and use any function that outputs an
> RSAPublicKey and you'll have what you want (the public key functions
> simply ignore the private key components - you can test all this using
> "openssl asn1parse" to see for yourself once the files are created).
>
> As for which public key function, you have some choices;
>
> /* Writing an RSA's public key components to an opened file, in PEM format
> * (text-based and readable). */
> PEM_write_RSAPublicKey(FILE *fp, RSA *rsa);
>
> /* Doing the same if you use BIOs to access files */
> PEM_write_bio_RSAPublicKey(BIO *bio, RSA *rsa);
>
> /* Outputing the RSA's public key components in DER format (raw binary -
> * PEM takes this and textifies this, but if you don't need text
> * readability then this can do). You need to save the resulting output to
> * a file.
> *
> * NB: Call this with pp==NULL if you want to find out how large the
> * output will be before you allocate memory.
> * NB: After calling this function (*pp) will point to the first byte
> * *after* the last byte of the output - so pass a *copy* of the original
> * pointer.[2]
> */
> int i2d_RSAPublicKey(const RSA *a, unsigned char **pp);
>
> And there's probably others too ...
>
Yes there are a few other options :-)
You can write directly in DER form with:
int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
There is also a second public key format which has RSA_PUBKEY in its
name rather than RSAPublicKey. The two are *not* compatible.
In case anyone is interested the difference between the two formats is
that the RSAPublicKey format is an RSA specific format: it is a PKCS#1
RSAPublicKey structure.
The second form is a SubjectPublicKeyInfo structure which is a generic
public key wrapper which is the same form used to represent any public
key in certificates, not just RSA. Using the RSA_PUBKEY functions uses
this form.
If the generic form is read using the RSA_PUBKEY functions and the
public key is not RSA then an error occurs. The 'rsa' utility uses this
second form and doesn't currently have an option to use the first form:
maybe a future version of OpenSSL will have an option to do this.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
