Hi Kyle, Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public key from openssl rsa command, because we need to get the public key in the rsa PEM format at the time when we issued the certificate and upload it to our production database. And the CA doesn't have a copy of the user private key to generate this openssl rsa public key. So we need somehow to be able to get the rsa public key from the user certificate. Have any ideas? The command "openssl rsa -pubin -in rsa.public -noout -text" will only work if I generte the rsa public key using by private key. Thanks, Janet On 5/3/07, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
My apologies: $ openssl rsa -pubin -in rsa.public -noout -text -Kyle H On 5/3/07, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > The CA doesn't generate the public key in your certificate. You > generate it, and you send it to the CA to be bound to your identity -- > the CA uses its private key to sign the certificate, and the verifier > already has the CA's public key to verify with. > > Without the public key in your certificate matching the private key in > your private key file, you cannot prove that you have the correct > private key to the key in the certificate. > > What this means is that the public key output from your openssl rsa > command is the same data that you would get if you extracted the > public key from the certificate. You don't need to extract it from > the certificate. > > Use: > > $ openssl rsa -in rsa.public -noout -text > > to verify that it is the same. > > -Kyle H > > On 5/3/07, Janet N <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I have a certificate in pem format issued to me by a CA, and a private key > > which I generated. Since I need to do domain key signing (dkim), I was > > asked to > > use the followng openssl command to generate the public key: > > > > $ openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM > > > > Since I've already gotten a public key from the CA is there anyway that I > > can extract the > > info in my public key to produce the same result as the above openssl > > command? > > > > The following is what I need to get out from my public key (openssl x509 -in > > public.key -nnout), for ex: > > Modulus (1024 bit): > > > > 00:a0:f3:2a:3a:ac:38:6c:36:2c:14:7d:54:77:ec: > > > > 78:05:e1:b5:aa:a0:6d:77:35:df:57:2d:3f:99:d1: > > > > 52:f3:0a:45:89:64:e7:73:18:d4:27:9e:6e:ee:8e: > > > > 84:3c:81:bc:5e:0e:f2:28:f5:11:b9:23:77:99:b5: > > > > e0:70:0f:dd:4d:7f:a3:ff:13:d9:6f:25:00:cb:d9: > > > > 09:f3:e0:45:c7:fc:25:56:f4:37:84:7e:f6:35:50: > > > > 93:7d:91:ce:aa:e8:a9:18:10:f5:ac:b2:f5:6f:94: > > > > 33:a9:da:c9:5b:10:a6:42:26:d6:8f:bd:5b:86:08: > > 0a:9f:6a:9b:3c:27:41:63:39 > > Exponent: 65537 (0x10001) > > > > > > Thanks any help is much appreciated. > > > > > > > -- > > -Kyle H > -- -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
