Hi Janet,
For that moment I doesn't have access to openssl to test it, but try
this one:
$ openssl rsa -in certificate.pem -pubout -noout -text
Unfortunately, -pubout command can't write output to a file (i.e. with
-out).
Regards,
Dmitrij
Janet N wrote:
Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the
public key from openssl rsa command, because we need to get the public
key in the rsa PEM format at the time when we issued the certificate
and upload it to our production database. And the CA doesn't have a
copy of the user private key to generate this openssl rsa public key.
So we need somehow to be able to get the rsa public key from the user
certificate.
Have any ideas?
The command "openssl rsa -pubin -in rsa.public -noout -text" will only
work if I generte the rsa public key using by private key.
Thanks,
Janet
On 5/3/07, *Kyle Hamilton* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
My apologies:
$ openssl rsa -pubin -in rsa.public -noout -text
-Kyle H
On 5/3/07, Kyle Hamilton <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
> The CA doesn't generate the public key in your certificate. You
> generate it, and you send it to the CA to be bound to your
identity --
> the CA uses its private key to sign the certificate, and the
verifier
> already has the CA's public key to verify with.
>
> Without the public key in your certificate matching the private
key in
> your private key file, you cannot prove that you have the correct
> private key to the key in the certificate.
>
> What this means is that the public key output from your openssl rsa
> command is the same data that you would get if you extracted the
> public key from the certificate. You don't need to extract it from
> the certificate.
>
> Use:
>
> $ openssl rsa -in rsa.public -noout -text
>
> to verify that it is the same.
>
> -Kyle H
>
> On 5/3/07, Janet N <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
> > Hi,
> >
> > I have a certificate in pem format issued to me by a CA, and a
private key
> > which I generated. Since I need to do domain key signing
(dkim), I was
> > asked to
> > use the followng openssl command to generate the public key:
> >
> > $ openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
> >
> > Since I've already gotten a public key from the CA is there
anyway that I
> > can extract the
> > info in my public key to produce the same result as the above
openssl
> > command?
> >
> > The following is what I need to get out from my public key
(openssl x509 -in
> > public.key -nnout), for ex:
> > Modulus (1024 bit):
> >
> > 00:a0:f3:2a:3a:ac:38:6c:36:2c:14:7d:54:77:ec:
> >
> > 78:05:e1:b5:aa:a0:6d:77:35:df:57:2d:3f:99:d1:
> >
> > 52:f3:0a:45:89:64:e7:73:18:d4:27:9e:6e:ee:8e:
> >
> > 84:3c:81:bc:5e:0e:f2:28:f5:11:b9:23:77:99:b5:
> >
> > e0:70:0f:dd:4d:7f:a3:ff:13:d9:6f:25:00:cb:d9:
> >
> > 09:f3:e0:45:c7:fc:25:56:f4:37:84:7e:f6:35:50:
> >
> > 93:7d:91:ce:aa:e8:a9:18:10:f5:ac:b2:f5:6f:94:
> >
> > 33:a9:da:c9:5b:10:a6:42:26:d6:8f:bd:5b:86:08:
> > 0a:9f:6a:9b:3c:27:41:63:39
> > Exponent: 65537 (0x10001)
> >
> >
> > Thanks any help is much appreciated.
> >
> >
>
>
> --
>
> -Kyle H
>
--
-Kyle H
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing
List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
