> From: owner-openssl-us...@openssl.org On Behalf Of Nick Kelsey > Sent: Thursday, 01 July, 2010 02:00
> I am using the following command to output the public key for a given > RSA private key: > openssl rsa -in keyfile.private.pem -pubout -outform DER > > The output includes a SEQ with an OID, followed by a BIT string > containing the DER formatted public key I need. Right-ish. That's the 'SubjectPublicKeyInfo' format defined by X.509 and used by lots of other things including OpenSSL. It's SEQ of - the Algorithm ID (actually a sub-SEQ of an OID plus a 'parameters' object; for RSA the parameters are ASN.1 NULL encoded as 05 00; for some algorithms e.g. DSA the parameters contain real info) - plus the algorithm-dependent keyinfo wrapped in a BITSTRING; for RSA this is the PKCS#1 RSAPublicKey (SEQ of N and E). > Deleting the first 22 bytes (leaving everything after the BIT string > header) worked in the target application. > Note it won't always be the same. The length of the ASN.1 headers (for DER) varies depending on the length of the data being encoded. For RSAPublicKey with conventional small E (so N takes most of the space) N larger than about 1900 bits will make the headers bigger. If you want to do this reliably, you should parse the 3 TLV's. > Is there a trick to getting openssl not to output the OID and > BIT string > wrapper? > I believe not with the commandline. In code you should be able to get the RSA* internal object (out of a generic EVP if appropriate) and call i2d_RSAPublicKey or PEM_write[_bio]_RSAPublicKey . (Not _RSA_PUBKEY which does the X.509-wrapped version.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
