> From: owner-openssl-us...@openssl.org On Behalf Of Ken Goldman > Sent: Tuesday, 20 August, 2013 08:08
> On 8/19/2013 3:15 PM, mycompuser wrote: > > But the only > > problem that I currently face is that the key pair > generated by OpenSSL has > > headers and footers of the form -----BEGIN RSA PUBLIC > KEY----- -----END RSA > > PUBLIC KEY----- for public key likewise there is similar > header and footer > > for private key as well. > > That sounds like pem format, base64 encoded. > More exactly, "RSA PUBLIC KEY" as opposed to "PUBLIC KEY" is the old RSA-only PKCS1 format, in PEM, not the generic X509PublickKeyInfo format which has been the standard for OpenSSL commandline operations for a very long time. For private keys in contrast "RSA" (PKCS1) as opposed to generic (PKCS8) was the standard before 1.0.0. > > The server whose implementation I dont control accepts only > the key part and > > I need to clip of the headers and footers before sending > the raw public key > > to the server. > > Standard Java crypto (JCA,JCE) doesn't directly support PKCS1 format, but it does support "X509 encoded" format used by OpenSSL commandline (and optionally used by OpenSSL code). > > On receiving the data encrypted with the public key, when I > try to decrypt > > the data using the private key pair, the decryption fails. > (This could be > > because I had stripped the header and footer of the public > key and with > > this, they are no longer public/private key pairs hence the > decryption > > fails). > An RSA public key can be represented in several ways, but none of them is ever a private key or keypair. If you got the server to accept PKCS1 in any form, the server must be doing something non-Java-standard. If you can't or don't tell us what it is, we can only guess, and there are quite a lot of possibilities. > That's because it's not a raw public key; it's a base64 encoded > structure containing the key parts. It's a lot more than > just stripping > the header and footer. > "RSA PUBLIC KEY" is indeed a PEM-ized ASN.1 SEQUENCE but it contains only the two INTEGERs n and e, both of which are needed, which to my mind is pretty raw. The X509 format adds an AlgorithmIdentifier and BITSTRING wrapping; that to me is more cooked (but still not very). An RSA *private* key, in either PKCS1 (specific) or PKCS8 (generic) format, contains more interesting parts. > > > > Is there a mechanism by which I can generate an RAS > Public/Private Key pair > > without the header and footer?. > > By the command line, or can you write code. > To be exact, almost all the commandline utilities can write and read either PEM format (base64 and header/footer) or DER format (binary and no header/footer). The difference between base64 and binary is more significant than the header/footer. For code you choose the DER routines or the PEM routines, and you choose PKCS1 (RSAPublicKey) or X509 (PUBKEY). > RSA_generate_key() and then pull the parts you need out of the RSA > structure using BN_bn2bin. > Or read an existing key, and pull it apart similarly. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
