Hello, > I have antoher issue. I used Bind and dnssec-keygen. The key formats > produced by dnssec-keygen seem incompatible with that of Openssls > command line interface(atleast the private key, i tried to add the > --START PUBLIC key--- thingie to the public key file produced by > dnssec-keygen).Failed miserably though.Any suggestions on how i can > convert between the two? DNSSEC key format is not PEM or DER.
Example key file: Private-key-format: v1.2 Algorithm: 1 (RSA) Modulus: tkqDILcxwK6nbjE2so48173Il3jIfewQ+U4qEAJ +CSQuJHmjYV2HtDCkjf75ZOrALOfT5/1IdWh5mEHTiikklw== PublicExponent: Aw== PrivateExponent: eYcCFc92gHRvnst5zF7TOn6FulCFqUgLUN7GtVb+sMGpMejMp54Y +FU3ULxRRMK3dGtn95/ld1NHKUrahDX3Gw== Prime1: 4D7FZonpjAj168XiNuDeTNOUK86oCtKDGgEEg3qaVIU= Prime2: 0BrXCdwG1ja65c8CSJzoYCqyjCXlZW/odNlNCEk93Ws= Exponent1: lX8uRFvxCAX5R9lBees+3eJix98aseGsvACtrPxm4wM= Exponent2: iryPW+gEjs8nQ99W2xNFlXHMXW6Y7kqa+JDeBYYpPkc= Coefficient: ZErARYM6FBXvfCM0hZxVi7ZMlpJMTNV2wLdoiCaNMhg= With perl is not hard to write converting script to ASN.1, for example: $ cat asnconv.pl ## script begin use Convert::ASN1; use MIME::Base64; use Math::BigInt; $modulus = 'tkqDILcxwK6nbjE2so48173Il3jIfewQ+U4qEAJ +CSQuJHmjYV2HtDCkjf75ZOrALOfT5/1IdWh5mEHTiikklw=='; $publicExponent = 'Aw=='; $privateExponent = 'eYcCFc92gHRvnst5zF7TOn6FulCFqUgLUN7GtVb+sMGpMejMp54Y +FU3ULxRRMK3dGtn95/ld1NHKUrahDX3Gw=='; $prime1 = '4D7FZonpjAj168XiNuDeTNOUK86oCtKDGgEEg3qaVIU='; $prime2 = '0BrXCdwG1ja65c8CSJzoYCqyjCXlZW/odNlNCEk93Ws='; $exponent1 = 'lX8uRFvxCAX5R9lBees+3eJix98aseGsvACtrPxm4wM='; $exponent2 = 'iryPW+gEjs8nQ99W2xNFlXHMXW6Y7kqa+JDeBYYpPkc='; $coefficient = 'ZErARYM6FBXvfCM0hZxVi7ZMlpJMTNV2wLdoiCaNMhg='; sub to_bigint{ my $b; $b = unpack("H*",decode_base64($_[0])); $b = "0x$b"; return Math::BigInt->new($b); } my $rsa_key = Convert::ASN1->new; $rsa_key->prepare(q( SEQUENCE { version INTEGER, modulus INTEGER, publicExponent INTEGER, privateExponent INTEGER, prime1 INTEGER, prime2 INTEGER, exponent1 INTEGER, exponent2 INTEGER, coefficient INTEGER } )) or die $rsa_key->error; $buf = $rsa_key->encode( version => 0, modulus => to_bigint($modulus), publicExponent => to_bigint($publicExponent), privateExponent => to_bigint($privateExponent), prime1 => to_bigint($prime1), prime2 => to_bigint($prime2), exponent1 => to_bigint($exponent1), exponent2 => to_bigint($exponent2), coefficient => to_bigint($coefficient) ); print $buf; ## script end $ perl ./asnconv.pl > rsakey.der $ openssl rsa -in rsakey.der -inform DER -check -noout RSA key ok $ openssl rsa -in rsakey.der -inform DER -text -noout Private-Key: (512 bit) modulus: 00:b6:4a:83:20:b7:31:c0:ae:a7:6e:31:36:b2:8e: 3c:d7:bd:c8:97:78:c8:7d:ec:10:f9:4e:2a:10:02: 7e:09:24:2e:24:79:a3:61:5d:87:b4:30:a4:8d:fe: f9:64:ea:c0:2c:e7:d3:e7:fd:48:75:68:79:98:41: d3:8a:29:24:97 publicExponent: 3 (0x3) privateExponent: 79:87:02:15:cf:76:80:74:6f:9e:cb:79:cc:5e:d3: 3a:7e:85:ba:50:85:a9:48:0b:50:de:c6:b5:56:fe: b0:c1:a9:31:e8:cc:a7:9e:18:f8:55:37:50:bc:51: 44:c2:b7:74:6b:67:f7:9f:e5:77:53:47:29:4a:da: 84:35:f7:1b prime1: 00:e0:3e:c5:66:89:e9:8c:08:f5:eb:c5:e2:36:e0: de:4c:d3:94:2b:ce:a8:0a:d2:83:1a:01:04:83:7a: 9a:54:85 prime2: 00:d0:1a:d7:09:dc:06:d6:36:ba:e5:cf:02:48:9c: e8:60:2a:b2:8c:25:e5:65:6f:e8:74:d9:4d:08:49: 3d:dd:6b exponent1: 00:95:7f:2e:44:5b:f1:08:05:f9:47:d9:41:79:eb: 3e:dd:e2:62:c7:df:1a:b1:e1:ac:bc:00:ad:ac:fc: 66:e3:03 exponent2: 00:8a:bc:8f:5b:e8:04:8e:cf:27:43:df:56:db:13: 45:95:71:cc:5d:6e:98:ee:4a:9a:f8:90:de:05:86: 29:3e:47 coefficient: 64:4a:c0:45:83:3a:14:15:ef:7c:23:34:85:9c:55: 8b:b6:4c:96:92:4c:4c:d5:76:c0:b7:68:88:26:8d: 32:18 Of course this script must be modified for real use :-) Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]