Hi Marek,
I dont really need to care about the private key. I need to know the
format of the public key of DNSSec, cause i am gonna use openSSL to
verify the SIG records signed using a KEY record.
Thanks,
Sudharsan
On 5/15/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> I have antoher issue. I used Bind and dnssec-keygen. The key formats
> produced by dnssec-keygen seem incompatible with that of Openssls
> command line interface(atleast the private key, i tried to add the
> --START PUBLIC key--- thingie to the public key file produced by
> dnssec-keygen).Failed miserably though.Any suggestions on how i can
> convert between the two?
DNSSEC key format is not PEM or DER.
Example key file:
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus: tkqDILcxwK6nbjE2so48173Il3jIfewQ+U4qEAJ
+CSQuJHmjYV2HtDCkjf75ZOrALOfT5/1IdWh5mEHTiikklw==
PublicExponent: Aw==
PrivateExponent: eYcCFc92gHRvnst5zF7TOn6FulCFqUgLUN7GtVb+sMGpMejMp54Y
+FU3ULxRRMK3dGtn95/ld1NHKUrahDX3Gw==
Prime1: 4D7FZonpjAj168XiNuDeTNOUK86oCtKDGgEEg3qaVIU=
Prime2: 0BrXCdwG1ja65c8CSJzoYCqyjCXlZW/odNlNCEk93Ws=
Exponent1: lX8uRFvxCAX5R9lBees+3eJix98aseGsvACtrPxm4wM=
Exponent2: iryPW+gEjs8nQ99W2xNFlXHMXW6Y7kqa+JDeBYYpPkc=
Coefficient: ZErARYM6FBXvfCM0hZxVi7ZMlpJMTNV2wLdoiCaNMhg=
With perl is not hard to write converting script to ASN.1, for example:
$ cat asnconv.pl
## script begin
use Convert::ASN1;
use MIME::Base64;
use Math::BigInt;
$modulus = 'tkqDILcxwK6nbjE2so48173Il3jIfewQ+U4qEAJ
+CSQuJHmjYV2HtDCkjf75ZOrALOfT5/1IdWh5mEHTiikklw==';
$publicExponent = 'Aw==';
$privateExponent = 'eYcCFc92gHRvnst5zF7TOn6FulCFqUgLUN7GtVb+sMGpMejMp54Y
+FU3ULxRRMK3dGtn95/ld1NHKUrahDX3Gw==';
$prime1 = '4D7FZonpjAj168XiNuDeTNOUK86oCtKDGgEEg3qaVIU=';
$prime2 = '0BrXCdwG1ja65c8CSJzoYCqyjCXlZW/odNlNCEk93Ws=';
$exponent1 = 'lX8uRFvxCAX5R9lBees+3eJix98aseGsvACtrPxm4wM=';
$exponent2 = 'iryPW+gEjs8nQ99W2xNFlXHMXW6Y7kqa+JDeBYYpPkc=';
$coefficient = 'ZErARYM6FBXvfCM0hZxVi7ZMlpJMTNV2wLdoiCaNMhg=';
sub to_bigint{
my $b;
$b = unpack("H*",decode_base64($_[0]));
$b = "0x$b";
return Math::BigInt->new($b);
}
my $rsa_key = Convert::ASN1->new;
$rsa_key->prepare(q(
SEQUENCE {
version INTEGER,
modulus INTEGER,
publicExponent INTEGER,
privateExponent INTEGER,
prime1 INTEGER,
prime2 INTEGER,
exponent1 INTEGER,
exponent2 INTEGER,
coefficient INTEGER
}
)) or die $rsa_key->error;
$buf = $rsa_key->encode(
version => 0,
modulus => to_bigint($modulus),
publicExponent => to_bigint($publicExponent),
privateExponent => to_bigint($privateExponent),
prime1 => to_bigint($prime1),
prime2 => to_bigint($prime2),
exponent1 => to_bigint($exponent1),
exponent2 => to_bigint($exponent2),
coefficient => to_bigint($coefficient)
);
print $buf;
## script end
$ perl ./asnconv.pl > rsakey.der
$ openssl rsa -in rsakey.der -inform DER -check -noout
RSA key ok
$ openssl rsa -in rsakey.der -inform DER -text -noout
Private-Key: (512 bit)
modulus:
00:b6:4a:83:20:b7:31:c0:ae:a7:6e:31:36:b2:8e:
3c:d7:bd:c8:97:78:c8:7d:ec:10:f9:4e:2a:10:02:
7e:09:24:2e:24:79:a3:61:5d:87:b4:30:a4:8d:fe:
f9:64:ea:c0:2c:e7:d3:e7:fd:48:75:68:79:98:41:
d3:8a:29:24:97
publicExponent: 3 (0x3)
privateExponent:
79:87:02:15:cf:76:80:74:6f:9e:cb:79:cc:5e:d3:
3a:7e:85:ba:50:85:a9:48:0b:50:de:c6:b5:56:fe:
b0:c1:a9:31:e8:cc:a7:9e:18:f8:55:37:50:bc:51:
44:c2:b7:74:6b:67:f7:9f:e5:77:53:47:29:4a:da:
84:35:f7:1b
prime1:
00:e0:3e:c5:66:89:e9:8c:08:f5:eb:c5:e2:36:e0:
de:4c:d3:94:2b:ce:a8:0a:d2:83:1a:01:04:83:7a:
9a:54:85
prime2:
00:d0:1a:d7:09:dc:06:d6:36:ba:e5:cf:02:48:9c:
e8:60:2a:b2:8c:25:e5:65:6f:e8:74:d9:4d:08:49:
3d:dd:6b
exponent1:
00:95:7f:2e:44:5b:f1:08:05:f9:47:d9:41:79:eb:
3e:dd:e2:62:c7:df:1a:b1:e1:ac:bc:00:ad:ac:fc:
66:e3:03
exponent2:
00:8a:bc:8f:5b:e8:04:8e:cf:27:43:df:56:db:13:
45:95:71:cc:5d:6e:98:ee:4a:9a:f8:90:de:05:86:
29:3e:47
coefficient:
64:4a:c0:45:83:3a:14:15:ef:7c:23:34:85:9c:55:
8b:b6:4c:96:92:4c:4c:d5:76:c0:b7:68:88:26:8d:
32:18
Of course this script must be modified for real use :-)
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
