> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Thursday, 24 January, 2013 13:25
> On Thu, Jan 24, 2013 at 05:25:48PM +0000, Tovey, Dwight > (LaserJet R&D FW Eng.) wrote: <snip: PKCS#1 pubkey "wrapped" to SubjPubKeyInfo format> > > So, my next question is, how did you add the public key > header? What does this header look like? If I know that > then I should be able to add it within my script and handle > it all directly. > > Here's a hex dump of a complete public key: <snip: lines too long to quote without editing, and the actual value doesn't matter> > This is an ASN.1 structure: > > 0:d=0 hl=3 l= 159 cons: SEQUENCE > 3:d=1 hl=2 l= 13 cons: SEQUENCE > 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption > 16:d=2 hl=2 l= 0 prim: NULL > 18:d=1 hl=3 l= 141 prim: BIT STRING > > The tag "30" means "SEQUENCE". The bytes "81 9f" encode the sequence > length, in this case 144 + 15 = 159 bytes (excluding the tag and the > length). > > The first element of the sequece is also a sequence which encodes > the algorithm and parameters (RSA and no parameters). This sequence > is of length 0d == 13. Its first element (tag == 06 == Object ID) > is an OID of length 9 <snip> which decodes to 1.2.840.113549.1.1.1 > RSAEncryption [followed by] a tag of 05 (NULL) with a length of 0. > FYI: other algorithms (notably DSA, DH, and ECDSA/ECDH) do use key parameters which are usually encoded in the public key structure here, although sometimes they are specified by other means. RSA does not use key parameters, which is why this seems superflous. > Finally, the key is encoded as a BITSTRING: (type == 03) (length > == 81 8d = 128 + 13 = 141). Since the bit string's length is a > multiple of 8, the firstr octet encodes 0 padding bits, the remaining > octets are the ASN.1 sequence encoding a sequence of the modulus > and exponent, which is the public key you started with. > Yes. Note that the length field of the BITSTRING and that of the outer SEQUENCE will change if the key value is larger, normally because the modulus is larger (pub-exponent *can* be large, but in practice isn't). And if the modulus is 2048 bits which is the likely step up (nominally required by NIST next year, for example), or actually more than 1792 bits, then the length field(s) must change to the three-octet form 82 length-high length-low . (If the modulus was more than about 524k bits you would need the four-octet length 83 hi med lo, but no one could use RSA that large in the foreseeable future.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org