On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
> >> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
> >> certificate.
> >
> > from apps/x509.c in the openssl source:
> >
> > EVP_PKEY *pkey;
> >
> > pkey=X509_get_pubkey(x);
This is not the subjectPublicKeyInfo. It is just the key bits, sans
algorithm and parameters. A common pitfall is to mistake this for
the subjectPublicKeyInfo or to assume that X509_pubkey_digest()
returns the digest of the subjectPublicKeyInfo.
> Is there anything built into OpenSSL to write out a DER encoding of
> subjectPublicKeyInfo?
X509 *cert
int len;
char *buf;
char *buf2;
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
buf2 = buf = OPENSSL_malloc(len);
if (buff == NULL) {
/* Out of memory */
... report the error ...
}
i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **)&buf2);
if (buf2 - buf != len) {
/* Should never happen: unexpected encoded length */
OPENSSL_free(buf);
... report the error ...
}
/* buf[0..len-1] now contain the ASN.1 DER-encoded subjectPublicKeyInfo */
... use it ...
OPENSSL_free(buf);
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
