On Mon, Feb 11, 2013 at 12:41 AM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote: > >> >> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509 >> >> certificate. >> > >> > from apps/x509.c in the openssl source: >> > >> > EVP_PKEY *pkey; >> > >> > pkey=X509_get_pubkey(x); > > This is not the subjectPublicKeyInfo. It is just the key bits, sans > algorithm and parameters. A common pitfall is to mistake this for > the subjectPublicKeyInfo or to assume that X509_pubkey_digest() > returns the digest of the subjectPublicKeyInfo. > >> Is there anything built into OpenSSL to write out a DER encoding of >> subjectPublicKeyInfo? > > X509 *cert > int len; > char *buf; > char *buf2; > > len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL); > buf2 = buf = OPENSSL_malloc(len); > if (buff == NULL) { > /* Out of memory */ > ... report the error ... > } > i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **)&buf2); > if (buf2 - buf != len) { > /* Should never happen: unexpected encoded length */ > OPENSSL_free(buf); > ... report the error ... > } > > /* buf[0..len-1] now contain the ASN.1 DER-encoded subjectPublicKeyInfo */ > ... use it ... > > OPENSSL_free(buf); Thanks Victor, perfect.
I seem to recall Viega, Messier and Chandra covered that. I wish I had that book with me now...... Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org