On Mon, Feb 11, 2013 at 12:41 AM, Viktor Dukhovni
<openssl-us...@dukhovni.org> wrote:
> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
>
>> >> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
>> >> certificate.
>> >
>> > from apps/x509.c in the openssl source:
>> >
>> > EVP_PKEY *pkey;
>> >
>> > pkey=X509_get_pubkey(x);
>
> This is not the subjectPublicKeyInfo. It is just the key bits, sans
> algorithm and parameters. A common pitfall is to mistake this for
> the subjectPublicKeyInfo or to assume that X509_pubkey_digest()
> returns the digest of the subjectPublicKeyInfo.
>
>> Is there anything built into OpenSSL to write out a DER encoding of
>> subjectPublicKeyInfo?
>
> X509 *cert
> int len;
> char *buf;
> char *buf2;
>
> len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
> buf2 = buf = OPENSSL_malloc(len);
> if (buff == NULL) {
> /* Out of memory */
> ... report the error ...
> }
> i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **)&buf2);
> if (buf2 - buf != len) {
> /* Should never happen: unexpected encoded length */
> OPENSSL_free(buf);
> ... report the error ...
> }
>
> /* buf[0..len-1] now contain the ASN.1 DER-encoded subjectPublicKeyInfo */
> ... use it ...
>
> OPENSSL_free(buf);
Thanks Victor, perfect.
I seem to recall Viega, Messier and Chandra covered that. I wish I had
that book with me now......
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
