Re: openssl RSA public key does not match key read from C code

Mon, 06 Jan 2014 00:49:36 -0800 

On Mon, Jan 06, 2014 at 09:02:22AM +0100, Dereck Hurtubise wrote:

> There is currently a parsing bug when converting from PEM to DER.
> I encountered this as well, but with DSA keys.
> I suppose the same bug occurs with RSA keys.

No.

> > public_key = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL);

>From the documentation:

       d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1
       RSAPublicKey structure.

       d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public
       key using a SubjectPublicKeyInfo (certificate public key) structure.

> > and then obtain the DER form of this public key:

The DER form of an SPKI object is not the same as the DER form of the
underlying algorithm-specific key.

> > int len = i2d_RSAPublicKey (public_key, NULL);
> > buf = (unsigned char *) malloc (len);
> > i2d_RSAPublicKey (public_key, &buf);

This should output PKCS#1 data.

> > but the command line openssl tells me:
> >
> > openssl rsa -outform der  -pubin -inform pem -in mykey.pub | wc
> > writing RSA key
> >        1      10     293

This generates SPKI public keys:

    $ openssl rsa -in rsa.pem -pubout | openssl asn1parse
    writing RSA key
        0:d=0  hl=3 l= 159 cons: SEQUENCE
        3:d=1  hl=2 l=  13 cons: SEQUENCE
        5:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
       16:d=2  hl=2 l=   0 prim: NULL
       18:d=1  hl=3 l= 141 prim: BIT STRING

   $ openssl rsa -in rsa.pem -pubout | openssl asn1parse -strparse 18
writing RSA key
    0:d=0  hl=3 l= 137 cons: SEQUENCE
    3:d=1  hl=3 l= 129 prim: INTEGER 
:BE066ACD9B0B02BF2AFB04577E8F16B683C317F84FE32E22A91AB320560A858022DD135FADCB63451D5A13B207A9263F700EE8F2FAE655E4BF02D8CE3008C51C2DCCFF8263D9EE90A41254C1B772C28B10EA774BD1A83CE3603F1B160D11058C8C717FB47D956756968A22944D3A31BBF10930AAF94EBAB30FDD872332586CC5
  135:d=1  hl=2 l=   3 prim: INTEGER           :010001

> > When I print out the DER forms from openssl and my C code they, obviously,
> > don't match and, oddly, the DER encoding that my C code obtains has a lot
> > of zeros.
> >
> > What could I be doing wrong?

Not understanding the multitude of representations of variously
encapsulated keys.  There are likely other problems, we've only
seen a portion of the code.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to