On Mon, Apr 6, 2020, 9:16 PM Jason Proctor <[email protected]> wrote:
> Distinguished crypto community, > > I have the requirement to import RSA keypairs generated by the Amazon > Key Management System into my environment. These keypairs arrive in > the de facto standard of SPKI for the public component and PKCS8 for > the private component. > > I have no problem with the PKCS8 encoded private keys, they seem fine > when imported using d2i_PKCS8_PRIV_KEY_INFO_bio(). > > However, I'm having issues importing the SPKI encoded public keys. My > Java test program imports them fine. The Js Web Crypto API is happy > with them. Online ASN.1 parsers are fine with them. The OpenSSL > command line tool can dump their contents, no problem. However, the > d2i_NETSCAPE_SPKI() function errors out trying to deal with them. > > Back in the day I had a hack to import SPKI encoded public keys, as I > knew their structure. I would just set the modulus and exponent > directly using BN_bin2bn(). However these days it seems that the RSA > structure is opaque, and so I can't do that either. (I mean fair > enough, it's a hack.) > There's setter functions now. See: https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html So I have no idea about the spki function, but if you have the rsa private key can't you get the public key from it? I would just look at what API the rsa command line tool is using. I would imagine there is a high level API for this. > > Question -- is there a supported way of importing SPKI encoded public > keys into the OpenSSL world? > > thanks so much for any help with this, > Jason@Spatial > EAY/OpenSSL user since 1995 >
