Re: How to use a binary public key
On Jan 25, 2013, at 6:45 PM, Dave Thompson wrote: >> I dug up the X,690 document that describes the DER format, >> and that is basically the approach that I've been working on. >> I now have a very basic DER parser that will handle the >> Sequence and Integer types that are in the public keys that >> I'm dealing with. This gives me a Python long integer of 168 >> bits for e and another 24-bit integer for m. I should be >> able to pass these to the M2Crypto.RSA.new_pub_key() function >> once I can get them encoded correctly (they need to be in the >> OpenSSL MPINT format). >> > That can't be right. The key you posted upthread had 1024-bit m > represented in 129 octets (because ASN.1 INTEGER is signed) > which you might therefore treat as 1025 bits or 1032 bits, and > 17-bit e represented in 3 octets which you might treat as 24 bits. > > Like that key practically all RSA keys you see will have e = 65537 > (in hex 01 00 01, either endian!) because that is the fourth Fermat > prime, nicknamed F4, thus invertible for any usable group order. > You may find a few typically older ones with e = 3. Although other > (and larger) public-exponent values are possible, they are more > costly to use and provide no benefit, so people (sensibly) don't. > > RSA moduli can in principle be any size that provides sufficient > security, but in practice people mostly use 1024, 2048, and 3072 > because they are convenient and/or standardized. Yeah, I said that it had been a long week. I should know better than to post something on a Friday afternoon when I'm trying to get out the door. My 'm' is a 1024 bit value as you noted. The 168 was the result of the python 'sizeof()' which just reports on how much memory the variable is using. My 'e' is the 65537 that you noted. I've been able to pass the values to the 'new_pub_key()' function that I mentioned, and I can now encrypt my data and send it to the device. Now to generalize the whole process into my test programs and run it against a few different divides to make sure everything works correctly. Looks like I'm good to go now. Thanks once again for the help. Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to use a binary public key
> From: owner-openssl-us...@openssl.org On Behalf Of Tovey, Dwight (LaserJet R&D FW Eng.) > Sent: Friday, 25 January, 2013 17:50 > On Jan 24, 2013, at 8:13 PM, Dave Thompson > wrote: > > > If you want to do it actually in Python: > > - get m and e from the public key (DER isn't hard to parse, > > you were already shown an example elsethread, and if Python > > doesn't have a direct way to convert bytestring to bignum > > which I'd expect it probably does you can just do some > > equivalent of x = 0; for i in 0..n-1 x = x*256+b[i] > > - do whichever padding you used with RSA_public_encrypt > > (this is probably the hardest part, especially if it's OAEP) > > - take the padded data as a bignum (ditto) and do pow(data,e,m) > > - take the result as a bytestring (perhaps implicitly) > > I dug up the X,690 document that describes the DER format, > and that is basically the approach that I've been working on. > I now have a very basic DER parser that will handle the > Sequence and Integer types that are in the public keys that > I'm dealing with. This gives me a Python long integer of 168 > bits for e and another 24-bit integer for m. I should be > able to pass these to the M2Crypto.RSA.new_pub_key() function > once I can get them encoded correctly (they need to be in the > OpenSSL MPINT format). > That can't be right. The key you posted upthread had 1024-bit m represented in 129 octets (because ASN.1 INTEGER is signed) which you might therefore treat as 1025 bits or 1032 bits, and 17-bit e represented in 3 octets which you might treat as 24 bits. Like that key practically all RSA keys you see will have e = 65537 (in hex 01 00 01, either endian!) because that is the fourth Fermat prime, nicknamed F4, thus invertible for any usable group order. You may find a few typically older ones with e = 3. Although other (and larger) public-exponent values are possible, they are more costly to use and provide no benefit, so people (sensibly) don't. RSA moduli can in principle be any size that provides sufficient security, but in practice people mostly use 1024, 2048, and 3072 because they are convenient and/or standardized. > Once I get that working I should then be able to use the > other M2Crypto routines to encrypt my data and my test system > should be good to go. But it's been a long week even with > the holiday, so I'm going to leave that until Monday. Thanks > for all the pointers. > Have a good Monday, then. :-) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
On Jan 24, 2013, at 8:13 PM, Dave Thompson wrote: > If you want to do it actually in Python: > - get m and e from the public key (DER isn't hard to parse, > you were already shown an example elsethread, and if Python > doesn't have a direct way to convert bytestring to bignum > which I'd expect it probably does you can just do some > equivalent of x = 0; for i in 0..n-1 x = x*256+b[i] > - do whichever padding you used with RSA_public_encrypt > (this is probably the hardest part, especially if it's OAEP) > - take the padded data as a bignum (ditto) and do pow(data,e,m) > - take the result as a bytestring (perhaps implicitly) I dug up the X,690 document that describes the DER format, and that is basically the approach that I've been working on. I now have a very basic DER parser that will handle the Sequence and Integer types that are in the public keys that I'm dealing with. This gives me a Python long integer of 168 bits for e and another 24-bit integer for m. I should be able to pass these to the M2Crypto.RSA.new_pub_key() function once I can get them encoded correctly (they need to be in the OpenSSL MPINT format). Once I get that working I should then be able to use the other M2Crypto routines to encrypt my data and my test system should be good to go. But it's been a long week even with the holiday, so I'm going to leave that until Monday. Thanks for all the pointers. /dwight Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to use a binary public key
> From: owner-openssl-us...@openssl.org On Behalf Of Tovey, Dwight (LaserJet R&D FW Eng.) > Sent: Thursday, 24 January, 2013 10:55 > On Jan 23, 2013, at 3:56 PM, Dave Thompson > wrote: > > > Most utilities, yes, although the library supports both. > > (The routines named RSAPublicKey do the specific PKCS#1 form, > > the routines named RSA_PUBKEY or just PUBKEY do the wrapped form.) > > Getting back to the original question, according to Wikipedia > > Python has builtin modular exponentiation on bignums as pow(x,e,m), > > so probably all OP needs is extract the modulus and (public) exponent > > from the key, pad and convert the data and do that. > > With the help of the comments here I have made some progress. > For a proof-of-concept, I wrote a little C program that > passed the binary public key through the OpenSSL library > function d2i_RSAPublicKey() to get a RSA structure. I could > then use this in a call to RSA_public_encrypt() to encrypt > the plaintext data to send back to the device, and the device > successfully accepted it. So now I want to translate that C > program into python. > > Dave - you mention using the pow() function in python to > extract the modulus and exponent. Could you elaborate on > that? Or did you mean that once I have the modulus and > exponent that I could use pow() in the encryption process? > It's been several years since I last looked at encryption > programming, so please excuse my lack of understanding. > The latter. The significant content of the public key is two integers, the modulus m which is large and the public exponent e which is usually and here small. Given those two integers, raw RSA encryption is the bignum computation x ^ e mod m, which apparently Python builtin pow() can do. I don't use Python myself; I'm going by the doc I found. > I can use the M2Crypto python module (python wrapper for > OpenSSL) in our environment to do the encryption, but so far > I haven't been able to figure out how to get it to accept the > public key. I may have to spend the weekend with my nose > buried in an encryption primer. > Elsethread you confirm that giving the module the "wrapped" publickey worked. If you're happy using the module that's probably easiest -- OpenSSL already has the code. If you want to do it actually in Python: - get m and e from the public key (DER isn't hard to parse, you were already shown an example elsethread, and if Python doesn't have a direct way to convert bytestring to bignum which I'd expect it probably does you can just do some equivalent of x = 0; for i in 0..n-1 x = x*256+b[i] - do whichever padding you used with RSA_public_encrypt (this is probably the hardest part, especially if it's OAEP) - take the padded data as a bignum (ditto) and do pow(data,e,m) - take the result as a bytestring (perhaps implicitly) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How to use a binary public key
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Thursday, 24 January, 2013 13:25 > On Thu, Jan 24, 2013 at 05:25:48PM +, Tovey, Dwight > (LaserJet R&D FW Eng.) wrote: > > So, my next question is, how did you add the public key > header? What does this header look like? If I know that > then I should be able to add it within my script and handle > it all directly. > > Here's a hex dump of a complete public key: > This is an ASN.1 structure: > > 0:d=0 hl=3 l= 159 cons: SEQUENCE > 3:d=1 hl=2 l= 13 cons: SEQUENCE > 5:d=2 hl=2 l= 9 prim: OBJECT:rsaEncryption >16:d=2 hl=2 l= 0 prim: NULL >18:d=1 hl=3 l= 141 prim: BIT STRING > > The tag "30" means "SEQUENCE". The bytes "81 9f" encode the sequence > length, in this case 144 + 15 = 159 bytes (excluding the tag and the > length). > > The first element of the sequece is also a sequence which encodes > the algorithm and parameters (RSA and no parameters). This sequence > is of length 0d == 13. Its first element (tag == 06 == Object ID) > is an OID of length 9 which decodes to 1.2.840.113549.1.1.1 > RSAEncryption [followed by] a tag of 05 (NULL) with a length of 0. > FYI: other algorithms (notably DSA, DH, and ECDSA/ECDH) do use key parameters which are usually encoded in the public key structure here, although sometimes they are specified by other means. RSA does not use key parameters, which is why this seems superflous. > Finally, the key is encoded as a BITSTRING: (type == 03) (length > == 81 8d = 128 + 13 = 141). Since the bit string's length is a > multiple of 8, the firstr octet encodes 0 padding bits, the remaining > octets are the ASN.1 sequence encoding a sequence of the modulus > and exponent, which is the public key you started with. > Yes. Note that the length field of the BITSTRING and that of the outer SEQUENCE will change if the key value is larger, normally because the modulus is larger (pub-exponent *can* be large, but in practice isn't). And if the modulus is 2048 bits which is the likely step up (nominally required by NIST next year, for example), or actually more than 1792 bits, then the length field(s) must change to the three-octet form 82 length-high length-low . (If the modulus was more than about 524k bits you would need the four-octet length 83 hi med lo, but no one could use RSA that large in the foreseeable future.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: How to use a binary public key
Thanks for explanation. --kapetr Dne 24.1.2013 19:31, Erwann Abalea napsal(a): The 0x00 byte in the BITSTRING is the number of unused bits in the last octet of the encoded bit string. See X.690 as a BER/DER reference. Document is free to download from ITU website. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: How to use a binary public key
The 0x00 byte in the BITSTRING is the number of unused bits in the last octet of the encoded bit string. See X.690 as a BER/DER reference. Document is free to download from ITU website. -- Erwann ABALEA Le 24/01/2013 19:17, kap...@mizera.cz a écrit : I have used header from my certificate - it does contain only ASN.1 structure data - unspecific. The structure you can see with openssl asn1parse -in pub-key.der -inform der The added "header" are simply the first 22 bytes. (not 21 (=18+3) - there is in correctly formated pub-key 1 byte 00h on begin of BIT STRING. Don't know why.) The BIT STRING is yours pubkey.bin. I hope it will help :-) --kapetr Dne 24.1.2013 18:25, Tovey, Dwight (LaserJet R&D FW Eng.) napsal(a): On Jan 23, 2013, at 4:18 PM, kap...@mizera.cz wrote: I have build the whole pub-key (in DER) from yours pubkey.bin by adding public key header - as wrote w...@omnigroup.com If I did not make error, it could work now - try it. It is in attachment. openssl asn1parse -in pub-key.der -inform der -strparse 18 and you will see the same as by parsing yours pubkey.bin. To see whole public key structure: openssl asn1parse -in pub-key.der -inform der --kapetr This worked. I translated the .der key into PEM format, which I was then able to load into my python script with M2Crypto.RSA.load_pub_key(). I could then use the resulting RSA_pub object to encrypt my data and send it to the device. So, my next question is, how did you add the public key header? What does this header look like? If I know that then I should be able to add it within my script and handle it all directly. Thanks Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
On Thu, Jan 24, 2013 at 05:25:48PM +, Tovey, Dwight (LaserJet R&D FW Eng.) wrote: > On Jan 23, 2013, at 4:18 PM, kap...@mizera.cz wrote: > > > I have build the whole pub-key (in DER) from yours pubkey.bin by adding > > public key header - as wrote w...@omnigroup.com > > > > If I did not make error, it could work now - try it. > > It is in attachment. > > > > openssl asn1parse -in pub-key.der -inform der -strparse 18 > > > > and you will see the same as by parsing yours pubkey.bin. > > > > To see whole public key structure: > > openssl asn1parse -in pub-key.der -inform der > > > > --kapetr > > > > This worked. I translated the .der key into PEM format, which I was then > able to load into my python script with M2Crypto.RSA.load_pub_key(). I could > then use the resulting RSA_pub object to encrypt my data and send it to the > device. > > So, my next question is, how did you add the public key header? What does > this header look like? If I know that then I should be able to add it within > my script and handle it all directly. Here's a hex dump of a complete public key: 00030 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 02005 00 03 81 8d 00 30 81 89 02 81 81 00 9a a7 8d 0403f 46 10 6e 1c 5d 90 ac 43 e7 49 d7 ca 15 62 f3 0600c d3 af 8b 28 74 c7 49 fe aa 3d 51 9c 7f 14 70 10088 9f 94 24 29 33 6f e6 88 29 c0 57 35 d1 92 b3 1204c de 48 79 8e 94 e0 d8 7a 16 94 57 57 35 ba 4f 140de b7 44 37 c1 56 2e e3 41 14 54 9f b3 c5 9a a5 1604a a9 8e 00 67 1c e2 35 ee cb f9 fc f0 53 d7 f8 2001d 73 95 26 36 c1 1f c8 2c 29 3e 7f 36 e5 31 0a 2208d 5b c9 aa 35 c5 21 28 51 80 ba e8 9b 02 03 01 24000 01 This is an ASN.1 structure: 0:d=0 hl=3 l= 159 cons: SEQUENCE 3:d=1 hl=2 l= 13 cons: SEQUENCE 5:d=2 hl=2 l= 9 prim: OBJECT:rsaEncryption 16:d=2 hl=2 l= 0 prim: NULL 18:d=1 hl=3 l= 141 prim: BIT STRING The tag "30" means "SEQUENCE". The bytes "81 9f" encode the sequence length, in this case 144 + 15 = 159 bytes (excluding the tag and the length). The first element of the sequece is also a sequence which encodes the algorithm and parameters (RSA and no parameters). This sequence is of length 0d == 13. Its first element (tag == 06 == Object ID) is an OID of length 9: 2a 86 48 86 f7 0d 01 01 01 which decodes to: 1.2.840.113549.1.1.1RSA Encryption What followis is a tag of 05 (NULL) with a length of 0. Finally, the key is encoded as a BITSTRING: (type == 03) (length == 81 8d = 128 + 13 = 141). Since the bit string's length is a multiple of 8, the firstr octet encodes 0 padding bits, the remaining octets are the ASN.1 sequence encoding a sequence of the modulus and exponent, which is the public key you started with. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
I have used header from my certificate - it does contain only ASN.1 structure data - unspecific. The structure you can see with openssl asn1parse -in pub-key.der -inform der The added "header" are simply the first 22 bytes. (not 21 (=18+3) - there is in correctly formated pub-key 1 byte 00h on begin of BIT STRING. Don't know why.) The BIT STRING is yours pubkey.bin. I hope it will help :-) --kapetr Dne 24.1.2013 18:25, Tovey, Dwight (LaserJet R&D FW Eng.) napsal(a): On Jan 23, 2013, at 4:18 PM, kap...@mizera.cz wrote: I have build the whole pub-key (in DER) from yours pubkey.bin by adding public key header - as wrote w...@omnigroup.com If I did not make error, it could work now - try it. It is in attachment. openssl asn1parse -in pub-key.der -inform der -strparse 18 and you will see the same as by parsing yours pubkey.bin. To see whole public key structure: openssl asn1parse -in pub-key.der -inform der --kapetr This worked. I translated the .der key into PEM format, which I was then able to load into my python script with M2Crypto.RSA.load_pub_key(). I could then use the resulting RSA_pub object to encrypt my data and send it to the device. So, my next question is, how did you add the public key header? What does this header look like? If I know that then I should be able to add it within my script and handle it all directly. Thanks Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
On Jan 23, 2013, at 4:18 PM, kap...@mizera.cz wrote: > I have build the whole pub-key (in DER) from yours pubkey.bin by adding > public key header - as wrote w...@omnigroup.com > > If I did not make error, it could work now - try it. > It is in attachment. > > openssl asn1parse -in pub-key.der -inform der -strparse 18 > > and you will see the same as by parsing yours pubkey.bin. > > To see whole public key structure: > openssl asn1parse -in pub-key.der -inform der > > --kapetr > This worked. I translated the .der key into PEM format, which I was then able to load into my python script with M2Crypto.RSA.load_pub_key(). I could then use the resulting RSA_pub object to encrypt my data and send it to the device. So, my next question is, how did you add the public key header? What does this header look like? If I know that then I should be able to add it within my script and handle it all directly. Thanks Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
On Jan 23, 2013, at 3:56 PM, Dave Thompson wrote: > Most utilities, yes, although the library supports both. > (The routines named RSAPublicKey do the specific PKCS#1 form, > the routines named RSA_PUBKEY or just PUBKEY do the wrapped form.) > > But on checking source, since 1.0.0 'rsa' has an undocumented option > -RSAPublicKey_in (and converserly -RSAPublicKey_out for output). > > Getting back to the original question, according to Wikipedia > Python has builtin modular exponentiation on bignums as pow(x,e,m), > so probably all OP needs is extract the modulus and (public) exponent > from the key, pad and convert the data and do that. With the help of the comments here I have made some progress. For a proof-of-concept, I wrote a little C program that passed the binary public key through the OpenSSL library function d2i_RSAPublicKey() to get a RSA structure. I could then use this in a call to RSA_public_encrypt() to encrypt the plaintext data to send back to the device, and the device successfully accepted it. So now I want to translate that C program into python. Dave - you mention using the pow() function in python to extract the modulus and exponent. Could you elaborate on that? Or did you mean that once I have the modulus and exponent that I could use pow() in the encryption process? It's been several years since I last looked at encryption programming, so please excuse my lack of understanding. I can use the M2Crypto python module (python wrapper for OpenSSL) in our environment to do the encryption, but so far I haven't been able to figure out how to get it to accept the public key. I may have to spend the weekend with my nose buried in an encryption primer. Thanks again for the help. Dwight Tovey Laserjet R&D Engineer dwight.to...@hp.com (208)396-4645 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
I have build the whole pub-key (in DER) from yours pubkey.bin by adding public key header - as wrote w...@omnigroup.com If I did not make error, it could work now - try it. It is in attachment. openssl asn1parse -in pub-key.der -inform der -strparse 18 and you will see the same as by parsing yours pubkey.bin. To see whole public key structure: openssl asn1parse -in pub-key.der -inform der --kapetr Dne 23.1.2013 22:12, Tovey, Dwight (LaserJet R&D FW Eng.) napsal(a): Hello all – I have a need to send a bit of RSA encrypted data to a device. The device will provide it’s public key via SNMP as 140 bytes of binary data. I’m assuming that the data is DER format, but I can’t swear to it. Now that I have this binary key, how can I use it? Ideally I would like to use it within a python script (to fit with our test framework) to encrypt the data, but if necessary I could also write a C program to make use of it. For now though I’m just trying to use the command-line openssl tools while I try to figure out how to use and/or verify the key. So far I’ve got the data stored in the file ‘pubkey.bin’. I’ve tried using the commandline: openssl pkey -in pubkey.bin –inform DER -pubin –text to just see if it will parse the key, but all I get is: unable to load Public Key I’ve tried a few other openssl commands to try parsing the key, with pretty much the same results. Obviously I’m missing something in my understanding of how to use the tools on this key. I’ve been digging around the documentation, but not really getting anywhere. Any idea what I’m doing wrong? FWIW: Here is the output of ‘base64 pubkey.bin’: MIGJAoGBALZgQ7RUATju7H0xjEfnwmbO7aMeHvyXJC/4D0YCSAqxa9omMw1gBLTSSkj+CZCZmLJJ XIQnwim2CNXhmpZQLsZ7ZUhzPdvABBBV56Wz2E+y0B4ndwCM8ze4OyedVF0jfLM7ASbrFF0If2di zPQ3eKhd2PPRrNjEmP/8M9EUGKRtAgMBAAE= Thanks. Dwight Tovey Laserjet R&D FW Engineer (208)396-4645 pub-key.der Description: application/x509-ca-cert
RE: How to use a binary public key
> From: owner-openssl-us...@openssl.org On Behalf Of Wim Lewis > Sent: Wednesday, 23 January, 2013 16:57 > On Jan 23, 2013, at 1:12 PM, Tovey, Dwight (LaserJet R&D FW > Eng.) wrote: > > Hello all - > > > > I have a need to send a bit of RSA encrypted data to a > device. The device will provide it's public key via SNMP as In addition to the key, you need to know what padding the receiver wants (if they say none and this data is not random or substantially random, the design is incompetent). > 140 bytes of binary data. I'm assuming that the data is DER > format, but I can't swear to it. > [...] > > FWIW: Here is the output of 'base64 pubkey.bin': > > Piping that to 'openssl asn1parse', it does turn out to be a > DER-encoded SEQUENCE of two INTEGERs which look like an RSA > modulus and exponent. > > Most openssl commands that deal with bare public keys want a > SubjectPublicKeyInfo structure, which is basically what you > have wrapped in another SEQUENCE with an algorithm identifier. > Most utilities, yes, although the library supports both. (The routines named RSAPublicKey do the specific PKCS#1 form, the routines named RSA_PUBKEY or just PUBKEY do the wrapped form.) But on checking source, since 1.0.0 'rsa' has an undocumented option -RSAPublicKey_in (and converserly -RSAPublicKey_out for output). Getting back to the original question, according to Wikipedia Python has builtin modular exponentiation on bignums as pow(x,e,m), so probably all OP needs is extract the modulus and (public) exponent from the key, pad and convert the data and do that. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use a binary public key
On Jan 23, 2013, at 1:12 PM, Tovey, Dwight (LaserJet R&D FW Eng.) wrote: > Hello all – > > I have a need to send a bit of RSA encrypted data to a device. The device > will provide it’s public key via SNMP as 140 bytes of binary data. I’m > assuming that the data is DER format, but I can’t swear to it. [...] > FWIW: Here is the output of ‘base64 pubkey.bin’: Piping that to 'openssl asn1parse', it does turn out to be a DER-encoded SEQUENCE of two INTEGERs which look like an RSA modulus and exponent. Most openssl commands that deal with bare public keys want a SubjectPublicKeyInfo structure, which is basically what you have wrapped in another SEQUENCE with an algorithm identifier. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
