Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public key
from openssl rsa command, because we need to get the public key in the rsa
PEM format at the time when we issued the certificate and upload it to our
production database. And the
Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public
key from openssl rsa command, because we need to get the public key in the
rsa PEM format at the time when we issued the certificate and upload it to
our production database.
Hi David,
I've tried the following command, but it failed to load cert:
$ openssl x509 -outform PEM -inform usercert.pem -pubkey
bad input format specified for Certificate
unable to load certificate
Thanks,
Janet
On 5/3/07, David Schwartz <[EMAIL PROTECTED]> wrote:
Hi Kyle,
Thanks for
Hi David,
I've tried the following command, but it failed to load cert:
$ openssl x509 -outform PEM -inform usercert.pem -pubkey
bad input format specified for Certificate
unable to load certificate
Thanks,
Janet
You didn't specify the input format. Try:
openssl x509 -ou
On 5/3/07, Janet N <[EMAIL PROTECTED]> wrote:
Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public key
from openssl rsa command, because we need to get the public key in the rsa
PEM format at the time when we issued the certificate and
Hi Janet,
For that moment I doesn't have access to openssl to test it, but try
this one:
$ openssl rsa -in certificate.pem -pubout -noout -text
Unfortunately, -pubout command can't write output to a file (i.e. with
-out).
Regards,
Dmitrij
Janet N wrote:
Hi Kyle,
Thanks for the prompt
Janet N wrote:
... So we need
somehow to be able to get the rsa public key from the user certificate.
Assuming a DER X.509 cert, you just need to parse out the public key:
cert->SubjectPublicKeyInfo->SubjectPublicKey
__
Ope
Hello,
Why do you need to get the public key at the time the certificate is
issued? You already have it.
We are using DKIM (domain key signing), it uses not the x509 public key, but
the public key of the private key. The idea is to extract the rsa public
key at the time the CA issue the ce
But, you could try:
$ openssl x509 -inform PEM -in file.pem -x509toreq -out file.csr
$ openssl req -in file.csr -pubkey -noout
# openssl x509 -inform PEM -in usercert.pem -x509toreq -out file.csr
Getting request Private Key
no request key file specified
When I checked the file.csr file it i
The private key is paired with the public key, regardless of where
it's retrieved or what format it's in. This means that the x509
public key is the same public key as you would retrieve from the
openssl rsa command.
Regardless:
$ openssl x509 -inform PEM -in file.pem -x509toreq -out file.csr
Give me a bit, I'm going to set up a test CA environment and figure it out.
-Kyle H
On 5/4/07, Janet N <[EMAIL PROTECTED]> wrote:
>
> But, you could try:
>
> $ openssl x509 -inform PEM -in file.pem -x509toreq -out file.csr
> $ openssl req -in file.csr -pubkey -noout
# openssl x509 -inform PE
Hi Kyle,
What tool is it you're using for DKIM?
DKIM uses openssl library to produce a public and private key. The private
key should be saved on a MTA server. The public key will used in the DNS TXT
record for DKIM. They use the following openssl command below to produce
the public and p
Thanks for the info on DKIM.
$ openssl x509 -inform pem -in cacert.pem -noout -pubkey
This will do what you want, but it is suboptimal, as it outputs the
key onto stdout (which can be redirected to a file).
I consider this to be bugged, based on available documentation. The
documentation state
Hi Kyle and RT,
I want to know the status of the bug that "-out" of openssl does not
redirect the stdout to a file. Instead the command below prints the entire
certificate to pubkey.pem and the extracted cert (pubkey) to the screen:
$ openssl x509 -inform pem -in cert.pem -pubkey -out pubkey.p
The CA doesn't generate the public key in your certificate. You
generate it, and you send it to the CA to be bound to your identity --
the CA uses its private key to sign the certificate, and the verifier
already has the CA's public key to verify with.
Without the public key in your certificate
My apologies:
$ openssl rsa -pubin -in rsa.public -noout -text
-Kyle H
On 5/3/07, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
The CA doesn't generate the public key in your certificate. You
generate it, and you send it to the CA to be bound to your identity --
the CA uses its private key to sign
16 matches
Mail list logo
