[openssl-users] how to import external rsa public key in openssl.
Matt Caswell
matt at openssl.org
Fri Jun 8 08:53:04 UTC 2018
On 08/06/18 08:02, Sangsub wrote:
>
> I would like to perform operations such as RSA signature verification
> through an RSA public key file received from an external server.
> Key values are given in der format or pem format as follows.
>
> der:"30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001"
>
> pem_base64:"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2nsO4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhfnAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmDLWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmrrF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuDd8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6xQIDAQAB"
>
> I want to import the above data into "struct rsa_st * rsa", but it is not
> working.
>
> For example, to import the rsa public key in der format, I did the
> following:
> ==========================================================
> char data[] =
> "30820122300d06092a864886f70d01010105000382010f003082010a02820101008ab8c549138cc59f605b50265f69ec3b8ce3b3e9af5e174d26cfe242650104bea05101189676c7a292cc6b5ae719e119e3ac29e9d3ad9dadcda496f2f7185f9c0c4872a2db124f01992b238e83fd582d8a290f2973f9cf744f1e53f8aa53a225c12299b1cc3658fb607cb5aba579832d6c2687f71300a4df3df1c1407e17d22a5c19c830ed0c5824072309a612bb3e4fb339f25bbbcfe2999f4342110649abac5f4bfea2a59cd38c173979a679afdc8baacb4e87eb50acf806cfb7407504bdac110cfbcb99c04227031e146b9f3b8377c87035690309fae9872e2c7b93e8375fccdebc4f98be1d574269c513a43594f6b8861f7464832ae99ebaceae0fcc3ac50203010001";
>
> unsigned char * pArr = (unsigned char *)malloc(buf_len);
> RSA *pub_rsa = NULL;
>
> fnStr2Hex(pArr, data); // Converts a data array composed of strings to a hex
Is that really what this function does? i.e. convert *to* hex? The
buffer you are working with is already in hex - but you want it in a
binary form (i.e. convert *from* hex) for the subsequent call to
d2i_RSAPublicKey.
But actually, probably you need to call d2i_RSA_PUBKEY instead. This is
the function you need for reading a SubjectPublicKeyInfo (SPKI) format,
der encoded RSA key. I took your der encoded key above and ran it
through asn1parse, and it appears to be in SPKI format.
> array (pArr).
> pub_rsa=d2i_RSAPublicKey(NULL,&pArr,(long)buf_len);
> ==========================================================
>
> In this case, In d2i_RSAPublicKey function is returning NULL Pointer.
> I do not know what went wrong.
>
> And I do not know how to change the string data received by pem_base64 to
> "struct rsa_st * rsa" as well.
The equivalent function for reading a pem encoded RSA key in SPKI format
is PEM_read_bio_RSA_PUBKEY() (or one of the other similarly named
functions) described here:
https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_RSA_PUBKEY.html
However, you don't actually have a PEM file at all. You are missing the
header and footer lines. It needs to look something like this:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirjFSROMxZ9gW1AmX2ns
O4zjs+mvXhdNJs/iQmUBBL6gUQEYlnbHopLMa1rnGeEZ46wp6dOtna3NpJby9xhf
nAxIcqLbEk8BmSsjjoP9WC2KKQ8pc/nPdE8eU/iqU6IlwSKZscw2WPtgfLWrpXmD
LWwmh/cTAKTfPfHBQH4X0ipcGcgw7QxYJAcjCaYSuz5PsznyW7vP4pmfQ0IRBkmr
rF9L/qKlnNOMFzl5pnmv3Iuqy06H61Cs+AbPt0B1BL2sEQz7y5nAQicDHhRrnzuD
d8hwNWkDCfrphy4se5PoN1/M3rxPmL4dV0JpxROkNZT2uIYfdGSDKumeus6uD8w6
xQIDAQAB
-----END PUBLIC KEY-----
Hope that helps,
Matt
More information about the openssl-users
mailing list