OpenSSL vs SPKI
William Roberts
bill.c.roberts at gmail.com
Tue Apr 7 04:44:27 UTC 2020
On Mon, Apr 6, 2020, 9:16 PM Jason Proctor <jason at spatiallabs.com> wrote:
> Distinguished crypto community,
>
> I have the requirement to import RSA keypairs generated by the Amazon
> Key Management System into my environment. These keypairs arrive in
> the de facto standard of SPKI for the public component and PKCS8 for
> the private component.
>
> I have no problem with the PKCS8 encoded private keys, they seem fine
> when imported using d2i_PKCS8_PRIV_KEY_INFO_bio().
>
> However, I'm having issues importing the SPKI encoded public keys. My
> Java test program imports them fine. The Js Web Crypto API is happy
> with them. Online ASN.1 parsers are fine with them. The OpenSSL
> command line tool can dump their contents, no problem. However, the
> d2i_NETSCAPE_SPKI() function errors out trying to deal with them.
>
> Back in the day I had a hack to import SPKI encoded public keys, as I
> knew their structure. I would just set the modulus and exponent
> directly using BN_bin2bn(). However these days it seems that the RSA
> structure is opaque, and so I can't do that either. (I mean fair
> enough, it's a hack.)
>
There's setter functions now. See:
https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html
So I have no idea about the spki function, but if you have the rsa private
key can't you get the public key from it? I would just look at what API the
rsa command line tool is using. I would imagine there is a high level API
for this.
>
> Question -- is there a supported way of importing SPKI encoded public
> keys into the OpenSSL world?
>
> thanks so much for any help with this,
> Jason at Spatial
> EAY/OpenSSL user since 1995
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200406/6e993b97/attachment-0001.html>
More information about the openssl-users
mailing list