Re: “EC PUBLIC KEY”
Matt Caswell
matt at openssl.org
Thu Nov 18 13:37:03 UTC 2021
On 17/11/2021 21:49, Michael Wojcik wrote:
> Further on this, I'd like to know where the OP got a file with a "BEGIN EC PUBLIC KEY" header. Various discussions elsewhere (including one from this list in 2017) cast doubt on the existence of any such beast.
AFAIK no such format exists. At least it shouldn't. By coincidence we
recently discovered a bug in 3.0.0 where the new encoder APIs could be
persuaded to output such a thing. See issue #16977. That bug has now
been fixed in git.
https://github.com/openssl/openssl/issues/16977
> Public keys all use "BEGIN PUBLIC KEY" (in PEM format) because, if I understand correctly, they're all in SPKI (SubjectPublicKeyInfo) format, as specified in RFC 5280 (PKIX Certificate and CRL Profile); and SPKI also includes key-type metadata.
There are so-called "type-specific" public key formats in existence,
e.g. see PEM_write_bio_RSAPublicKey()
https://www.openssl.org/docs/manmaster/man3/PEM_write_bio_RSAPublicKey.html
From the man page
> The RSAPublicKey functions process an RSA public key using an RSA
structure. The public key is encoded using a PKCS#1 RSAPublicKey structure.
However, as far as I am aware, no such format exists for an EC public key.
>
> If someone does have a file with a "BEGIN EC PUBLIC KEY" PEM header, it would be interesting to see it, or at least the output from openssl asn1parse, and to know where it came from.
>
Interestingly there is a related discussion about the i2d_PublicKey and
d2i_PublicKey functions and how they should be handled for EC keys in
issue #16989
https://github.com/openssl/openssl/issues/16989
These functions can be used to write the DER encoding of a public key in
type-specific format. Interesting i2d_PublicKey stills output data in a
totally bogus non-DER format when supplied with an EC key. Its just the
raw encoded "point" for the public key data not wrapped up in DER at
all. It can't be easily round tripped by calling d2i_PublicKey on the
data that is produced from i2d_PublicKey because it does include any
information about the underlying curve.
Matt
More information about the openssl-users
mailing list