Question regarding `X509_PUBKEY` and ASN.1 SubjectPublicKeyInfo.
Thomas Bailleux
thomas.bailleux at sandboxaq.com
Wed Feb 7 10:43:10 UTC 2024
Hello OpenSSL,
I'm working on a program that generates pairs of keys and then writes the ASN.1
encoded SubjectPublicKeyInfo (RFC 5280[1]) to a file.
I turned to API `X509_PUBKEY`, and especially `X509_PUBKEY_set`[2], which
seems to do the trick by taking an `EVP_PKEY` object that contains the
public key:
The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo
> structure defined in RFC5280 and used in certificates and certificate
> requests.
>
However, I'm kind of lost when it comes to encoding it to an ASN.1 document.
The documentation states the following:
> i2d_PUBKEY() encodes an *EVP_PKEY* structure using *SubjectPublicKeyInfo*
> format.
So it seems that I can use `i2d_PUBKEY` with an `EVP_PKEY` directly without
having to deal with an intermediate `X509_PUBKEY` object. However,
`i2d_X509_PUBKEY` also exists but it doesn't have a dedicated manpage (only
the generic manpage[3] about encoding/decoding from/to ASN.1).
My question is: which one should I use?
Regards,
- thomas
[1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7
[2]: https://www.openssl.org/docs/man3.2/man3/X509_PUBKEY_set.html
[3]: https://www.openssl.org/docs/man3.2/man3/i2d_X509_PUBKEY.html
--
Thomas Bailleux
Staff cryptography software engineer
thomas at sandboxaq.com
Paris, FRANCE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240207/6cf54557/attachment.htm>
More information about the openssl-users
mailing list