Question regarding `X509_PUBKEY` and ASN.1 SubjectPublicKeyInfo.
Thomas Bailleux
thomas.bailleux at sandboxaq.com
Wed Feb 7 11:21:27 UTC 2024
I see. Thank you very much for your prompt reply.
- thomas
On Wed, Feb 7, 2024 at 12:13 PM Matt Caswell <matt at openssl.org> wrote:
>
>
> On 07/02/2024 10:43, Thomas Bailleux wrote:
> > Hello OpenSSL,
> >
> > I'm working on a program that generates pairs of keys and then writes
> > the**ASN.1 encoded SubjectPublicKeyInfo (RFC 5280[1]) to a file.
> >
> > I turned to API `X509_PUBKEY`, and especially `X509_PUBKEY_set`[2],
> > which seems to do the trick by taking an `EVP_PKEY` object that contains
> > the public key:
> >
> > The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo
> > structure defined in RFC5280 and used in certificates and
> > certificate requests.
> >
> >
> > However, I'm kind of lost when it comes to encoding it to an ASN.1
> document.
> > The documentation states the following:
> >
> > i2d_PUBKEY() encodes an *EVP_PKEY* structure using
> > *SubjectPublicKeyInfo* format.
> >
> >
> > So it seems that I can use `i2d_PUBKEY` with an `EVP_PKEY` directly
> > without having to deal with an intermediate `X509_PUBKEY` object.
> > However, `i2d_X509_PUBKEY` also exists but it doesn't have a dedicated
> > manpage (only the generic manpage[3] about encoding/decoding from/to
> ASN.1).
> >
> > My question is: which one should I use?
>
> Either should be fine - but i2d_PUBKEY() is usually more convenient
> because it does not require you to go through the intermediate
> X509_PUBKEY structure.
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240207/a589cccb/attachment.htm>
More information about the openssl-users
mailing list