[openssl-users] Question as to best options....

Salz, Rich rsalz at akamai.com
Fri Dec 29 00:31:47 UTC 2017

It is hard to follow this thread with all the indenting.

>  If I take a PEM-encoded RSA private key file and convert it to binary (using b64decode) what I get is not the same thing as I get from "openssl rsa -inform pem -in key -outform der -out key.der".

How do you convert it?  Did you strip off the ---BEGIN and END tags?  Then it absolutely should have been the same thing.
An internal structure, such as an RSA object, can be converted to DER using d2i_RSA.  DER is useful because it is a “flat” format, whereas the internal object is useful in the C code.  Make sense?  DER files are useful if you already know what the filetype is.  The d2i_ and i2d_ functions convert between internal (C structures, with pointers etc) to DER encoding.  They basically work on buffers, only.
PEM files are base64 encoded DER, with BEGIN and END tags that specify what the middle-part is.  It is useful because it is human readable. Also the PEM_read_xxxx functions will check what is expected to what the file says it is.
Most objects have PEM_read and PEM_write functions as well.  They are not necessarily obvious from scanning the header files, because they are declared and implemented as macro’s, as it’s common code with just a pointer to an internal description of what the ASN1/DER looks like.
The documentation on the master branch does a much better, and more complete, job of explaining this.
The function I think you want is PEM_read_PrivateKey.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171229/9a67d116/attachment-0001.html>

More information about the openssl-users mailing list