[openssl-users] reading DER format public keys

Viktor Dukhovni openssl-users at dukhovni.org
Fri Sep 15 16:43:32 UTC 2017

On Fri, Sep 15, 2017 at 11:57:17AM -0400, Michael Richardson wrote:

>     pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);

> There must be a way to read DER format public keys.
> I'm suspecting that maybe the magic is in the way the BIO is created?
> (FAQ question PROG03, hints this for PKCS7 processing).

The function you're looking for is d2i_PUBKEY(3).  See for example:


which parses public keys from "TLSA ? 1 0 <keyblob>" records, which
have a DER encoding of the X.509 SubjectPublicKeyInfo (SPKI) in
the associated-data (4th) RData field.

It is the DER analogue of PEM_read_bio_PUBKEY.  With few exceptions,
you can s/PEM_READ_bio/d2i/ to go from reading PEM to reading DER.


More information about the openssl-users mailing list