[openssl-users] reading DER format public keys
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Sep 15 16:43:32 UTC 2017
On Fri, Sep 15, 2017 at 11:57:17AM -0400, Michael Richardson wrote:
> pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);
> There must be a way to read DER format public keys.
> I'm suspecting that maybe the magic is in the way the BIO is created?
> (FAQ question PROG03, hints this for PKCS7 processing).
The function you're looking for is d2i_PUBKEY(3). See for example:
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L344
which parses public keys from "TLSA ? 1 0 <keyblob>" records, which
have a DER encoding of the X.509 SubjectPublicKeyInfo (SPKI) in
the associated-data (4th) RData field.
It is the DER analogue of PEM_read_bio_PUBKEY. With few exceptions,
you can s/PEM_READ_bio/d2i/ to go from reading PEM to reading DER.
--
Viktor.
More information about the openssl-users
mailing list