[openssl-users] reading DER format public keys

Michael Richardson mcr at sandelman.ca
Fri Sep 15 22:24:43 UTC 2017

Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
    > On Fri, Sep 15, 2017 at 11:57:17AM -0400, Michael Richardson wrote:

    >> pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);

    >> There must be a way to read DER format public keys.
    >> I'm suspecting that maybe the magic is in the way the BIO is created?
    >> (FAQ question PROG03, hints this for PKCS7 processing).

    > The function you're looking for is d2i_PUBKEY(3).  See for example:

    > https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L344

Once I realized what this does, I then realized that it wasn't about just
about doing something to setup the bio.... then I realized that the ruby
interface was in fact calling that.

*THEN* I realized I was feeding a certificate blob into a PK routine, and
that was really the problem.

    > It is the DER analogue of PEM_read_bio_PUBKEY.  With few exceptions,
    > you can s/PEM_READ_bio/d2i/ to go from reading PEM to reading DER.

It would be great if there were cross-references...

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170915/1a27a81b/attachment.sig>

More information about the openssl-users mailing list