[openssl-users] Get raw RSA public key from X509 certificate
Ken Goldman
kgoldman at us.ibm.com
Fri Apr 27 14:01:19 UTC 2018
On 04/27/18 04:50, Matt Caswell wrote:
>
>
> On 26/04/18 23:48, Ken Goldman wrote:
>> On 04/26/18 16:37, Matt Caswell wrote:
>>>
>>>
>>> On 26/04/18 21:17, Ken Goldman wrote:
>>>> I have to get the raw public modulus, but I cannot X509_get_pubkey()
>>>> because of a non-standard object identifier.
>>>>
>>>> I can use X509_get_X509_PUBKEY() to get part way there. I see the DER
>>>> wrapped key in the public_key.data element, but I don't know an API to
>>>> get to that element.
>>>
>>> How about X509_PUBKEY_get0_param():
>>>
>>> https://www.openssl.org/docs/man1.1.0/crypto/X509_PUBKEY_get0_param.html
>>>
>>
>> Thanks! That got me halfway there.
>>
>> That gives me a DER steam that is a SEQUENCE of two INTEGERs. The first
>> is the public modulus and the second one is the exponent.
>>
>> How do I go from that SEQUENCE to the components, and then from the
>> components to their byte streams and lengths?
>>
>> I assume it's some raw DER function like d2i_something.
>>
>
> How about create a mem-bio backed by the buffer containing the raw data
> and then call d2i_RSAPublicKey_bio()?
That was it! What threw me off is that the documentation says:
TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
but RSAPublicKey isn't a type. So the pattern of TYPE being a structure
name didn't hold.
(There is a d2i_RSAPublicKey() function, so I didn't need the BIO.)
For the record. here's the resulting set of calls:
X509 * = d2i_X509()
X509_PUBKEY * = X509_get_X509_PUBKEY()
X509_PUBKEY_get0_param()
RSA * = d2i_RSAPublicKey()
~~~~
RSA_get0_key()
BN_bn2bin()
For a more standard certificate, the first 4 calls can be replaced by:
X509 * = d2i_X509()
EVP_PKEY * = X509_get_pubkey();
RSA * = EVP_PKEY_get1_RSA()
More information about the openssl-users
mailing list