OpenSSL vs SPKI
Jason Proctor
jason at spatiallabs.com
Tue Apr 7 02:16:23 UTC 2020
Distinguished crypto community,
I have the requirement to import RSA keypairs generated by the Amazon
Key Management System into my environment. These keypairs arrive in
the de facto standard of SPKI for the public component and PKCS8 for
the private component.
I have no problem with the PKCS8 encoded private keys, they seem fine
when imported using d2i_PKCS8_PRIV_KEY_INFO_bio().
However, I'm having issues importing the SPKI encoded public keys. My
Java test program imports them fine. The Js Web Crypto API is happy
with them. Online ASN.1 parsers are fine with them. The OpenSSL
command line tool can dump their contents, no problem. However, the
d2i_NETSCAPE_SPKI() function errors out trying to deal with them.
Back in the day I had a hack to import SPKI encoded public keys, as I
knew their structure. I would just set the modulus and exponent
directly using BN_bin2bn(). However these days it seems that the RSA
structure is opaque, and so I can't do that either. (I mean fair
enough, it's a hack.)
Question -- is there a supported way of importing SPKI encoded public
keys into the OpenSSL world?
thanks so much for any help with this,
Jason at Spatial
EAY/OpenSSL user since 1995
More information about the openssl-users
mailing list