Re: “EC PUBLIC KEY”

Matt Caswell matt at openssl.org
Thu Nov 18 13:37:03 UTC 2021



On 17/11/2021 21:49, Michael Wojcik wrote:
> Further on this, I'd like to know where the OP got a file with a "BEGIN EC PUBLIC KEY" header. Various discussions elsewhere (including one from this list in 2017) cast doubt on the existence of any such beast.

AFAIK no such format exists. At least it shouldn't. By coincidence we 
recently discovered a bug in 3.0.0 where the new encoder APIs could be 
persuaded to output such a thing. See issue #16977. That bug has now 
been fixed in git.

https://github.com/openssl/openssl/issues/16977

> Public keys all use "BEGIN PUBLIC KEY" (in PEM format) because, if I understand correctly, they're all in SPKI (SubjectPublicKeyInfo) format, as specified in RFC 5280 (PKIX Certificate and CRL Profile); and SPKI also includes key-type metadata.

There are so-called "type-specific" public key formats in existence, 
e.g. see PEM_write_bio_RSAPublicKey()

https://www.openssl.org/docs/manmaster/man3/PEM_write_bio_RSAPublicKey.html

 From the man page

 > The RSAPublicKey functions process an RSA public key using an RSA 
structure. The public key is encoded using a PKCS#1 RSAPublicKey structure.

However, as far as I am aware, no such format exists for an EC public key.

> 
> If someone does have a file with a "BEGIN EC PUBLIC KEY" PEM header, it would be interesting to see it, or at least the output from openssl asn1parse, and to know where it came from.
> 

Interestingly there is a related discussion about the i2d_PublicKey and 
d2i_PublicKey functions and how they should be handled for EC keys in 
issue #16989

https://github.com/openssl/openssl/issues/16989

These functions can be used to write the DER encoding of a public key in 
type-specific format. Interesting i2d_PublicKey stills output data in a 
totally bogus non-DER format when supplied with an EC key. Its just the 
raw encoded "point" for the public key data not wrapped up in DER at 
all. It can't be easily round tripped by calling d2i_PublicKey on the 
data that is produced from i2d_PublicKey because it does include any 
information about the underlying curve.


Matt



More information about the openssl-users mailing list