Get raw RSA public key from X509 certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Get raw RSA public key from X509 certificate

Ken Goldman-2
I have to get the raw public modulus, but I cannot X509_get_pubkey()
because of a non-standard object identifier.

I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER
wrapped key in the public_key.data element, but I don't know an API to
get to that element.

Am I on the right track, or is there a better way?

Could some very kind person give me the code flow?



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Get raw RSA public key from X509 certificate

Matt Caswell-2


On 26/04/18 21:17, Ken Goldman wrote:
> I have to get the raw public modulus, but I cannot X509_get_pubkey()
> because of a non-standard object identifier.
>
> I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER
> wrapped key in the public_key.data element, but I don't know an API to
> get to that element.

How about X509_PUBKEY_get0_param():

https://www.openssl.org/docs/man1.1.0/crypto/X509_PUBKEY_get0_param.html

Matt


>
> Am I on the right track, or is there a better way?
>
> Could some very kind person give me the code flow?
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Get raw RSA public key from X509 certificate

Ken Goldman-2
On 04/26/18 16:37, Matt Caswell wrote:

>
>
> On 26/04/18 21:17, Ken Goldman wrote:
>> I have to get the raw public modulus, but I cannot X509_get_pubkey()
>> because of a non-standard object identifier.
>>
>> I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER
>> wrapped key in the public_key.data element, but I don't know an API to
>> get to that element.
>
> How about X509_PUBKEY_get0_param():
>
> https://www.openssl.org/docs/man1.1.0/crypto/X509_PUBKEY_get0_param.html
>

Thanks!  That got me halfway there.

That gives me a DER steam that is a SEQUENCE of two INTEGERs.  The first
is the public modulus and the second one is the exponent.

How do I go from that SEQUENCE to the components, and then from the
components to their byte streams and lengths?

I assume it's some raw DER function like d2i_something.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Get raw RSA public key from X509 certificate

Matt Caswell-2


On 26/04/18 23:48, Ken Goldman wrote:

> On 04/26/18 16:37, Matt Caswell wrote:
>>
>>
>> On 26/04/18 21:17, Ken Goldman wrote:
>>> I have to get the raw public modulus, but I cannot X509_get_pubkey()
>>> because of a non-standard object identifier.
>>>
>>> I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER
>>> wrapped key in the public_key.data element, but I don't know an API to
>>> get to that element.
>>
>> How about X509_PUBKEY_get0_param():
>>
>> https://www.openssl.org/docs/man1.1.0/crypto/X509_PUBKEY_get0_param.html
>>
>
> Thanks!  That got me halfway there.
>
> That gives me a DER steam that is a SEQUENCE of two INTEGERs.  The first
> is the public modulus and the second one is the exponent.
>
> How do I go from that SEQUENCE to the components, and then from the
> components to their byte streams and lengths?
>
> I assume it's some raw DER function like d2i_something.
>

How about create a mem-bio backed by the buffer containing the raw data
and then call d2i_RSAPublicKey_bio()?

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Get raw RSA public key from X509 certificate

Ken Goldman-2
On 04/27/18 04:50, Matt Caswell wrote:

>
>
> On 26/04/18 23:48, Ken Goldman wrote:
>> On 04/26/18 16:37, Matt Caswell wrote:
>>>
>>>
>>> On 26/04/18 21:17, Ken Goldman wrote:
>>>> I have to get the raw public modulus, but I cannot X509_get_pubkey()
>>>> because of a non-standard object identifier.
>>>>
>>>> I can use X509_get_X509_PUBKEY() to get part way there.  I see the DER
>>>> wrapped key in the public_key.data element, but I don't know an API to
>>>> get to that element.
>>>
>>> How about X509_PUBKEY_get0_param():
>>>
>>> https://www.openssl.org/docs/man1.1.0/crypto/X509_PUBKEY_get0_param.html
>>>
>>
>> Thanks!  That got me halfway there.
>>
>> That gives me a DER steam that is a SEQUENCE of two INTEGERs.  The first
>> is the public modulus and the second one is the exponent.
>>
>> How do I go from that SEQUENCE to the components, and then from the
>> components to their byte streams and lengths?
>>
>> I assume it's some raw DER function like d2i_something.
>>
>
> How about create a mem-bio backed by the buffer containing the raw data
> and then call d2i_RSAPublicKey_bio()?

That was it!  What threw me off is that the documentation says:

         TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);

but RSAPublicKey isn't a type.  So the pattern of TYPE being a structure
name didn't hold.

(There is  a d2i_RSAPublicKey() function, so I didn't need the BIO.)

For the record. here's the resulting set of calls:

X509 * = d2i_X509()
X509_PUBKEY * = X509_get_X509_PUBKEY()
X509_PUBKEY_get0_param()
RSA * = d2i_RSAPublicKey()
~~~~
RSA_get0_key()
BN_bn2bin()

For a more standard certificate, the first 4 calls can be replaced by:

X509 * = d2i_X509()
EVP_PKEY * = X509_get_pubkey();
RSA * = EVP_PKEY_get1_RSA()


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Get raw RSA public key from X509 certificate

Matt Caswell-2


On 27/04/18 15:01, Ken Goldman wrote:
> That was it!  What threw me off is that the documentation says:
>
>      TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
>
> but RSAPublicKey isn't a type.  So the pattern of TYPE being a structure
> name didn't hold.

Ahh. Interesting. In most places where we have a d2i function the name
of the function and the type is the same thing. This is one place where
it isn't.


>
> (There is  a d2i_RSAPublicKey() function, so I didn't need the BIO.)

Duh...of course.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users