> The PEM_* routines, as documented at:
> https://www.openssl.org/docs/man1.0.2/crypto/PEM_read_bio_PUBKEY.html > do not claim to read DER format input. (Actually they don't say anything about DER).
> Ruby's library uses:
> pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, (void *)pass);
> It's documentation claims it read DER, which either it's wrong, or the
> underlying ruby extension or SSL code has changed.
> There must be a way to read DER format public keys.
> I'm suspecting that maybe the magic is in the way the BIO is created?
> (FAQ question PROG03, hints this for PKCS7 processing).
I had problems with DER using the command line options. I can create,
and display a DER keypair, a CSR, a self-signed cert. I cannot use a
CSR to make a cert where everything is DER. So something is missing
somewhere. If you search back a bit, you will find my postings on this
with the error messages I got.
> On Sep 15, 2017, at 6:24 PM, Michael Richardson <[hidden email]> wrote:
>> It is the DER analogue of PEM_read_bio_PUBKEY. With few exceptions,
>> you can s/PEM_READ_bio/d2i/ to go from reading PEM to reading DER.
> It would be great if there were cross-references...
I should note that the PEM_read_bio routines read data from a file,
while the d2i_PUBKEY() routine decodse data from memory. The
corresponding "read a file" routines are: