1

I am using Python RSA to do RSA encryption and decryption

I have public/private key in string format and the above mentioned library expects it in format class of type rsa.PublicKey

I am not able to convert my string public/private key to required format(class)

Public Key:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt14jQ0+D8+gpsCPIrCoWVgw8qmH6izDXQTSqHngcGkjuuK58TOOgUo/lari7uTAg5s0ng42WYwQw3uXqa4aKOUMfcLvmn9pALNY3q9oXZa9plxemGR9itlTrY6ZKOX2FrRTB42K6F6YUnMTtjotw/6E3lNQJpFYwyT1EhLV/TP2ds7NVbNEMX+kRcelxD9Cwwigfv+2eljUJP/lQUoNTEJr6oQRibPMSBCRBbljUq5fDSxGrm0WKFLcxDwcf57/qekeWeFkysdzOTSlOQfGs8WLGho3pMNal0uCzEi2SIVPnkg3cNs6nCJ/Y3LCwUcOk1kRJqyZqk46s4iFzEElGqQIDAQAB
Topaco
  • 40,594
  • 4
  • 35
  • 62
aMighty
  • 283
  • 4
  • 11
  • By *string format* you may mean PEM encoding. The typical formats are PKCS#1 and PKCS#8 for private RSA keys and PKCS#1 and X.509/SPKI for public RSA keys. Please specify the formats you use or post example keys. – Topaco Jul 07 '22 at 07:30
  • @Topaco Private keys are in pkcs8 format which I'm able to convert to pkcs1 using openssl command but I'm not able to use the same command to convert the public keys. Anything you can suggest ? – aMighty Jul 07 '22 at 11:23
  • The library supports both formats for public keys, so the problem is not clear to me. If you still want to convert between the formats, this is possible with OpenSSL. But as long as you don't specify start and target format of your public key, the question can't be answered anyway. – Topaco Jul 07 '22 at 12:36
  • The person who sent the public didn't tell us the format of content, Is there any specific which I can look in the public key for identification ? I know there are identification in private key https://superuser.com/questions/1515261/how-to-quickly-identify-ssh-private-key-file-formats – aMighty Jul 07 '22 at 13:21
  • A public key is not secret, hence the name - why don't you just post it? Otherwise look here https://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa or use an ASN.1 parser: https://lapo.it/asn1js/ – Topaco Jul 07 '22 at 13:40
  • Public Key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt14jQ0+D8+gpsCPIrCoWVgw8qmH6izDXQTSqHngcGkjuuK58TOOgUo/lari7uTAg5s0ng42WYwQw3uXqa4aKOUMfcLvmn9pALNY3q9oXZa9plxemGR9itlTrY6ZKOX2FrRTB42K6F6YUnMTtjotw/6E3lNQJpFYwyT1EhLV/TP2ds7NVbNEMX+kRcelxD9Cwwigfv+2eljUJP/lQUoNTEJr6oQRibPMSBCRBbljUq5fDSxGrm0WKFLcxDwcf57/qekeWeFkysdzOTSlOQfGs8WLGho3pMNal0uCzEi2SIVPnkg3cNs6nCJ/Y3LCwUcOk1kRJqyZqk46s4iFzEElGqQIDAQAB @Topaco – aMighty Jul 07 '22 at 19:11
  • See my answer please. – Topaco Jul 07 '22 at 20:35

1 Answers1

1

The posted key is a Base64 encoded, DER encoded RSA public key in X.509/SPKI format (this can be verified in an ASN.1 parser, e.g. https://lapo.it/asn1js/).

Python-RSA supports for public RSA keys both formats (i.e. X.509/SPKI and PKCS#1) and encodings (i.e. PEM and DER) with the respective methods of the rsa.PublicKey class, e.g. the posted Base64 encoded, DER encoded X.509/SPKI key can be imported with load_pkcs1_openssl_der() as follows:

import rsa
import base64

publicKeySpkiDer = base64.b64decode('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt14jQ0+D8+gpsCPIrCoWVgw8qmH6izDXQTSqHngcGkjuuK58TOOgUo/lari7uTAg5s0ng42WYwQw3uXqa4aKOUMfcLvmn9pALNY3q9oXZa9plxemGR9itlTrY6ZKOX2FrRTB42K6F6YUnMTtjotw/6E3lNQJpFYwyT1EhLV/TP2ds7NVbNEMX+kRcelxD9Cwwigfv+2eljUJP/lQUoNTEJr6oQRibPMSBCRBbljUq5fDSxGrm0WKFLcxDwcf57/qekeWeFkysdzOTSlOQfGs8WLGho3pMNal0uCzEi2SIVPnkg3cNs6nCJ/Y3LCwUcOk1kRJqyZqk46s4iFzEElGqQIDAQAB')
publicKey = rsa.PublicKey.load_pkcs1_openssl_der(publicKeySpkiDer)

A PEM encoded X.509/SPKI key can be imported with load_pkcs1_openssl_pem().

A PKCS#1 public key can be imported with load_pkcs1(). In the second parameter the encoding is specified (with 'PEM' or 'DER').

Topaco
  • 40,594
  • 4
  • 35
  • 62
  • One more question @Topaco I have one more question when I put the above mentioned key in ASN.1 Parser it shows it's in PKCS #1 (Object Identifier) But you mentioned it's in Base64 encoded in X.509/SPKI format, how did you concluded that ? P.S: Bare with me over trivial questions – aMighty Jul 10 '22 at 15:36
  • 1
    @aMighty - These topics are very comprehensive, but you will find enough posts about them on SO or elsewhere on the web, e.g. [here](https://stackoverflow.com/a/29707204/9014097) for the difference between X.509/SPKI and PKCS#1 format, [here](https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/) for ASN.1/DER, and [here](https://datatracker.ietf.org/doc/html/rfc8017) for RFC8017 or the PKCS#1 specification. – Topaco Jul 10 '22 at 17:14
  • I have one more query, When I generate signature using the rsa, I want to convert the signature to string before sending But when I try to do so, I get UnicodeDecodeError: 'utf-8' codec can't decode byte 0xae in position 2: invalid start byte Is there a way how can I find the encoding ? – aMighty Jul 10 '22 at 20:19
  • 1
    @aMighty - Signatures, ciphertexts, hashes etc. must not be UTF-8 decoded, because this will corrupt the data, see e.g. [here](https://stackoverflow.com/a/9098905/9014097). If the signature is to be represented as string, you must use a binary-to-text encoding like Base64. But actually this is beyond the scope of this question. For further questions please post a new question on SO (if you don't find an answer on SO). – Topaco Jul 10 '22 at 20:37