6

Today I discover that there are 2 public key formats with PEM format headers, eg

X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)

which correspond to the short header form;

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsQ7MkLsc1lJ8S2WtItN
cfj7pbdB6PVcRHEEjbie97Rqthkr6h2WE5rVj0BZNwFjs4NIUYws2KeQjexZ8NEY
qpcP9iPMjdNgLpU8uL03QMti+y+y0IU4493KxKxjprjtu6no0/O5TwNs+/r+7hmF
/8d+2mhyLJQbtuvQQ6mvg6roCMuqzRS91SObzT1ojCjY+AbUrmVZ5jmklHCv7uah
EoTsB3S7wHCBRmelh2j5fWrRBay4h0IB/NSrt1dO/UEVmDSWGjnG+RsDMhYGZXJ1
hJawhqrbuVRZvrMyzqQ0j1xy5buS6jqSHA3wdOixdI8dDpvBnUDGqEIU6gl2Am7h
pwIDAQAB
-----END PUBLIC KEY-----

and 

PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)

which correspond to the longer form;

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1+skaD+II3MYF/0iGDcFX/E6b0XzSC8I2RapRaCL84EqY8HxWGKn
+7p34ZJwZx9avX0cCUqvTmS6LtuoSGrdLlahrz1qEnkdYqlo9HXXQiKtA9iwaiId
LxPtCnJnGMOMtolwKAJpsr+l68D41mWvvibrwPbeTJsFi0zvrN0rL1YbVYvw3X85
fQm+wgo3s8I5sOWwlkADvfD37KxteEPitfb2cvGfYo+VIhBqqXQUhQSC3jBAUc5o
+P8U3eu84ln2YqiIg9P/iM99HoKFECJ2+mxWM8oz0rS8oqthVOck+KZ7mBiYjEzW
3ytTJIUpX9Sl88oDqkz7Azku/GVEiJNWSQIDAQAB
-----END RSA PUBLIC KEY-----

I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;

#openssl rsa -pubin -in rsa.pub -modulus -noout

unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY

Any suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?

Tom
  • 3,324
  • 1
  • 31
  • 42
  • 1
    Possible duplicate of [How can I transform between the two styles of public key format, one "BEGIN RSA PUBLIC KEY", the other is "BEGIN PUBLIC KEY"](https://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa) – MultiplyByZer0 Mar 02 '19 at 07:21

2 Answers2

8

I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".

Sivachandran
  • 787
  • 7
  • 21
  • That prefix is correct only for a key with a 2048-bit modulus which was moderately common in 2012 and widespread in 2018 but there are exceptions, and a 3-octet exponent like 'F4' = the fourth Fermat prime = 65537, which is fairly common but not universal. – dave_thompson_085 Dec 29 '18 at 10:34
  • that other question was asked a year later, so if anything... that's a duplicate of this one. They are also asking slightly different things. – Tom Mar 02 '19 at 21:07
4

openssl command line program can read PKCS#1 format...

If you use

openssl rsa -RSAPublicKey_in <inputFile> -pubout -out <outputFile>

It will generate 451 byte long public key from 426 byte long rsa public key.

OrhanT
  • 91
  • 2
  • Only version 1.0.0 up (first released 2010, still fairly rare in 2012, now pretty common). And to answer the exact Q asked, `rsa -in privkey -RSAPublicKey_out` _writes_ 'legacy' form. – dave_thompson_085 Aug 23 '18 at 02:52