Reputation: 739
What are Public key header and public key info?
I am trying to find what is public key header and public key info. I have dumped a certificate in C format using openssl, along with public key modulus. It listed public key info and public key header as public key. But I am not able to dump these fields using openssl.exe rsa -pubin -inform DER -text -noout < publickey.der for a public key generated on my server.
Could any please explain what is the significance of these fields in a digital certificate, are they same for all the public keys? Not able to get this info on openssl, it is just mentioned that DER encoding will have additional header and footer.
Upvotes: 3
Views: 6483
Answers (1)
Reputation: 39650
I've never heard of the public key header... could you give an example?
The Public Key info is probably the standard way how public keys in X.509 certificates are generally encoded, in the form of a SubjectPublicKeyInfo attribute. These SubjectPublicKeyInfos can be turned into a public key file (I assumed that's what you were trying to do? Please correct me if I'm wrong!) That section also tells you about where you can find information about particular algorithms, for RSA they reference RFC 3279. A SubjectPublicKeyInfo is defined as follows:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
RFC 3279 says:
The rsaEncryption OID is intended to be used in the algorithm field of a value of type AlgorithmIdentifier. The parameters field MUST have ASN.1 type NULL for this algorithm identifier.
Further:
The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey:
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER } -- e
So it's the subjectPublicKey field that contains the relevant data - you can for example get to these values with the x509 command of OpenSSL:
openssl x509 -in certificate.cer -inform DER -noout -text
Prints out (for PEM certificates, drop the -inform DER):
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:cb:c2:...
Exponent: 65537 (0x10001)
There's also a neat trick how you can directly produce a PEM RSA public key file with x509:
openssl x509 -inform DER -in certificate.cer -pubkey -noout > pubkey.pem
and there's your public key exported in PEM encoding.
Upvotes: 3
Related Questions
- RSA public key encryption openssl
- Generate Private and Public key OpenSSL
- Openssl : What does RSA n e d p q parameters represent?
- Openssl cipher suite explanation
- Can you help me get my head around openssl public key encryption with rsa.h in c++?
- Basic use of openssl parameters and key generation
- OpenSSL private, public key and certificate, what exactly do i send to client?
- what is different between public keys
- OpenSSL I need more information about PEM_read_RSA_PUBKEY
- openssl RSA private and public keys