5

I have a public key that appears to be in the SubjectPublicKeyInfo format. I say "appears" because the only thing I know about this key that it loads a Java application using X509EncodedKeySpec which, according to documentation is used for loading keys in SubjectPublicKeyInfo format.

I've been unable to parse the file with openssl with either pkcs8, x509 or asn1parse.

Below is the result of asn1 parse:

openssl asn1parse -in public_key.der -inform der

0:d=0  hl=4 l= 290 cons: SEQUENCE          
4:d=1  hl=2 l=  13 cons: SEQUENCE          
6:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
17:d=2  hl=2 l=   0 prim: NULL              
19:d=1  hl=4 l= 271 prim: BIT STRING

Based on that output I've tried extracting the actual key by experimenting with different offsets and lengths then saving it to the .der file:

openssl asn1parse -in public_key.der -inform der -offset <> -length <l> -out public_key.der

Then I'd feed the output back to openssl:

openssl pkcs8 -inform DER -nocrypt -in public_key.der

But keep getting the same error:

Error decrypting key 140436029183664:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338: 140436029183664:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:852: 140436029183664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=version, Type=PKCS8_PRIV_KEY_INFO

Update: output of 

openssl asn1parse -in public_key.der -inform der -strparse 19

0:d=0  hl=4 l= 266 cons: SEQUENCE          
4:d=1  hl=4 l= 257 prim: INTEGER           :F19011E8903CFE79920F5D06CBF6B57593038DBDDEFEF30C796287264100DC930E2F5F2C7CFBAA84C0212228288D76B97EC7FC1FF6409770292386B5EFC15C3AF999F6FED14EA1D3419EB87F8188E1D21358F95EEA4642716A298A23CE6F98E03DE8D56A4101F39983F4444A3924BBD49A9C721BE5F4637EF09ACE0486C065433CA9B3353D6852364EC4211BEFC24AFD0CB7BFD2ECAE0D0F8B48BE7E7CBE336ABED9A7C0E0B6D468D4D6E6C05FA1680BB2BD7E8DA6FE201BAFDD6B30CF3A7381BCC47DC7F8B4F52715C052DEF3EB361064B2AD8523E6C186B59A320DC7DFE092FD2D668AD5516EAE25103FD66DA579E097D10A4ACAAFF3B9CA528448B2A625FF
265:d=1  hl=2 l=   3 prim: INTEGER           :010001
U880D
  • 1,017
  • 2
  • 12
  • 18
Ya.
  • 175
  • 1
  • 1
  • 6
  • `openssl asn1parse -inform der -in file -dump` doesn't do anything? How long is the file? What does it look like in hex? – Gerrit May 11 '18 at 19:11
  • Updated the question with the output of asn1parse – Ya. May 11 '18 at 20:07
  • Try with `-strparse 19` – Gerrit May 11 '18 at 20:13
  • 1
    Check your extracted publickey with `openssl rsa -pubin -inform der -check -in file` – Gerrit May 11 '18 at 20:19
  • Added output of strparse – Ya. May 11 '18 at 20:23
  • openssl rsa -pubin -inform der -check -in private_key.der returns: Only private keys can be checked – Ya. May 11 '18 at 20:23
  • Hmm.... When I run openssl rsa -pubin -inform der -in -out thekey.pem I get "Error loading public key". However, when I run in on the original .der he seems to be processing the key just fine... I'm a little lost. – Ya. May 11 '18 at 20:32
  • 1
    Yes, that is correct, I made an error the entire `SubjectPublicKeyInfo` structure is the normal 'bare' public key, that you can use with `openssl rsa -pubin -modulus -inform der -in file` for example. – Gerrit May 11 '18 at 20:35

1 Answers1

3

A SubjectPublicKeyInfo file can be used with openssl rsa -pubin -inform der|pem -file inputfile -modulus.

If it is in binary then use der, if it is base64 encoded, use pem.

Gerrit
  • 1,552
  • 8
  • 8
  • 1
    With OpenSSL 3.0.2 on Ubuntu 22.04, the `-file` argument doesn't work. It should be replaced by `-in`. The full command then becomes: `openssl rsa -pubin -inform der -in inputfile -modulus` – László van den Hoek Mar 13 '23 at 16:40