0

I used OpenSSL to generate a 2048-bit RSA key:

openssl genrsa -out mykey.pem 2048
openssl rsa -pubout -in mykey.pem -out mypubkey.pub

I would like to use OpenSSL to calculate the SHA256 hash value of the public key (not the file, just the key)

I used the command: dgst -sha256 mypubkey.pub

The hash value generated by OpenSSL was: 876e4b63c2fa294c27e07c7449f5cb7ce2edae6deb74370440550700db67bbc3

Am I doing it right? As in getting the SHA256 hash value of the public key value and not the whole key file.

Also, how do I use PyCrypto to verify this?

The public key was:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOa9doLz8vrN9aNfGf/m
iUT1czZz2PDWIVY5OtUXSB/Xm/26+QBKTR0si4vF2FW3rwn6ayBcYvGzsmtmwwA8
tfRWw78XrgeHevynKvZXVbsggI2gJqwPQr/xvmyfUrYj/EOgG72ryJo219dFJBCR
4gB6K/ZfIS8qLO4c4+z2WaXxZDDeur2X21UttTzIk878NT+VASmdt/avjsc7K5bD
Wu2Wmtg82LTPHCp56NgV08tMX9QUacidJzQ02eK1hWuDkpz1BRWXbE3Jas+sNBqN
mWMSRZ3sxMblQKNXVaXy/0IU9M5EHZEC135M2lHiumzJSZPs0pckjJFOTT2pTo2c
wQIDAQAB
jww
  • 97,681
  • 90
  • 411
  • 885
bfigure8
  • 1
  • 2
  • 1
    Output of `openssl rsa -pubout -in mykey.pem -out mypubkey.pub` is in PEM format. Thus base64 encoded string with some tags around it, in your case probably `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`. You want to compute hash over plain bytes and not over base64 encoding of these bytes. If I were you I would call `openssl rsa -pubout -in mykey.pem -out mypubkey.pub -outform DER` and then run the hash function over mypubkey.pub – Marek Klein Mar 14 '17 at 12:17
  • 1
    It's not really clear what you want, since "public key value" is not a precise concept. The public key consists of a modulus and exponent, which must be serialized in some format to be hashed. There are multiple formats, including the SubjectPublicKeyInfo format you seem to be using, – President James K. Polk Mar 14 '17 at 12:43
  • @MarekKlein Ok I used your suggestion and was able to generate the mypubkey.pub in plain bytes. Using openssl dgst -sha256 mypubkey.pub and also PyCrypto SHA256 on mypubkey.pub yields the same result so I guess this more or less corroborates the SHA256 calculation. Thanks for your help! – bfigure8 Mar 15 '17 at 06:34

0 Answers0