-1

I'm trying to get the public key byte[] from a certificate.

My colleague used the command : openssl x509 -inform der -in certificate.cer -text -noout, which dumped the key on the console and then he copied it into a binary file.

My task is to do this using c#.

I used the following lines.

var cert = X509Certificate.CreateFromCertFile(
        "C:\\Users\\dhermann\\Downloads\\FirmKeyTest\\FirmwareSubordinateSSLTo20190201PublicKey.cer");
        byte[] publicKey = cert.GetPublicKey();

My colleagues bin file has 136 bytes while mine gives me 140 bytes and on top of that, the initial 7 bytes of mine are not included in his byte array, the following 128 are exactly the same as his but the last 8 are different (3 of them not being included in his byte array.

What am I doing wrong and how can I get the exact same public key array as his?

Gonzo345
  • 1,133
  • 3
  • 20
  • 42
Dário Hermann
  • 39
  • 8
  • *I get the exact same public key array as his?* what for? bling guess .net is using X509v3 your friend use different version – Selvin Jan 16 '19 at 10:25
  • @Selvin Because that's the task I was given. What other versions are there? I'm new to this, it's my first time working with public keys so my notion of it is rather small. – Dário Hermann Jan 16 '19 at 10:35
  • v1, v2, v3 ... you can't change `GetPublicKey()` behaviour... so you have to learn how cert looks in same version as openssl use and write it by your own ... also *that's the task I was given* doesn't make sens ... – Selvin Jan 16 '19 at 10:35
  • 1
    ... also that's the task I was given doesn't make sens ... because it smells like xy problem – Selvin Jan 16 '19 at 10:42
  • @Selvin Okay, So we have a binary file which needs a public key, and my colleague was doing that command I showed on the post to extract the key bytes manually so he could insert thos bytes in the binary file. But that method can go wrong very easily, so I was tasked to do the extraction and insertion of the key inside the binary using C# and also give a UI to the application. Better now? – Dário Hermann Jan 16 '19 at 10:47
  • As long as software which needs this key can read X509v3(which has more than 10 years) it should not matter if you add "his" bytes or "yours" ... it is the same public key – Selvin Jan 16 '19 at 10:54
  • I have no idea what your colleague is getting, but .NET `cert.GetPublicKey()` gets the public key in correct format. So I agree with @Selvin, this is more likely an XY problem. – Crypt32 Jan 16 '19 at 10:59
  • `GetPublicKey()` returns the bytes that are the value of the `subjectPublicKey` payload, meaning it lacks an algorithm identifier; or for an RSA key the `RSAPublicKey` value. If your colleague has a smaller version of the same key, it sounds like his is only writing down the RSA modulus. – bartonjs Jan 16 '19 at 17:17
  • @bartonjs Yes that was exactly it, I ended up resolving it yesterday. He was only writing the modulus and adding an exponent at the end. But I didn't know these terms so it took me a lot more time, but thank you for your help anyway. – Dário Hermann Jan 17 '19 at 08:09

1 Answers1

-1

So I ended up resolving this problem. My colleague was only using the modulus and adding an exponent. I was able to resolve it with the help of this website.

Dário Hermann
  • 39
  • 8