Distinguished crypto community, I have the requirement to import RSA keypairs generated by the Amazon Key Management System into my environment. These keypairs arrive in the de facto standard of SPKI for the public component and PKCS8 for the private component. I have no problem with the PKCS8 encoded private keys, they seem fine when imported using d2i_PKCS8_PRIV_KEY_INFO_bio(). However, I'm having issues importing the SPKI encoded public keys. My Java test program imports them fine. The Js Web Crypto API is happy with them. Online ASN.1 parsers are fine with them. The OpenSSL command line tool can dump their contents, no problem. However, the d2i_NETSCAPE_SPKI() function errors out trying to deal with them. Back in the day I had a hack to import SPKI encoded public keys, as I knew their structure. I would just set the modulus and exponent directly using BN_bin2bn(). However these days it seems that the RSA structure is opaque, and so I can't do that either. (I mean fair enough, it's a hack.) Question -- is there a supported way of importing SPKI encoded public keys into the OpenSSL world? thanks so much for any help with this, Jason@Spatial EAY/OpenSSL user since 1995
