On Mon, Apr 6, 2020, 9:16 PM Jason Proctor <jason@xxxxxxxxxxxxxxx> wrote:
Distinguished crypto community,
I have the requirement to import RSA keypairs generated by the Amazon
Key Management System into my environment. These keypairs arrive in
the de facto standard of SPKI for the public component and PKCS8 for
the private component.
I have no problem with the PKCS8 encoded private keys, they seem fine
when imported using d2i_PKCS8_PRIV_KEY_INFO_bio().
However, I'm having issues importing the SPKI encoded public keys. My
Java test program imports them fine. The Js Web Crypto API is happy
with them. Online ASN.1 parsers are fine with them. The OpenSSL
command line tool can dump their contents, no problem. However, the
d2i_NETSCAPE_SPKI() function errors out trying to deal with them.
Back in the day I had a hack to import SPKI encoded public keys, as I
knew their structure. I would just set the modulus and exponent
directly using BN_bin2bn(). However these days it seems that the RSA
structure is opaque, and so I can't do that either. (I mean fair
enough, it's a hack.)
There's setter functions now. See:
So I have no idea about the spki function, but if you have the rsa private key can't you get the public key from it? I would just look at what API the rsa command line tool is using. I would imagine there is a high level API for this.
Question -- is there a supported way of importing SPKI encoded public
keys into the OpenSSL world?
thanks so much for any help with this,
Jason@Spatial
EAY/OpenSSL user since 1995
