On 07/02/2024 10:43, Thomas Bailleux wrote:
Hello OpenSSL,
I'm working on a program that generates pairs of keys and then writes
the**ASN.1 encoded SubjectPublicKeyInfo (RFC 5280[1]) to a file.
I turned to API `X509_PUBKEY`, and especially `X509_PUBKEY_set`[2],
which seems to do the trick by taking an `EVP_PKEY` object that contains
the public key:
The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo
structure defined in RFC5280 and used in certificates and
certificate requests.
However, I'm kind of lost when it comes to encoding it to an ASN.1 document.
The documentation states the following:
i2d_PUBKEY() encodes an *EVP_PKEY* structure using
*SubjectPublicKeyInfo* format.
So it seems that I can use `i2d_PUBKEY` with an `EVP_PKEY` directly
without having to deal with an intermediate `X509_PUBKEY` object.
However, `i2d_X509_PUBKEY` also exists but it doesn't have a dedicated
manpage (only the generic manpage[3] about encoding/decoding from/to ASN.1).
My question is: which one should I use?
Either should be fine - but i2d_PUBKEY() is usually more convenient
because it does not require you to go through the intermediate
X509_PUBKEY structure.
Matt
