Export Public Key from an p12-file

security openssl pem
22,767

Based on your filenames, it looks like you may have a PGP key. Is that correct?

These may work with PGP as well, but for a non-PGP key, I would extract the public key with these commands:

openssl pkcs12 -in mykeystore.p12 -clcerts -nokeys -out mycert.pem
openssl x509 -pubkey -in mycert.pem -noout > mypubkey.pem

The -nokeys option prevents the output of private keys.

If you're using Windows and the above command is stuck, try adding winpty before openssl:

winpty openssl pkcs12 -in mykeystore.p12 -clcerts -nokeys -out mycert.pem

Public keys and certificates can generally be given out freely without a problem. You obviously don't want to give out the private key, but the public parts are fine.

One thing to note though...most of the time, you want to give out the certificate, not just the key by itself. The certificate (obtained from the first command above) contains the public key and contains a signature by someone who is associating that key with a particular identity.

For example, Verisign will sign a certificate containing your public key. You can then give this certificate to your friends, and since they trust Verisign, they know that is indeed your public key.

If you just email your public key to your friends, there is a possibility someone could intercept the public key and place their own key in the email before it got to your friends. They would mistakenly think they had your key when they had someone else's key. If they tried to encrypt with it, that person would be able to decode everything.

So if you don't use a certificate, at least verify your friends got the correct key by confirming the hash of the key by telephone or in person.

Share:
22,767
bastey
Author by

bastey

Updated on July 17, 2022

Comments

  • bastey
    bastey almost 2 years

    I have an p12-file exported from the Firefox-Browser. And now I want to extract the public key to give them to friends (not the whole p12-file).

    I used OpenSSL-Windows32 and convert the p12 into an pem, after that I tryed to export the public key from the pem.

    Thats the syntax I used:

    openssl pkcs12 -in pgp.p12 -clcerts -out pgp.pem
openssl pkey -in pgp.pem -pubout -out pub.pem

    Now I have the pub.pem with contains something like this: 

    -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9......
-----END PUBLIC KEY-----

    Is that the right way to export the pub-file? And can I give the pgp.pem to my friends without risks?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Reading and writing rsa keys to a pem file in C
Error while creating self-signed SSL certificate
How to list all openssl ciphers available in statically linked python releases?
Nodejs createCipher vs createCipheriv
How can the SSL client validate the server's certificate?
Converting PrivateKey to pem string without using bouncycastle
Openssl ECDSA : private key passphrase
How to patch the Vulnerability [CVE-2014-0224] in OpenSSL?
Patch OpenSSL CVE-2014-0160 on ubuntu 12.04?
Ubuntu 20.04 - how to set lower SSL security level?