Why I can't read openssl generated RSA pub key with PEM_read_RSAPublicKey?
Solution 1
You might try PEM_read_RSA_PUBKEY()
instead of PEM_read_RSAPublicKey()
.
This is all about formats.
The default public key file format generated by openssl is the PEM format.
PEM_read_RSA_PUBKEY()
reads the PEM format. PEM_read_RSAPublicKey()
reads the PKCS#1 format.
So if you want to stick to PEM_read_RSAPublicKey()
you could generate the public key file using the PKCS#1 format by specifying the -outform DER
option when generating the public key.
Solution 2
it seems there are two format of rsa public key, with different encoding.
A. RSA_PUBKEY
RSA* rsaPubKey = PEM_read_bio_RSA_PUBKEY( bio, NULL, 0, pass ) ;
read PUBKEY
with this format
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
generated by
$ openssl rsa -in key.pri -pubout -out key.pub1
B. RSAPublicKey
RSA* rsaPubKey = PEM_read_bio_RSAPublicKey( bio, NULL, 0, pass ) ;
read PublicKey
with this format
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
generated by
$ openssl rsa -in key.pri -RSAPublicKey_out -out key.pub2
convert
A to B format
$ openssl rsa -in key.pub1 -pubin -RSAPublicKey_out -out key.pub2_
B to A format
$ openssl rsa -in key.pub2 -RSAPublicKey_in -pubout -out key.pub1_
Solution 3
The openssl rsa utility saves the public key using the function PEM_write_bio_RSA_PUBKEY and not PEM_write_bio_RSAPubicKey. So, if you want your program to be compatible with its output, then you should use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY for saving/loading public key files.
Jonas Schnelli
Bitcoin Core Developer / Co-Founder of digitalbitbox.com / Author of libbtc / C,C++,Obj-C Pro / Cypherpunk / Hacker
Updated on July 15, 2022Comments
-
Jonas Schnelli almost 2 years
I'm trying to read a RSA public key generated with openssl like this:
Private Key: openssl genrsa -out mykey.pem 1024 Public Key afterwards: openssl rsa -in mykey.pem -pubout > somewhere.pub
Then I try to read:
FILE *keyfile = fopen("somewhere.pub", "r"); RSA *rsa_pub = PEM_read_RSAPublicKey(keyfile, NULL, NULL, NULL); //rsa_pub == NULL!
When I'm reading the private key it works
FILE *keyfile = fopen("mykey.pem", "r"); RSA *rsa_pri = PEM_read_RSAPrivateKey(keyfile, NULL, NULL, NULL); //all good
Any ideas?
I've read that openssl generate a X509 key of the RSA public key. But I could not manage to load even a X509 pub key.
Thanks