Loading a PKCS#1 public key using M2Crypto
Marc Aymerich
glicerinu at gmail.com
Thu Jan 17 12:13:43 EST 2013
On Thursday, January 17, 2013 5:39:57 PM UTC+1, Piet van Oostrum wrote:
> > Converting to X.501 isn't difficult (assuming this is a 2048 bit key):
>
> > Get rid of the 'RSA' in header and trailer
>
> > Prepend X.501 header 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A' to the data
>
> > Reformat the lines to 64 characters.
>
>
>
> This solution is a bit restricted as it only works if the key is 2048
>
> bits and uses an exponent of 65537 (which is the default). Otherwise it
>
> fails.
>
>
>
> Here is a robust solution that works for all PKCS#1 keys. Instead of
>
> using a fixed X.501 header it calculates the header. We could do a
>
> complete ASN.1 encoding, but most of the parts are fixed. The only
>
> variable parts are two length fields. So I just plug these into the
>
> fixed stuff. This saves using one of the ASN.1 libraries. We do have to
>
> work in binary (DER format) instead of base64, however.
>
Thank you very much Piet,
I'm just starting to grasp these cryptography related concepts and your code is helping me a lot to understand how to handle these keys in a low level.
I'm updating my code incorporating your new contribution!
Just to let you know, during my previous research I had found a python-Crypto related solution that also uses DER and ASN.1 [1], but it uses a different approach (I guess). I suspect that this approach is also possible with M2Crypto because it has a method for constructing RSA keys [2].
[1] http://stackoverflow.com/a/10574723
[2] http://www.heikkitoivonen.net/m2crypto/api/M2Crypto.RSA-module.html#new_pub_key
Thanks again!
Marc
PS: Sorry for my email format, I'm using google groups and it seems to ignore any mailing best practice.
More information about the Python-list
mailing list