[erlang-questions] public_key:pem_decode/1 and public_key:verify/4

Seth Falcon <>
Thu Jan 20 23:48:05 CET 2011


Hi there,

I'm very interested in adding support for RSA public key decoding to
the public_key module.  My use case is similar in that I need to be
able to verify/decrypt when all I have is the RSA public key in PEM
format.

2011/1/20 Ingela Andin <>:
> The PKCS-1 asn-1 spec is part of public key. PEM-files are mainly
> base64-encoded  asn1 DER data.
[snip]
> Adding support for the something = RSA PUBLIC KEY should be fairly
> simple as the ASN1- spec is alredy in place.

I started working on such a patch and you are right that the changes
to read in the pem data are fairly simple.

However, once I have the DER format, I'm getting stuck with an error
coming out of public_key:der_decode.  Not sure if I'm doing it wrong
or if there is something wrong with the asn1 definition for RSA public
keys.

Here's what I'm trying (skipping the pem conversion for now):

shell:

  openssl genrsa > mykey.private
  openssl rsa -in mykey.private -outform der -pubout > mykey.public.der

erl:

  {ok, PubDer} = file:read_file("mykey.public.der").
  public_key:der_decode('RSAPublicKey', PubDer)

** exception error: no match of right hand side value {error,
                                                       {asn1,
                                                        {function_clause,

[{'OTP-PUB-KEY',decode_integer,

[{error,{asn1,{wrong_tag,{16,2}}}}]},

{'OTP-PUB-KEY',decode_integer,3},

{'OTP-PUB-KEY',dec_RSAPublicKey,2},

{'OTP-PUB-KEY',decode,2},

{public_key,der_decode,2},
                                                          {erl_eval,do_apply,5},
                                                          {shell,exprs,7},

{shell,eval_exprs,7}]}}}
     in function  public_key:der_decode/2



Aside: when I use openssl to extract the public key, the output I get
looks like:

-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALyPPyTS+HyTV3oLf2z6W+H1NOKLos3K
ztRytqJoIdvbzNFYsnJqFhabzhQx2DdPvTiHLZM1QHQ1Ma5yw5hjaQcCAwEAAQ==
-----END PUBLIC KEY-----

Note that it only says "PUBLIC KEY", not "RSA PUBLIC KEY".  You will
get identical header values when extracting a DSA public key.
So I'm unsure about how one can detect what type of public key one
has.  Anyone know the details of how that's supposed to work?  This
throws a wrinkle in pem_decode/1.  It may be that one needs to have
pem_decode/2 for public keys where the user specifies what type of key
is expected.


If I can get a bit further I will put together a patch.

Thanks,

 + seth

-- 
Seth Falcon | @sfalcon | http://userprimary.net/


More information about the erlang-questions mailing list