[erlang-questions] public_key:pem_decode/1 and public_key:verify/4

Seth Falcon <>
Thu Jan 20 23:48:05 CET 2011

Hi there,

I'm very interested in adding support for RSA public key decoding to
the public_key module.  My use case is similar in that I need to be
able to verify/decrypt when all I have is the RSA public key in PEM

2011/1/20 Ingela Andin <>:
> The PKCS-1 asn-1 spec is part of public key. PEM-files are mainly
> base64-encoded  asn1 DER data.
> Adding support for the something = RSA PUBLIC KEY should be fairly
> simple as the ASN1- spec is alredy in place.

I started working on such a patch and you are right that the changes
to read in the pem data are fairly simple.

However, once I have the DER format, I'm getting stuck with an error
coming out of public_key:der_decode.  Not sure if I'm doing it wrong
or if there is something wrong with the asn1 definition for RSA public

Here's what I'm trying (skipping the pem conversion for now):


  openssl genrsa > mykey.private
  openssl rsa -in mykey.private -outform der -pubout > mykey.public.der


  {ok, PubDer} = file:read_file("mykey.public.der").
  public_key:der_decode('RSAPublicKey', PubDer)

** exception error: no match of right hand side value {error,







     in function  public_key:der_decode/2

Aside: when I use openssl to extract the public key, the output I get
looks like:

-----END PUBLIC KEY-----

Note that it only says "PUBLIC KEY", not "RSA PUBLIC KEY".  You will
get identical header values when extracting a DSA public key.
So I'm unsure about how one can detect what type of public key one
has.  Anyone know the details of how that's supposed to work?  This
throws a wrinkle in pem_decode/1.  It may be that one needs to have
pem_decode/2 for public keys where the user specifies what type of key
is expected.

If I can get a bit further I will put together a patch.


 + seth

Seth Falcon | @sfalcon | http://userprimary.net/

More information about the erlang-questions mailing list