[erlang-questions] public_key & OpenSSL format weirdness
zxq9
zxq9@REDACTED
Thu Feb 26 04:18:48 CET 2015
On 2015年2月26日 木曜日 11:01:22 zxq9 wrote:
> So it appears there are 24 extra bytes appended to the OpenSSL generated DER
> that are confusing the asn1 import function, but only in the case of public
> RSA keys, as private OpenSSL generated DER keys match what is expected.
Apparently OpenSSL adds an asn1 header, either on its own or because PKCS#1
demands it (or PKCS#8? I haven't found a clear reference, but it should be one
of those), and Erlang, iOS and a few other environments that expect a public
RSA key in DER format do not expect this header.
The header is always
<<48,130,4,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,4,15,0>>
So I wonder if it wouldn't be better to either add a clause to
public_key:der_decode/2 to catch this situation:
der_decode(Asn1Type,
<<48,130,4,34,48,13,6,9,42,134,72,
134,247,13,1,1,1,5,0,3,130,4,15,0,
Der>>) -> der_decode(Asn1Type, Der);
or (more properly) change the ASN.1 definition that generates OTP-PUB-KEY.erl
in a way that makes 'dec_RSAPublicKey' derive from a CHOICE instead of a
SEQUENCE type (or something along those lines -- I'm not sure where the asn1
module definition is... ?).
In any case, this issue appears to be a persistent annoyance for folks using
various RSA utilities:
(http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/
http://blog.wingsofhermes.org/?p=42
http://blog.wingsofhermes.org/?p=75)
-Craig
More information about the erlang-questions
mailing list