[erlang-questions] public_key & OpenSSL format weirdness

zxq9 zxq9@REDACTED
Thu Feb 26 04:18:48 CET 2015


On 2015年2月26日 木曜日 11:01:22 zxq9 wrote:
> So it appears there are 24 extra bytes appended to the OpenSSL generated DER
> that are confusing the asn1 import function, but only in the case of public
> RSA keys, as private OpenSSL generated DER keys match what is expected.

Apparently OpenSSL adds an asn1 header, either on its own or because PKCS#1 
demands it (or PKCS#8? I haven't found a clear reference, but it should be one 
of those), and Erlang, iOS and a few other environments that expect a public 
RSA key in DER format do not expect this header.

The header is always
<<48,130,4,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,4,15,0>>

So I wonder if it wouldn't be better to either add a clause to 
public_key:der_decode/2 to catch this situation:

der_decode(Asn1Type,
           <<48,130,4,34,48,13,6,9,42,134,72,
             134,247,13,1,1,1,5,0,3,130,4,15,0,
             Der>>) -> der_decode(Asn1Type, Der);

or (more properly) change the ASN.1 definition that generates OTP-PUB-KEY.erl 
in a way that makes 'dec_RSAPublicKey' derive from a CHOICE instead of a 
SEQUENCE type (or something along those lines -- I'm not sure where the asn1 
module definition is... ?).

In any case, this issue appears to be a persistent annoyance for folks using 
various RSA utilities:
(http://blog.flirble.org/2011/01/05/rsa-public-key-openssl-ios/
 http://blog.wingsofhermes.org/?p=42
 http://blog.wingsofhermes.org/?p=75)

-Craig



More information about the erlang-questions mailing list