[erlang-questions] public_key & OpenSSL format weirdness

[zxq9]

On 2015年2月26日 木曜日 10:35:52 Robert Wilkinson wrote:
> On Thu, Feb 26, 2015 at 12:46:38PM +0900, zxq9 wrote:
> > On 2015年2月26日 木曜日 12:18:48 zxq9 wrote:
> > > On 2015年2月26日 木曜日 11:01:22 zxq9 wrote:
> > > > So it appears there are 24 extra bytes appended to the OpenSSL
> > > > generated
> > 
> > the first 24 bytes if invoked that way:
> Hello Craig
> 
> Please can you clarify? I think that the 24 bytes are added at the
> beginning, yet your use of the word "appended" implies to me that
> the bytes are added at the end?
> 
> If the bytes are at the beginning, then "prepended" would be more
> properly used than "appended".
> 
> Thank you for taking the time to go through the subtleties and
> nuances of OpenSSL, and PEM, BER, DER, ASN.1 et al. I know it is
> tricky!
> 
> Bob

Indeed, I mis-typed that. They are prepended, so skipping the first 24 bytes 
of the file yields a remainder of the form most RSA public key asn1 DER 
decoders expect.

This first 24 bytes of the OpenSSL DER output for RSA public keys appears to 
be an extra OSI header -- which most non-OpenSSL decode functions (Erlang's, 
Java, iOS keyring, etc.) do not expect and trips them up.

This was a pain to track down, not because it is actually that mysterious, but 
because its not documented anywhere I could easily find -- if I didn't happen 
to be familiar with how asn1 works I would never have figured this out. The 
canonical asn1 definitions for PKCS#1 (or at least seem canonical, as every 
project but OpenSSL seems to use the same ones) don't include this particular 
OSI header. It might be optional per spec (haven't located that part yet -- 
its probably spelled out in the actual PKCS#1 spec) but in any case, it would 
be nice if asn1 decoding tools took this into account. OpenSSL is a very 
common, or perhaps the most common, source of RSA key pairs in open source 
projects; having its output clash with what most DER key decoders expect is 
pretty silly.

-Craig