Menu
▾
▴
Re: [Opensc-devel] Key format of pkcs11-tool --read-object --type pubkey
|
From: Johannes R. <joh...@sw...> - 2016-03-29 07:33:26
|
The latest build definitely looks better:
C:\Users\Demo\workspace>opensc-tool -i
OpenSC 0.16.0rc1 [Microsoft 1800]
Enabled features:pcsc openssl zlib
C:\Users\Demo\workspace>openssl asn1parse -inform DER -in publickey.der -dump
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 99 c9 eb 66 11 84 .0...........f..
0010 - 89 08 a0 22 9d 1d cf 94-44 b8 e3 99 6c f9 7c c7 ..."....D...l.|.
0020 - a7 bb 52 d5 1b 3d 57 01-20 9d ec 96 99 7f ab 14 ..R..=W. .......
0030 - c0 18 06 07 89 9f d0 fa-5e 75 f1 2a 97 49 5b 44 ........^u.*.I[D
0040 - bb 34 96 1e a0 af 11 79-20 2c 82 61 71 c3 cd 98 .4.....y ,.aq...
0050 - 75 1e e1 6a dd 3e f2 e9-34 c5 66 cf 10 3d 3d f4 u..j.>..4.f..==.
0060 - 60 a6 19 07 46 f6 b4 10-a2 5a 5f d7 40 b9 18 2d `...F....Z_.@..-
0070 - 9b 06 c2 18 0d 28 25 6c-ed d7 c9 92 5b d5 3a 36 .....(%l....[.:6
0080 - 84 58 8a b6 7c 8c 1c d1-cd a2 7a 7f cf 87 c0 23 .X..|.....z....#
0090 - 8c fe 84 39 1f 13 23 86-b6 d1 f7 5a 1e e6 b2 8f ...9..#....Z....
00a0 - 70 27 cb 60 f9 be 41 b4-d2 30 18 87 15 19 bd 42 p'.`..A..0.....B
00b0 - 28 22 77 8c 2e 0c 2d 7d-91 dc 27 bc 15 5a 4f 1b ("w...-}..'..ZO.
00c0 - de 66 96 37 f7 10 4a 94-3c 8a ef e0 fe 33 2e f9 .f.7..J.<....3..
00d0 - fe 3e 0a 1b 64 5d dc 54-a4 19 33 38 82 7e cb b4 .>..d].T..38.~..
00e0 - af f7 82 65 71 75 d3 b5-1c b2 a3 f1 81 6f 74 3a ...equ.......ot:
00f0 - bb 0a 9d 56 d8 ea 4b 3c-e4 02 01 ae cc 95 90 ac ...V..K<........
0100 - 60 4d 69 9e ef 79 7c 55-bc 87 02 03 01 00 01 `Mi..y|U.......
-----Original Message-----
From: Johannes Rath [mailto:joh...@sw...]
Sent: Dienstag, 29. März 2016 09:08
To: 'ope...@li...'
Subject: Re: [Opensc-devel] Key format of pkcs11-tool --read-object --type pubkey
I am using OpenSC 0.15.0, but on Windows ;)
Looks that version still uses the old format.
C:\Users\Demo\workspace>opensc-tool -i
OpenSC 0.15.0 [Microsoft 1600]
Enabled features:pcsc openssl zlib
C:\Users\Demo\workspace>pkcs11-tool --read-object --type pubkey --id 45 -o publi
ckey_45_2.key
Using slot 1 with a present token (0x1)
C:\Users\Demo\workspace>openssl asn1parse -inform DER -in publickey_45_2.key -du
mp
0:d=0 hl=4 l= 266 cons: SEQUENCE
4:d=1 hl=4 l= 257 prim: INTEGER :989FE2E678F264B80772816B3BCC064B
2C441E681DC8AD31ED686772EF7B9606FD1D72D16EFD2325BBB64AC318F518C806B91883339460AC
11E842B2D1FFC14058B0DB40EB5E08FB88C14FE9AF1B67464E39D0A050ED14DB6452CDF53AE87B35
BF09A09BD9F42DACC0ED36DA837240EC6466056AFEA22DC50C9D762F064924ED43826978802EF7A6
F81D7803CBB0B9C79B018A27B562BBF08E58424199880EC5147FC3E2E87EF6724C42BC6899DBF05F
2B3925C6F03D301ED0FB7FDB33A9E47CBD479EE57C462EAF78B5641C8F392273815839D070357F22
2AEA20D7AD6B8350A80FC3011B3478E1D4CCBAC1855C3910A9AC8287DACE818D0722488BE38B183F
265:d=1 hl=2 l= 3 prim: INTEGER :010001
-----Original Message-----
From: Douglas E Engert [mailto:dee...@gm...]
Sent: Donnerstag, 24. März 2016 19:05
To: ope...@li...
Subject: Re: [Opensc-devel] Key format of pkcs11-tool --read-object --type pubkey
What version of OpenSC are you using?
0.13.0 will output an RSA pubkey, i.e. sequence of modules and exponent. Not very useful.
openssl asn1parse -i -inform DER -in publickey.key
0:d=0 hl=4 l= 266 cons: SEQUENCE
4:d=1 hl=4 l= 257 prim: INTEGER
:D1C5D7F38C9134A4116D040DFE1066AF8B44A3BE6609C686A24F23E447906E33421BFEDC9DB16C2312306E63BA348B57A81D1CC241FE9813C0A02E343903D60315BC788289D44BFA2EC16B19D1CD8FB673CD90471F8301CFCCEE92E8A5119E6FEA76F9E4BC9C5F0120C606B6D1EC003D4606F49989D4D93DDE6C6AC6F079449219DA9063D319E93ACB5DBCB6AD9FD780BF6C94CBCC0AE542263E1772F283C0A2A8BDAFE0A6653004CA4D5CB3DF349FD87F10666F131B3FDE3C7D433D7C42374695E9B9FB73B655CA83F59838A1778504C11B82B94EBF5F247EA3D95F8E50A7C028C695ED16200F3B1C90C73FF25992458F0100222B5F6B6A12D5269AEA61DCC1
265:d=1 hl=2 l= 3 prim: INTEGER :010001
later versions, including 0.16.0 will output a SPKI, what OpenSSL can use as a pubkey:
pkcs11-tool --read-object --type pubkey --id 01 -o publickey.der
openssl asn1parse -i -inform DER -in publickey.der -dump
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 d1 c5 d7 f3 8c 91 .0..............
0010 - 34 a4 11 6d 04 0d fe 10-66 af 8b 44 a3 be 66 09 4..m....f..D..f.
0020 - c6 86 a2 4f 23 e4 47 90-6e 33 42 1b fe dc 9d b1 ...O#.G.n3B.....
0030 - 6c 23 12 30 6e 63 ba 34-8b 57 a8 1d 1c c2 41 fe l#.0nc.4.W....A.
0040 - 98 13 c0 a0 2e 34 39 03-d6 03 15 bc 78 82 89 d4 .....49.....x...
0050 - 4b fa 2e c1 6b 19 d1 cd-8f b6 73 cd 90 47 1f 83 K...k.....s..G..
0060 - 01 cf cc ee 92 e8 a5 11-9e 6f ea 76 f9 e4 bc 9c .........o.v....
0070 - 5f 01 20 c6 06 b6 d1 ec-00 3d 46 06 f4 99 89 d4 _. ......=F.....
0080 - d9 3d de 6c 6a c6 f0 79-44 92 19 da 90 63 d3 19 .=.lj..yD....c..
0090 - e9 3a cb 5d bc b6 ad 9f-d7 80 bf 6c 94 cb cc 0a .:.].......l....
00a0 - e5 42 26 3e 17 72 f2 83-c0 a2 a8 bd af e0 a6 65 .B&>.r.........e
00b0 - 30 04 ca 4d 5c b3 df 34-9f d8 7f 10 66 6f 13 1b 0..M\..4....fo..
00c0 - 3f de 3c 7d 43 3d 7c 42-37 46 95 e9 b9 fb 73 b6 ?.<}C=|B7F....s.
00d0 - 55 ca 83 f5 98 38 a1 77-85 04 c1 1b 82 b9 4e bf U....8.w......N.
00e0 - 5f 24 7e a3 d9 5f 8e 50-a7 c0 28 c6 95 ed 16 20 _$~.._.P..(....
00f0 - 0f 3b 1c 90 c7 3f f2 59-92 45 8f 01 00 22 2b 5f .;...?.Y.E..."+_
0100 - 6b 6a 12 d5 26 9a ea 61-dc c1 02 03 01 00 01 kj..&..a.......
On 3/24/2016 10:57 AM, Johannes Rath wrote:
> Hi all,
>
> I want to extract the public key and use it for encryption with OpenSSL. It works fine like this:
>
> /pkcs15-tool --read-public-key keyid -o publickey.pem/
>
> /openssl rsautl -inkey publickey.pem -pubin -encrypt -pkcs -in plaintext.txt -out ciphertext.txt/
>
> //
>
> But when I use pkcs11-tool the exported key is kind of weird. I am using:
>
> /pkcs11-tool --read-object --type pubkey --id keyid -o publickey.key/
>
> //
>
> I am trying to use publickey.key as the inkey for openssl rsautil -encrypt, but I always get an error from OpenSSL.
>
> Any ideas?
>
> Thanks in advance
>
> Johannes
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--
Douglas E. Engert <DEE...@gm...>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel
|
