Re: Convert::ASN1: RSA Public Keys

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 23/2/03 9:20 pm, Lars Uffmann <la...@kn...> wrote:

> Hello,
> 
> I tried to decode an ASN1 encoded RSA public key using Convert::ASN1 and
> Convert::PEM. The key-pair was generated using openssl. I can decode
> the private key either way, but not the public key:
> 
> Public Key (PEM)
> decode error 30<=>02 at
> /usr/local/share/perl/5.6.1/Convert/ASN1/_decode.pm line 108.
>       ...caught at rsa_pem.pl line 63.
> 0000  111: [APPLICATION 3]
> 0002     :   6E 76 65 72 74 3A 3A 41 53 4E 31 3D 48 41 53 48
> nvert::ASN1=HASH
> 0012     :   28 30 78 31 30 31 62 32 32 31 30 29 __ __ __ __
> (0x101b2210)
> 
> I got the ASN1 from ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2.asn:
> my $rsa_public_key = q<
> RSAPublicKey ::= SEQUENCE {
>  modulus          INTEGER,  -- (Usually large) n = p*q
>  publicExponent   INTEGER  -- (Usually small) e
> }
>> ;
> 
> Attacht is my test script. It uses openssl to generate a key pair, PEM
> and DER encoded. It then tries to ASN-decode the key using either
> Convert::PEM or Convert::ASN1.
> 
> regards,
> Lars

I don't think the ASN.1 of the public key looks like that. Using dumpasn1
(grab from http://www.cs.auckland.ac.nz/~pgut001/) on the public.der file I
get something like:

   0   92: SEQUENCE {
   2   13:   SEQUENCE {
   4    9:     OBJECT IDENTIFIER '1 2 840 113549 1 1 1'
  15    0:     NULL
         :     }
  17   75:   BIT STRING, encapsulates {
  20   72:     SEQUENCE {
  22   65:       INTEGER
         :         00 B9 79 14 11 64 33 67 A2 2D 8F 7A E0 F4 DD BD
         :         1E 4E 3F 88 73 19 A5 FD D2 24 17 4F 0C 68 D8 52
         :         A2 EA BB B5 00 ED 32 1A AF AA C2 B8 A1 97 1D 6D
         :         99 4E C5 58 80 CE 8D 6A AC 7E 9C 6F D4 B5 49 E4
         :         71
  89    3:       INTEGER 65537
         :       }
         :     }
         :   }

In other words there's some extra wrapper, and your encoded public key SEQ
is actually inside a BIT STRING.

I'd be inclined to try telling Convert::ASN1 that the BIT STRING is actually
a [UNIVERSAL 3 IMPLICIT] OCTET STRING so you can get the raw bytes of the
bit string out, and then do a second parse using your original ASN.1 on that
octet string.

You could also try using 'openssl asn1parse' or of course Convert::ASN1's
asn_dump (you need to 'use Convert::ASN1::Debug' first) instead of dumpasn1.
But you can't have too many ASN.1 decoders as far as I'm concerned ;-)

Cheers,

Chris