command line tool to export RSA private key to RSA

Today I discover that there are 2 public key formats with PEM format headers, eg

X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)

which correspond to the short header form;

and

PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)

which correspond to the longer form;

I would like to verify some public keys in the latter format, however I cannot see that openssl command line tool can obviously do that. -pubout exports the first format, and the pubin format rejects the 2nd headers;

#openssl rsa -pubin -in rsa.pub -modulus -noout

unable to load Public Key
140154809448256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: PUBLIC KEY

Any suggestions on what the correct commands are for openssl, or whether there is some tool that would does this from the command line?

回答1:

I don't think openssl commandline program(rsa) can read the PKCS#1 format. As explained here the difference between the PKCS#1 and PKCS#8 format is the algorithm identifier. The algorithm identifier for RSA encryption is "1.2.840.113549.1.1.1" and the Base64 version of it is "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A" which you can safely prefix with the Base64 of the RSA public key and change the header/footer from "BEGIN RSA PUBLIC KEY"/"END RSA PUBLIC KEY" to "BEGIN PUBLIC KEY"/"END PUBLIC KEY".

回答2:

openssl command line program can read PKCS#1 format...

If you use

openssl rsa -RSAPublicKey_in <inputFile> -pubout -out <outputFile>

It will generate 451 byte long public key from 426 byte long rsa public key.