Topic: Decode RSA key from DER format

Hi All,

I have got a RSA private key in PKCS#8 DER format as output from Java (privateKey.getEncoded()), and would like to convert the DER binary into a RsaKey with the method:

RsaPrivateKeyDecode(keyDer, &idx, privateKey, sizeKeyDer);

It failed in GetInt(), since (b != ASN_INTEGER). Instead of (b = 2), in my case (b = 48, or b = 0x30). I have attached the key.

Decoding a private key in DER format generated with openSSL was successful. Could you please tell me, which format wolfSSL embedded SSL supports for the DER - RsaKey conversion?



Post's attachments

privateKey.der 1.19 kb, 5 downloads since 2013-05-15 

You don't have the permssions to download the attachments of this post.


Re: Decode RSA key from DER format

Your function privateKey.getEncoded() wrapped the key with some extra information indicating it was an rsa private key. I had to strip that out of the file first. I used the shell command

$ openssl asn1parse -strparse 22 -inform DER -in privateKey.der -out pk.der

I then called RsaPrivateKeyDecode() with the new key and it parsed the key file. (I modified server.c to load the private key file.)

An alternate is to advance the idx to the start of the key file after that extra header info.

idx = 26;
RsaPrivateKeyDecode(keyDer, &idx, privateKey, sizeKeyDer);

It is a little clunky, but that'll load your file. I'd probably reprocess the file with the openssl command line tool to strip out the headers.

The "-strparse 22" advances the ASN.1 parser to the octet stream that is your key. The idx of 26 goes a little further to the actual start of the key. (The extra four bytes are the octet stream ID and the length.)

Please let me know if this helps.

Re: Decode RSA key from DER format

Thanks a lot for your quick help! With idx = 26, it works.

I have tried with a number of Java encoded private keys, it seems the extra information generated by Java always consumes the first 26 bytes.